Against this background, boards and executive teams should ask themselves two broad sets of questions. The first concerns what steps are being taken to remain resilient and support customers through near-term economic pressures; and the second, whether their own strategic plans align with medium-term structural changes in their operating environment.

Indeed, a strong grasp of the ever-evolving regulatory environment must inform how financial services firms answer these questions.

Near-term economic pressures

Disruptive economic factors will command attention in the near term. The credit risk outlook is increasingly precarious, and lenders will need to be able to demonstrate to supervisors how they are managing the associated risks. Many insurers and investment funds will also face credit-related pressures in their portfolios and may need to boost their credit teams if the volumes of defaults and corporate restructurings begin to rise.

Where credit risks crystallize, they will feed through to regulatory capital positions. Firms will also need to be vigilant for sudden bouts of volatility within the capital markets.

Central banks and regulators will be working hard to understand market vulnerabilities, with continued stress-testing of individual firms, funds, and the wider system. Margining practices will be under scrutiny.

There is also a major conduct risk component to the current economic situation, with consumers feeling the cost-of-living squeeze. Conduct supervisory standards are substantially higher now than in previous downturns, and firms will rightly be expected to support their customers through a period of economic hardship.

This is a particular dilemma for lenders, who will need to make judgements about when and how to exercise forbearance. It will also be a challenge for insurers, who may see rising numbers of policyholders struggling to cover their premiums, creating the possibility of protection gaps that will draw supervisory attention.

Embedding climate & nature risks

Climate and nature risks will increasingly shape the financial services operating environment. Less advanced firms may find themselves given progressively less leeway for shortcomings in the year ahead.

Efforts are underway in numerous arenas to improve the structure and content of transition plans, and firms will need to shift gears to keep up with new rules, guidelines, and greater supervisory scrutiny.

Firms will also need to keep an eye on the still-evolving nature-related risk disclosure framework being developed by the Taskforce on Nature-Related Financial Disclosures, a financial services industry advisory group whose members represent more than $20 trillion in assets. The Taskforce’s risk disclosure framework is due to be finalized in Fall 2023.

Technology transforming the sector

Technology enables firms to provide new and better products and services, develop deeper insights, and do so ever-more efficiently. However, as supply chains and delivery services models become more complex, both the regulatory regime and firms’ risk management and control frameworks have struggled to maintain pace with technological innovation.

Nowhere is this clearer than in relation to digital (and particularly crypto) assets. Regulated firms have increasingly been engaging with an evolving ecosystem of digital asset technology providers and developing client offerings. The European Union’s Markets in Crypto-Assets framework will enter into force this year, but a further regulatory response may be needed to tackle issues such as leveraged trading and crypto-lending as regulatory uncertainty and gaps will persist.

In the United Kingdom, meanwhile, the Financial Services and Markets Bill, once passed, will give authorities the power to oversee digital assets markets. The secondary legislation that will clarify which activities and market participants they will regulate, however, is yet to emerge.

The transition period for the U.K.’s operational resilience framework will soon enter its second year, and U.K.-based firms need to demonstrate measurable progress with regards to important business services. The 24-month implementation period for the E.U.’s Digital Operational Resilience Act begins this month, and firms within the E.U. will need to begin their work post-haste to be on track for the early 2025 deadline.

The resilience of the delivery of financial services in which third-party suppliers are involved is a major issue. In some cases, firms will need to develop contingency exit strategies and business continuity plans for third-party exposures, including substitute service delivery methods.

Long-standing concerns about model risk management also now have a distinctly technological flavor, with supervisors scrutinizing how firms are deploying artificial intelligence and machine learning. When finalized later this year, the U.K. Prudential Regulation Authority’s (PRA) proposed principles on model risk management will require a large amount of work to catalogue, categorize, and risk-assess models that for some firms could number in the thousands given the PRA’s expansive definition of model.

A general principle will be relevant for firms across all sectors and regions: people, and not models, should be responsible for decision-making. Boards and executive teams should be able to demonstrate that they understand the functioning of their models, including those based on new technologies such as machine learning.

Rising geopolitical tensions

Finally, rising geopolitical tensions will continue to be another feature of the changing risk environment in which financial services firms are operating. International markets are increasingly fragmenting, as nations and business leaders look at how to build supply chain resilience and security through greater localization of production and supply.

Given the volume of alerts generated by transaction monitoring systems, the inherent limitations of legacy systems and data, and strengthened baseline expectations, it is no wonder that some firms feel they are having to run ever-faster just to keep up. The status quo does not appear sustainable, and operating model reform will need to be part of the response, including considering changes to internal structures, resourcing models, and technology strategies.

Resilience and strength

Financial service firms face many headwinds as the new year begins but will do so from a position of resilience and strength, having successfully navigated the vicissitudes of the last three years. The major challenge will be to navigate the choppy near-term waters without losing sight of the medium-term processes of structural change playing out in relation to geopolitics, technology, and sustainability.

Regulation continues to be a major force that will shape the operating environment for financial services, and an integrated view of the regulatory landscape — as well as an ability to connect such a view with business strategy decisions — remain imperative for firms looking to stay at the forefront of the industry.

This blog post was taken in part from a recent report written by David Strachan & Suchitra Nair of Deloitte. You can sign up to receive Deloitte’s Financial Markets Regulatory Outlook report, due to be published later in January, here.

Materiality is a measure of the relative financial importance of a factor among a company’s ESG considerations. The Sustainability Accounting Standards Board defines material issues as those “that are reasonably likely to impact the financial condition or operating performance of a company and therefore are most important to an investor.”

It has been empirically validated that companies with higher ESG scores tend to do better than companies with lower ESG scores in terms of stock performance and underlying financial metrics. And there is much logic behind this finding. The integration of ESG factors reduces risk and increases efficiencies in various ways. For example, companies with higher ESG scores are less likely to be subject to monetary fines or reputational damage as a result of environmental shortcomings, such as through improper waste management, excessive land use, or the release of air pollutants. Further, companies with higher S scores tend to be equal opportunity employers with enhanced workers’ rights, which results in increased employee satisfaction.

Over the last 10 years, various meta-studies have empirically validated that ESG performance is correlated with financial performance. For example, one of the largest of these meta-studies combined the findings of more than 2,000 empirical studies, in which 90% showed either positive or neutral correlations between ESG factors and financial performance. Also, the Center for Sustainable Business at NYU Stern and Rockefeller Asset Management found in their analysis that not only did ESG drive positive financial performance in 58% of cases (with 13% of cases showing neutral financial performance, 21% showing mixed performance, and 8% showing negative performance), but efforts to decarbonize business operations were also strongly correlated with financial performance.

The financial materiality of ESG is not only present in equity investing; it also plays an increasingly important role in the credit decisions of fixed-income investors. To reflect this growing importance, the 2021 statement released by the UN Principles for Responsible Investment, which was signed by more than 180 investors and 25 credit rating agencies, committed to incorporating ESG into credit ratings “in a systematic and transparent way.”

In addition, ESG factors are influencing assessments of country-level performances as well. To provide more clarity for investors, the World Bank launched its first sovereign ESG database, which enables investors to understand ESG performance on a country-level by incorporating ESG data related to all 17 sustainable development goals.

It all starts with good governance

When evaluating empirical research, good governance influences materiality the most. For example, a global apparel company with a good anti-corruption framework (governance factor) may result in a lesser likelihood of encountering child labor in the company’s supply chain (social factor).

Research indicates that the governance category has the clearest link to financial performance, as factors such as anti-bribery and anti-corruption programs, executive pay, or board diversity show the strongest forms of correlation. This also holds for fixed-income investors, as business ethics, transparency in executive pay, and board diversity are more important in preventing corporate bankruptcy than are environmental and social factors.

How to integrate ESG?

What makes the integration of ESG such a dynamic and emerging field is that investors have various strategies to choose from.

The Global Sustainable Investment Alliance defines sustainable investment as one that “considers [ESG] factors in portfolio selection and management” and divides ESG investing into the following common strategies:

• • • ESG integration (using ESG data next to financial data)
    • Corporate engagement and shareholder action (investor activism to focus on ESG)
    • Norms-based screening (screening against minimum standards)
    • Exclusionary screening (negative screening)
    • Best in class (positive screening)
    • Thematic investing (clean energy, social trends, low carbon, etc.)
    • Impact investing (generating financial return next to social or environmental return)

The popularity of these strategies varies by region; however, the most common approaches by far are: ESG integration, exclusionary screening, and corporate engagement/shareholder action. These account for roughly 85% of all sustainable assets.

The active integration of ESG factors which is defined as “explicit and systematic inclusion of ESG data in analysis and investment decisions” is also the best-performing strategy alongside traditional financial analysis. A key element of performance superiority lies in managing against downside risk, particularly during social or economic crises. These factors explain why ESG integration is becoming the most popular strategy, according to the NYU Stern and Rockefeller Asset Management report.

The shrinking world of unsustainable investing?

At the beginning of 2021, 35% of all managed assets worldwide were considered sustainable assets. With an annual growth rate of 15% over the last two years, the market will soon be reaching a point where the term sustainable investing will slowly account for the majority of total global managed assets.

The UK stewardship code from 2020, which sets high governance standards for institutional investors, has been adapted in various western regions. The code requires their growing list of signatories to disclose the use of ESG factors in the investment process, paving the way for further acceleration of ESG in investment management.

With the proposed rules to disclose greenhouse gas emissions in corporate reporting in the United States and in Europe via the Sustainable Finance Disclosure regulation, the importance of ESG-type investments will continue to increase and influence advisor and client interests. A recent survey by the Investment Advisor Association found that nearly 51% of advisers consider ESG or sustainability to be one of the “hottest” compliance topics for 2022.

Consumer demand — along with the standardization of reporting frameworks, regulatory requirements, and financial performance — will ensure that ESG factors become fully integrated into the investment process. The correlation between financial performance and active ESG integration will soon become so visible that the fiduciary duty of asset managers can only be fulfilled with full consideration of ESG factors.

Perhaps it is time to name the shrinking pie of investing without ESG, and call it unsustainable investing.

Whistleblower advocates strongly opposed changes adopted during former SEC Chairman Jay Clayton’s leadership which allowed the agency to decrease awards when the tips led to actions by other agencies. Under the newly approved rule changes the SEC Office of the Whistleblower cannot reduce awards in such cases, and will only allow discretionary increases.

The SEC Republican members argued that the Office of the Whistleblower fielded a record number of tips in 2020 under the rule that curbed outside awards without causing any visible harm to the whistleblowing program. The SEC Office of the Whistleblower, however, has previously linked that pandemic-year’s surge to the shift to remote operations that made it easier for employees to make claims.

The former chairman, prior to joining the SEC, had participated in a legal group study of the whistleblower award system that suggested limiting the program, which has paid $1.3 billion since it began in 2010. After initially proposing a cap on awards of more than $100 million, the agency pulled back the proposal under intense criticism from lawyers and lawmakers. Instead, Clayton’s SEC implemented less-sweeping changes that gave the whistleblower office discretion to reduce awards and curbed payouts for “related actions” taken by other agencies.

The two rules reversing the old SEC’s rules Rule 21F-3 and Rule 21F-6 of “The Commission’s Whistleblower Rules”  that were adopted last week will:

• • • allow the SEC to consider paying a whistleblower award for information that resulted in a penalty by an authority other than the SEC; and
    • affirm the Commission’s authority to consider increasing the dollar amount of a potential award, “but not to lower an award.”

SEC Chairman Gary Gensler, a strong advocate of the whistleblower program, said the first rule “expands the circumstances in which a whistleblower who assisted in a related action can receive an award from the Commission for that related action rather than from the other agency’s whistleblower program.” The second rule change, he said, “will give whistleblowers additional comfort knowing that the Commission would not decrease awards based on their size.”

Republican commissioners, now in the minority on the Commission, argued that the agency failed to properly analyze the impact of the changes. SEC Commissioner Hester Pierce accused the agency under Gensler of repeatedly scrapping his predecessor’s change “even though the ink was barely dry on the last set of amendments.”

Study shows awards went to small group of whistleblowers 

The two minority Republican commissioners argued that the rule revisions add to confusion over the program. SEC Commissioner Mark Uyeda said such an action “risks eroding the Commission’s regulatory credibility” and should be undertaken only after a review of how the process works overall. “Such a review could also evaluate the role played by lawyers representing whistleblowers on a contingency fee basis and how they present tips to the Commission,” Uyeda said, referencing to a new study that reported the whistleblower program had become dominated by a handful of law firms and specialists, including some former SEC officials.

The Republican commissioners argued that the complexity of the review process has favored tipsters who are represented by lawyers making large claims rather than employee insiders that they argued the program was supposed to encourage.

The study, The Whistleblower Industrial Complex, by Alexander Platt, a professor at the University of Kansas School of Law, found that “tipsters represented by lawyers significantly outperform unrepresented ones, repeat-player lawyers outperform first-timers, and lawyers who used to work at the SEC outperform just about everybody.”

Platt said the program has created a “free private outsourcing program” that may not serve the public interest. He said the elite whistleblowing legal community “sifts through claims from prospective clients and generates hundreds of millions of dollars in fees and expenses from these programs, with a disproportionate share going to a concentrated group of well-connected, repeat players.”

The SEC has sought to deflect such charges in the past by citing the program’s impact as a growing source of enforcement actions that have served a public interest. Whistleblower advocates have argued that the disproportionate presence of specialized whistleblower firms in awards reflects their expertise in providing the enforcement with actionable information.

Gensler, in a statement supporting the new rules, said “these rules will strengthen our whistleblower program. That helps protect investors.”

This is especially true amid elevated cybersecurity threats following Russia’s military invasion of Ukraine, as US federal and local regulators have warned, at times with particular reference to the financial industry. The exam teams will also focus on business continuity plans and the impact of climate risk and substantial disruptions to normal business operations.

Therefore, a review of firm plans to secure sensitive information and ensure firm resiliency will help a firm better prepare for upcoming examinations.

Business continuity

Investment advisers have a fiduciary obligation to protect client interests from being placed at risk because of an adviser’s inability to provide services after an interruption. To meet this obligation, advisers typically have created written plans to address various business disruptions. Such plans usually incorporate disruption scenarios, back-up locations, alternate communication policies, and ongoing testing and training.

The recent exam priorities document highlighted that the application of information security controls is critical to ensuring business continuity. A loss of data or breach of a firm’s system can make non-public information susceptible to cybercrime and can hamper the ongoing services of the advisory firm.

“Vigilant protection of data is also critical to the operation of the financial markets and the confidence of its participants,” the SEC stated in the exam priorities document. “Failing to prevent unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of sensitive records may have consequences that extend beyond the firm compromised to other market participants and retail investors.”

Information security and operational resiliency

As an SEC exam team reviews information security controls, it will focus on whether advisers have taken measures to:

• • • Safeguard customer accounts and prevent account intrusions, including verifying an investor’s identity to prevent unauthorized account access. Steps to addressing this rather general directive may depend on whether the firm is a broker-dealer or adviser and its relationship to the client. Investment advisers must have robust policies and procedures that include, among others, initial and ongoing due diligence of any interface or software in which advisory clients remotely access their accounts. Advisers that allow their employees to use mobile devices for business and access client data must have mobile device management software to prevent intrusions.
    • Oversee vendors and service providers. Outside service providers can increase efficiency, but they can be a source of data breaches and cybersecurity risks that impact the adviser. Many of the outside service providers may receive, maintain, and process adviser information and have access to advisers’ internal information systems. In a recent cybersecurity rule proposal, the SEC is requiring a vendor management program that would include understanding all facets of the vendor contract and implementing vendor monitoring and testing programs.
    • Address malicious email activities, such as phishing or account intrusions. The risks of email scams like phishing are becoming more common, and advisers must be prepared for an impending attempt. Phishing scams are ever-changing and are designed to infiltrate the computer network of the recipient and gain information that should be protected. The best defense is a comprehensive plan for training firm employees that will help them identify the malicious emails and follow a plan of communication and response if an attack is successful.
    • Respond to incidents, including those related to ransomware attacks. A ransomware attack uses malware designed to provide an unauthorized actor access to institutions’ systems and to deny an institution’s use of those systems until a ransom is paid. Therefore, the foundation of an adequate defense against ransomware attacks are policies and procedures that include incident-response plans and operational resiliency. Resiliency may come from patch-management programs, controls for user access, securing networks, and training users.
    • Identify and detect red flags related to identity theft. An adviser with policies and procedures to protect a firm’s non-public information with an aim to be in compliance with Regulations S-P and S-ID will be best prepared. The two regulations govern the treatment of nonpublic personal information and offer a guide to detecting, preventing, and mitigating identity theft.
    • Manage operational risk as a result of a dispersed workforce in a work-from-home environment. The global COVID-19 pandemic changed the way many firms operate. Even though the pandemic restrictions have lifted, many firm employees continue to work-from-home. Therefore, employee training and the adoption of tools to ensure that remote risks are addressed continues to be crucial for compliance. A firm may be best prepared by identifying challenges or issues that arise during the initial days and weeks of COVID-19 lockdowns and show how the firm has adapted and made changes to address those issues along the way.

Finally, the SEC will continue reviewing adviser business continuity and disaster recovery plans, with particular focus on the impact of climate risk and substantial disruptions to normal business operations. The scope of these exams will include a focus on the maturation and improvements to business continuity and disaster recovery plans over the years, as well as these advisers’ resiliency as organizations to anticipate, prepare for, respond to, and adapt to both sudden disruptions and incremental changes stemming from climate-related situations.

The report probes new areas of global regulatory emphasis such as central bank digital currencies (CBDCs), non-fungible tokens (NFTs), stablecoins, decentralized autonomous organizations (DAOs), crypto-advertising, and financial crime.

The report also contains an updated compendium and map, which offers a country-by-country overview of the rapidly developing regulatory and legal framework for cryptos. The compendium includes approximately 70 important countries, their regulatory approach or stance on cryptos, general tax status along with links to valuable information such as the pertinent regulatory bodies or enacted regulations.

You can see the full digital version of the Cryptos on the Rise 2022 report here

The tremendous growth of cryptos, now estimated to be near $3 trillion in total market capitalization, is also examined. Such growth in popularity and size means that crypto-assets are now presenting new risks, such as disruption of traditional financial services and growing concerns about potential threats to global financial stability. Other, less macro-risks include the need to protect vulnerable customers, market manipulation, fraud, anti-money-laundering concerns, and cybersecurity, all of which will also need to be addressed. The increasing regulatory challenges are exacerbated by the growing public awareness, acceptance and use of cryptos.

Indeed, this perceived threat to financial stability is being considered by supranational policymakers with the identification, monitoring, and management of risks continuing to concern and on occasion confound regulators and firms alike. The challenges include operational and financial integrity risks from crypto-asset exchanges and wallets, investor protection, and inadequate reserves and inaccurate disclosure for some stablecoins. Moreover, in emerging markets and developing economies, the advent of crypto can accelerate what the International Monetary Fund has called cryptoization — which occurs when these crypto-assets replace domestic currency and circumvent exchange restrictions and capital account management measures. In other words, creating a situation that could have a potentially profound impact on financial stability.

Although outright bans on cryptos around the globe are somewhat rare and are diminishing, some jurisdictions are emerging as staunch advocates. Many regions, however, fall somewhere in the middle as regulations are slow to keep pace with the immense popularity of cryptos — a risk, in and of itself.

In many countries, cryptos appear to be at a legal and regulatory tipping point, the report shows. Concerns about financial stability and vulnerable customers, together with the apparently persistent misperceptions about financial crime, are driving policymakers to consider significant action. Policymakers must, however, balance these considerations with the benefits which could be derived from the more widespread adoption of cryptos.

Some countries, meanwhile, are welcoming cryptos with seemingly few regulatory concerns. Cryptos’ borderless nature makes this even more challenging, as is evidenced by the near-overnight relocation of miners and crypto-firms out of China after that country clamped down on crypto activity. Most jurisdictions are reluctant to stifle innovation, but it would be politically unacceptable to deliberately risk either wholesale financial stability or widespread retail customer detriment.

The clear message from the report is that there is an urgent need for a coherent, comprehensive, and global approach to the regulation and oversight of cryptos. The need for policymaking pre-emption and cooperation is seen as increasingly urgent as crypto-assets — which for now only accounts for a small portion of overall financial system assets — continues to grow rapidly. Further, direct connections between crypto-assets and systemically important financial institutions and core financial markets are rapidly evolving, opening the door to the potential for regulatory gaps, market fragmentation, or arbitrage.

Without a coherent international approach to cryptos there is a danger that they will fail to achieve their potential, and the world will lose the considerable benefits they could bring.

The special report will be featured at several upcoming conferences as well as on the Compliance Clarified podcast which is available on Google, Apple, and Spotify.