No let-up from the regulators

The 3 lines of defence must cope with both a tightening regulatory environment and the evolution and expansion of non-financial risks: Enforcement has become tougher in the US over basic record-keeping; we’ve seen enforcements against a bank for firing a whistle-blower who reported market abuse; we have the CFPB becoming active on consumer lending products, and the SEC commenting on failure to file SARs. In Europe, the pressure is on some of the same areas – part of the focus on fixed income is essentially record-keeping – but there have been fines for basic failures of the risk assessment process.

So, there is an expansion of regulation, not just in the sense that more regulation is coming, but also in the sense that regulators are tightening up on existing regulations: policy and attestation are no longer enough; obvious disregard for rules will be punished; repeat offending will annoy the regulators.

Regulators know that fragmentation and differences of approach make compliance difficult, but they say that their hands are tied by legislators. This is not completely true – regulators control the enforcement approach and there is a big difference between the US and Europe. “In the US, when they want to make a point, they come in and bite hard,” said one attendee. “A regulator will walk into a financial firm in the US and they'll look at what they're doing and they'll just listen. And even if they think it's not wholly sufficient systematically, they'll walk away and give you a clean bill of health. But the moment they find you do something wrong, you're going to get a very, very heavy fine. In Europe and the UK, a regulator will take a much more deep and prolonged engagement with regulated market participants. So, they're in checking things all the time, where in the US they don't.”

Regulators on Day One discussed sustainable finance and technology risk, crypto assets, and cyber and operational resilience; they talked about being more proactive and less reactive, and about becoming more digitally enabled. They are keen to stay abreast of the market and the technological innovation fuelling industry change, and they believe that enhancing their own technology and data analytics is the best way to do that.

The most obvious takeaway from today’s debate was how preoccupied individual regulators are with their own agendas. In Europe, that means the MiFID II review, the consolidated tape and, in terms of market abuse, cross-market manipulation. In Australia, the agenda covers a fairly broad palette of sustainable finance and technology risk, crypto assets, and cyber and operational resilience. And in the US, because of the number of regulators covering specific types of market participant, each is looking at its own issues – from account takeovers to Regulated Best Interest to comms record-keeping violations.

The big picture message? Even if regulators wanted to take a breather, legislators and the market won’t let them.