Financial services firms are facing an unprecedented raft of challenges. Since the financial crisis, a new regulatory environment has forced a revamp of the responsibilities of boards, pushing functions such as risk and compliance to the top of the corporate agenda.

At the same time, rules designed to make institutions safer means they must hold more equity capital, driving up their cost of funding.

Pressure is also coming from the introduction of initiatives like MIFID II (Markets in Financial Instruments Directive), which has unbundled the cost of research from banks’ other offerings, again putting pressure on earnings.

Likewise, fund managers are using MIFID II as an opportunity to revamp their institutional relationships, while the advent of IFRS 17 (International Financial Reporting Standard) will have a profound impact on the insurance industry.

The banking industry has suffered multiple scandals, from PPI to Libor manipulation, exposing a damaging short-term culture, while the multibillion-pound taxpayer bailouts to cover the excesses of bankers sparked outrage throughout society—and the ripples are still being felt today.

This reputational fallout has challenged the ability of financial services firms to attract the “brightest and best”, and they must reach out to, and understand, a more idealistic set of stakeholders that are increasingly attracted to other industries such as technology.

Meanwhile a series of regulatory reforms—such as curbs on pay, along with the introduction of the Senior Managers Regime, which holds individuals accountable for corporate misconduct—have made banking less appealing.

Against this backdrop, financial services firms must re-engage with the economies they serve while new skillsets are required of boards and senior management as banks embrace digitisation and redefine themselves as technology providers.

The shift to online banking and the rise of digital disruptors, from payments providers to cryptocurrencies, is leading to a more fragmented offering. Rapid technological developments are creating threats and opportunities.

Tech is enabling banks to cut costs as large swathes of trading activities are automated. This requires big investments in creaking infrastructure as banks look to upgrade technology platforms.

And vibrant fintech start-ups are flourishing, threatening to disintermediate financial institutions while the development of artificial intelligence and machine learning is revolutionising financial investment and advice.

Asset management

The asset management industry is also facing considerable challenge. The rise of passive investing is set to continue and place increasing pressure on costs as revenues fail to keep pace with the growth in assets under management. A report by Oliver Wyman predicts that asset management fees could drop by 40% in the coming years, driven by the growth of passive investing and the rise of technology, while revenues could drop 13% by 2020 in the event of a stock market downturn.

Boards must plan now to tackle these challenges. The insurance industry is staring down the barrel of fundamental reform. In May 2017, the International Accounting Standards Board (IASB) released IFRS 17, which comes into effect on 1 January 2021 and replaces the current interim regulation IFRS 4.

With IFRS 17, the IASB aims to establish one set of principles for the recognition, measurement, presentation and disclosure of insurance contracts. The implementation will be complex, not least because there will be different interpretations of how to apply the standard across more than 100 jurisdictions. Insurance companies reckon the cost of implementation will run into the hundreds of millions of dollars.

Whether in asset management, insurance or banking, financial services institutions hold more data on their customers than ever before, boosting the potential to improve their offering. With that power comes responsibilities. New rules governing data means firms must safeguard the confidentiality of their customers.

But this technological revolution has its downsides. Customers place their trust in financial services firms, which need robust and sophisticated controls to fight against hacking, cybercrime and misconduct from within the organisation.

Since the financial crisis, banks have moved from a model that measures performance by top-line growth, to one based on returns and covering the cost of capital. With many investment arms still failing to cover the cost of capital, there are questions about their business mix. Should they exit investment banking altogether and concentrate on more utility-style returns?

New rules

The political and regulatory backdrop also serves as a headwind to banks’ previous global models. New rules require banks to fund their subsidiaries separately, while the rise of political nationalism will further fragment models. Brexit is a big unknown that will have implications for years to come, and bigger macro trends like climate change and shifting demographics have profound implications for investment portfolios.

All of these issues are vying for attention with bank boards at a time when the rise of ESG investing (environmental, social and governance) challenges firms to judge performance by a broader set of measures such as sustainability, the promotion of gender diversity and equal pay.

At the same time, the rise of social media and the resulting speed of information flow means corporate reputations are harder than ever to establish and maintain. In an era where reputations are more valuable than money, boards must understand the importance of corporate social responsibility. The winners will be those that can successfully develop a more transparent engagement with all of their stakeholders in a manner which leads to superior long-term returns.

The job of the board is to navigate these challenges and ensure effective governance so that institutions can generate sustainable returns across a broad range of measures. While financial services firms have spent the past decade trying to make themselves less complex and more transparent, they have in fact become more difficult to manage.

This guide aims to help equip boards with the knowledge and insight needed to deal with six key areas in the context of these unprecedented times.

Chapter 1: Enabling effective boards in financial services

The boards of global financial institutions must have the expertise, diversity and operational understanding to ensure effective oversight, but before that they must set the company on its cultural and strategic axis.

The global financial crisis had at its heart a failure of governance and oversight. Controls were ineffective, non-executives did not challenge and relationships broke down with regulators.

Boards have been slow to recognise the significance of culture. A survey conducted by Board Agenda and Mazars last year found that 63% of boards exclude culture from formal risk considerations. Meanwhile, respondents identified that “setting the right tone from the top” was the best way to influence culture.

Since the crisis the boards of financial services firms have taken a number of steps to ensure they are more effective and to atone for the mistakes of the past. But with the burden of greater regulation, unprecedented levels of technological change and fears over how well the industry is prepared for the next downturn—rather than solving the problems that caused the previous one—boards need to ensure they possess the right characteristics to be effective.

They must understand the vital role they play in setting the entire culture, vision and values of an organisation, while ensuring a sustainable return for all of its stakeholders.

“An effective board is all about having the right people working together in an effective manner,” says Anthony Carey, head of board practice at Mazars. “There needs to be the right level of support and challenge for them to thrive.”

More than ever, financial services firms must be aware of the broader set of stakeholders they serve. The bank bailouts mean politicians and the wider public wield a far bigger influence with regulators over how banks behave. A shifting and more intense regulatory landscape has forced firms to adopt more complex structures.

The Balkanisation of bank regulation means banks face increasingly localised governance requirements. In the UK, for example, banks have been forced to ring-fence their deposit-taking operations from riskier investment banking businesses, requiring them to have separate boards and governance structures.

Boards must demonstrate that they have a programme to meet increased regulatory requirements, often having to duplicate in multiple jurisdictions. Balancing local governance and global oversight is key, but an effective board has to set the fundamentals of a company’s culture, strategy and vision.

“Everything flows from this,” says Carey. “If the board understands the culture, it can ensure the organisation plays to its strengths. And it must be active in monitoring the culture which exists, and overseeing the implementation of programmes to close gaps between the desired and actual cultures.”

Governance and culture

The essence of good corporate governance is ensuring trustworthy relations between the corporation and its stakeholders. According to Carey, a constructive relationship between the CEO and chairman is pivotal to an effective board, and a healthy board culture is one where there is a high level of both challenge and support.

The board must also ensure that the strategy fits the culture, and that the business makes a financial return in a sustainable way. Effective boards must balance risk-taking and entrepreneurship. This has become a top priority in recent years for banks in particular, as they have bolstered their risk functions. This has made them safer than ever but at the same time they must keep an eye on innovation and entrepreneurship in order to keep up with rivals.

“Excessive risk management can cause an organisation to become too bureaucratic,” says Carey. “Boards that are very adept at oversight of a steady-state environment must ensure they have the right tools and expertise to cope with today’s fast-changing environment and with a potential crisis.”

Sufficient diversity

There needs to be the right balance between executive directors and non-executive directors (NEDs) to enable the board to work effectively, and there should be no dominant individual on the board controlling decision-making and blocking challenge. There needs to be sufficient diversity among board members to avoid “groupthink”.

“Diversity in terms of gender and ethnic background is very important, but so too is diversity in terms of industry and/or professional expertise,” says Carey. “Regular board reviews will help ensure they have the right blend of expertise.”

Diversity is also vital as it relates to personalities and professional backgrounds. According to Carey, externally facilitated board effectiveness reviews enable boards to stand back and assess their strengths and areas for development through an independent lens, and to identify the changes that will enable them to achieve their full potential.

Boards have a basic responsibility to ensure sustainable long-term value creation through setting the strategy and providing oversight regarding management decisions, as well as selecting and changing the management when necessary. A long-term view is essential at a time when many European banks remain in a state of strategic flux, having changed their top executives a number of times in the past decade.

Deutsche Bank has had five different CEOs in the past 10 years and continues to grapple with a restructuring. Effective boards take a longer-term view, looking beyond the next set of quarterly results.

This applies equally to talent management. The churn at the top of big banks has an adverse effect on human capital. Too often the appointment of a new chief executive will lead to a clear-out of the previous regime. Sometimes this is welcome, but when it happens too frequently, it breaks continuity and undermines succession-planning.

Upheaval in the executive suite is often caused by conflict over strategy and culture.

Carey says: “An effective board sets the strategy and provides strong oversight, as well as establishing a culture that sets the right tone from the very top of the organisation. Without these elements, problems will persist.”

Or, as Andrew Bailey put it in his valedictory speech as head of UK regulator the Financial Conduct Authority in 2016: “My assessment of recent history is that there has not been a case of a major prudential or conduct failing in a firm which did not have among its root causes a failure of culture as manifested in governance, remuneration, risk management or tone from the top.

“Culture has thus laid the ground for bad outcomes, for instance where management are so convinced of their rightness that they hurtle for the cliff without questioning the direction of travel.

“We talk often about credit risk, market risk, liquidity risk, conduct risk in its several forms. You can add to that hubris risk—the risk of blinding over-confidence.”

Chapter 2: Sustainable, long-term business planning

Investors are placing ESG issues at the top of their agendas, and they expect the companies they invest in to do likewise.

Many of the world’s leading companies have ESG policies embedded within their operations. Some, like Unilever, place their credentials at the forefront of their corporate identity; others may not see themselves as formal pioneers of ESG, but still embrace its principles.

Recent research conducted by Board Agenda and Mazars found that 73% of boards say that ignoring sustainability issues would affect their ability to create long-term value. However, there is concern that many boards still grapple with how to integrate sustainability into company policies.

Companies with a strong market position, financial strength and the strategic vision to deliver growth over the long term are rarely those that shun sustainable or ethical practices. What is sustainable is often just good for business. Likewise, a board that sees ESG as a box-ticking exercise, or fad, is probably hiding the symptoms of a deeper malaise.

“Financial services organisations are buffeted by market-moving events but it is the job of the board to ensure long-term and sustainable returns for all of its stakeholders, as well as a recognition of and adherence to ESG criteria,” says Mazars’ Anthony Carey.

Long-term survival

Good governance is essential for an organisation’s long-term survival. For many financial services companies, the 2008 crisis demonstrated that the business models they pursued—an obsession with short-term, top-line growth—were unsustainable, and destroyed shareholder value.

Beyond that, massive taxpayer bailouts triggered a global economic recession, fuelled inequality and destroyed trust with society at large.

When they report results, some financial services firms now include ESG criteria to show how they are measuring up in addition to revenue and return on capital. They pursue policies of engagement in society with significant initiatives to promote ethical responsibility, social and environmental innovation and a low-carbon economy.

They publish detailed ESG reports on their websites, but boards should ensure their commitment goes beyond words. Stakeholders will then respond more positively too.

“Boards should have a governance framework that analyses all risks—not just those directly linked to the business, but also those impacting their employees and the community at large as these will lead to reputational risk and adverse financial consequences,” says Carey. “To be taken seriously they should have more balanced reporting. Flagging up areas of improvement as well as trumpeting success is important.”

Robust ESG procedures

But as interconnected firms with tentacles that reach across the globe, financial services firms must be constantly watchful. They may think they are embracing ESG, but they need to be proactive. Asset managers must ensure they have a robust ESG procedure to engage with the management teams of the companies they invest in, and communicate that effectively with their own boards.

Meanwhile, strong board oversight is necessary to ensure banks are aware of the sustainability of each link in their supply chains. A number of scandals at big banks have revealed serious breaches of anti-money laundering rules, which have resulted in heavy fines and the implementation of global Know Your Customer programmes.

Fundamentally, some market participants must find a way to re-engage with a broader set of stakeholders, while others have realised that a decade on from the financial crisis, their reputations may be beyond repair. In October, the Royal Bank of Scotland, which was bailed out by the UK government at huge cost to taxpayers, launched a rebranding initiative because it had concluded its brand was too toxic.

But institutions need more than rebranding to be sustainable. According to the Latin scholar Publilius Syrus, “a good reputation is more valuable than money.” Syrus lived between 85 and 43 BC, but his words seem more relevant today than ever before. The rise of social media means that reputations are harder to establish and can be destroyed in an instant. Technology enables consumers, NGOs and employees to form rapid allegiances that can make—or break—a brand. Feedback is instant.

But rather than simply looking to protect a reputation or adopt ESG after the fact, boards can set the tone and ensure strict oversight to secure long-term success. Effective boards have a crucial role to play in aligning incentives with long-term performance and keep a tight rein on behaviours that could undermine sustainable practices.

Boards must also ensure that cultural change programmes deliver what they promise, rather than paying lip service to ESG.

Financial services companies have come to realise that they have a broader role to play in society. Employee behaviour is changing along with demographics, with staff demanding more flexibility in their jobs and continuous learning.

The scars of the banking crisis have meant the industry has lost some of its lustre. A survey of Oxford University graduates found that 10% were now less likely to consider a career in banking. At the same time, fintech and the broader technology sector is attracting more talent.

Boards must figure out a way of having the right talent management systems in place that are aligned with their culture. It is not enough to say they are sustainable employers; they must demonstrate it, or their share price will suffer. Successful integration and effective management of sustainability requires a robust governance structure.

Chapter 3: Managing opportunities & risks in a fast-changing world

The future is hard to predict, and the current pace of change poses more questions than it answers. What impact will shifting global demographics and increasing longevity have on investment strategies, as insurance companies look to match longer-dated liabilities?

How can financial services firms embrace sustainability—both in terms of earnings and in tackling environmental challenges—while ensuring they still meet their return targets?

Good governance is essential for an organisation’s long-term survival, but how can boards balance responsible stewardship while ensuring they stay ahead of the innovation curve?

This month it emerged that Biohax, a Swedish company that implants microchips into employees, held discussions with several British legal and financial firms about fitting their employees with these devices.

Dan Mellows, a director in Mazars’ risk assurance practice, says these developments indicate the challenge boards face in assessing the risks associated with new technology. “Much of the more vocal reaction to this has been dismissed somewhat irresponsibly as hysterical scaremongering.

“But how can a board truly gain the comfort it needs to ensure such initiatives are in the best interests of all stakeholders when in this instance, the scope for abuse of such technology is so undeniably vast?

“Perhaps it’s a case of being ‘damned if you do, damned if you don’t’ and clearly not an enviable position for those charged with governance.”

When it comes to governance, the adoption of technology and machine learning raises ethical questions. At its core good governance means a group of individuals having control and accountability, and anything that detracts from that in a material manner sets a board on a dangerous course.

Long-term questions are being asked of boards at a time when they face many near-term challenges. Everywhere boards look there are questions and challenges, both in the short and long term. Some are perhaps easier to understand than others.

Future crash

According to McKinsey, the combined global debt of governments, non-financial corporations and households has grown by $72trn since the end of 2007, making a future crash seem inevitable. Boards must ensure they have learned the lessons of the past and have the expertise, as well as the capital strength, to weather the next storm.

On the anniversary of the collapse of Lehman Brothers, former UK prime minister Gordon Brown warned that the UK is in danger of “sleepwalking into a future crisis”. The 2008 crash sparked a crisis in globalisation, and has led to a wave of nationalism, both in regulation and politics. There is a divergence in central banking policy around the world, with the US Federal Reserve tightening interest rates, while the ECB maintains its path of quantitative easing with low rates, creating a two-speed world economy.

President Trump has sparked trade wars with China, which could slam the brakes on global growth. Cyber-war with Russia is, to some extent, already upon us. Geopolitical uncertainty has arisen due to disruption to the rules-based international system where intervention has become the norm.

In the UK, uncertainty, Cabinet resignations and a leadership challenge over Brexit have placed the UK in political stalemate, making it impossible for businesses to plan when it comes to domestic and international operations. All of this takes place as global financial markets remain as intertwined as ever, creating a disconnect between politics and economic reality.

While no board can predict the future or hope to contend with all of these often-conflicting issues, there are measures boards can adopt. They must first and foremost set the culture and vision for the organisation and see beyond the noise of the prevailing political climate—a specified culture and vision should underpin a board’s strategic decision-making.

At the same time, the importance of specialised sub-committees has never been greater. Risk and technology committees can analyse specific problems and feed their findings into the boardroom. Boards can and should do more to ensure they have the right balance of talent. They need highly specialised individuals as well as those with broader industry knowledge.

Achieving this balance does not come without its own difficulties, as Mellows points out: “Maintaining a lean, efficient and effective board becomes increasingly challenging when such breadth and depth of specialist knowledge is required to demonstrate sound governance over all aspects of an organisation, including drives to innovate in the digital age.”

Constructive relationships

A decade on from the financial crisis and there is still a disconnect between banks and their stakeholders. For boards to anticipate the future, they must engage more directly with their customers and foster a more constructive relationship with regulators and politicians—one of cooperation, rather than advocacy.

The asset management industry must navigate a period of uncertainty that threatens to disrupt its business model forever. While the industry has largely benefited from buoyant global markets, with assets under management growing 13% in 2017, structural pressures continue, and a market downturn will expose those firms that have not taken measures to reduce costs.

The growth of passive investing has been a big theme in the industry and that will continue to challenge pricing models among active fund managers. Added to this, the industry is starting to polarise, with a handful of global investment powerhouses capturing an ever-greater portion of fees.

Risk management should be on the board agenda in a holistic sense. Boards must be sure the executive team has the right strategy that balances control with opportunity and ensures that finite capital resources are allocated to areas where they are most needed. They must strike the right balance between adaptive and fundamental innovation. That means understanding where innovation can serve the interests of the business, rather than betting the business on innovation and suffering the symptoms of “change fatigue”.

The boards of the future should reflect the times with a diversity of voices, enabling agility and adaptability, while ensuring strong leadership that can provide and deliver a long-term vision.

Chapter 4: Communication, information flow & effective decision-making

The composition of boards, their agenda and processes for decision-making are critical to ensuring boards discharge their responsibilities. But the quality of their decision-making is critically dependent on the quality of the information they receive and process.

In 2017, the US Federal Reserve acknowledged that boards of financial services companies can be “overwhelmed by the quantity and complexity of information they receive”, and published guidance on supervisory expectations for boards of directors.

The fear is that the proliferation of different committees consumes management and board time to such an extent that they are taken away from the running of the business. This situation is only likely to become more intense as the pace of technological change continues and the regulatory environment continues to evolve.

The regulatory burden is significant, and the creation of a global systemically important financial institution (G-SIFI) through a nexus of local and global regulations presents a particular management challenge. There is a group-level need to ensure overseas subsidiaries are effectively managed and operating within group control.

This confluence of factors threatens information overload and places great importance on the ability of management teams to optimise their time to streamline board practices and ensure effective decision-making, without diluting central control.

Practical steps

There are some practical steps that management teams and boards can take to optimise their effectiveness, such as compressing the number of days on which committees meet. It is essential to circulate materials in good time ahead of meetings to ensure effective discussion and decision-making. Digestible and clear information is essential for effective accountability.

Just as financial services firms have cut back the number of people sitting on their boards, thereby improving dialogue and decision-making, so they should be equally rigorous in cutting back on lengthy reporting.

“The information conveyed to the board needs to be focused,” says Michael Tripp, head of financial services at Mazars. “There needs to be a hierarchy of what is important. More than ever there needs to be clarity on where decisions are taken.”

An increased focus on risk and compliance has led to a proliferation of board committees. The main board should ensure a qualitative approach to governance, so there is a strong level of interaction with, and between, the various committees, says Tripp.

Boards and management teams should also be clear about what can be delegated, and boards should avoid practices that just represent box-ticking exercises that are no longer relevant to the way they operate.

They must also contend with changing accounting regimes, from GAAP to Solvency II and now IFRS 17, which is due to come into force in 2021. The implementation of IFRS 17, where relevant, will create disruption in the insurance industry and could prompt a fundamental redesign of the actuarial process.

The new rules will require a step change in the way insurers disclose information to make them more comparable with other industries. This will increase the burden of information for boards and management teams, and has implications for governance processes.

“Boards need to have the right level of expertise and training to understand how IFRS 17 affects their business,” says Tripp.

Opportunities

The change will also present opportunities. Any redesign of the actuarial process could present an opportunity to introduce or increase automation, thereby increasing the capacity to focus on providing timely business insight. Boards should be aware of the technological opportunities that such changes bring.

Such is the breadth of stakeholders in today’s financial services industry that management teams risk being over-burdened with unnecessary targets and key performance indicators. Tier-one capital targets and leverage ratio targets must be met to satisfy regulators, so it is important that teams are not constrained by too many targets that stifle their ability to grow and run their businesses. Excessive targets put pressure on management teams to deliver quarter-to-quarter, and may may hamper long-term strategic vision and best practice.

“Key performance indicators are an important way to measure performance and strategic progress and inform decision-making,” says Tripp. “But it’s important to narrow the focus to a number of meaningful KPIs that enable 360-degree evaluation, holding the executive team accountable.”

The financial crisis proved that global financial institutions were too big to fail. A decade on, the industry has become safer but more complex, raising the question of whether it is too difficult to manage.

Robust governance and a breadth of board expertise which reflects strong technical expertise, as well as borrowing from the insights and experiences of other industries, will be more important than ever.

Chapter 5: Effective oversight of regulation and compliance

The unprecedented pace of regulatory change in the financial services industry has led to substantial investment in the compliance function, but it needs greater support at board and executive levels in order to be effective.

Both banking and insurance sectors have experienced a stream of new regulations over the past decade. Much of it stems from the global financial crisis and centres on capital stability in the shape of the Basel reforms, in banking, as described by the Bank for International Settlements; while the introduction of Solvency II for the insurance industry has led to an overhaul of governance.

The Solvency II directive, which became fully applicable to European insurers and reinsurers in January 2016, placed an obligation on insurance companies to implement an adequate and transparent governance system and to conduct their own risk and solvency assessment on a regular basis.

In the insurance sector the regulation and supervision of internal governance mechanisms form a core part of the risk-management framework because some risks may only be addressed properly through governance requirements.

According to Michele Siri, a professor of Business Law at the University of Genoa, “an effective system of governance requires a proactive approach on the part of insurance firms, with a significant impact on the duties and obligations of the members of the board, on the one hand, and on the supervisor’s ability to assess the compliance of the internal governance with these specific requirements, on the other.”

Furthermore, Solvency II places policyholder protection at the heart of each link in the supply chain, thereby imposing a duty on the board to incorporate this into company-wide governance.

Guidelines on the systems of governance issued by the European Insurance and Occupational Pensions Authority suggested a more “intrusive” approach, which focuses on making forward-looking judgements about firms. This proactive attitude also includes supervision of how the board agrees and oversees the firm’s risk framework.

According to Siri, “this is a profound change which introduces a ‘four-eyes’ principle to decision-making and the specific role of signing off the strategic plan and monitoring its execution by managers.”

The spectre of IFRS 17 will have a profound effect on the industry as participants look to comply with a 2021 implementation deadline. The new regulation presents a profound challenge as insurance companies pull together divergent local operational and accounting models into a single global coherent standard.

As an example of the diversity of approaches that need to be reconciled, EU regulations currently require insurers to use updated discount rates to value future cashflows. Others, including America and many parts of Asia, allow the use of historical discount rates and assumptions valid at the time the policy was issued.

Beyond the hundreds of millions in compliance costs, the implementation of IFRS 17 will consume management time and resources at the very top of the organisation. In banking, local and supranational regulators have sought to tackle excessive short-term risk-taking, introducing curbs on compensation and increasing the ability of boards to claw back bonuses of officers found guilty of misconduct or in breach of risk limits.

Continuous compliance culture

The direction of regulatory travel has moved towards holding individuals accountable, with a view to ensuring that companies implement a continuous compliance culture within their organisation. Applying proportionality to their approach to compliance has also long been a challenge for smaller firms.

For many this reached its peak with the introduction of the Senior Managers and Certification Regime (SM&CR) to the banking industry in 2016, a measure which gave designated individuals responsibility and provided tough sanctions, including heavy fines and even imprisonment, for breach of duties.

The SM&CR is now being rolled out in the insurance industry which needs to comply from 10 December 2018. On the one hand it places the responsibility for good governance on the shoulders of the executive committee and the board of directors, pushing compliance to the top of the agenda.

On the other, it has acted as a deterrent, prompting experienced professionals to leave the industry, or made it hard for financial services firms to attract talented non-executive directors as individuals consider the level of personal risk involved.

Mazars’ Dan Mellows says: “This shift towards greater personal accountability may inadvertently risk a tendency for self-preservation at the expense of the wider organisation’s best interests. Surely the collective responsibility of boards should remain undiminished.”

Meanwhile, the introduction in January 2018 of MIFID II in banking and asset management is leading to consolidation in banking, as asset managers respond to unbundling by reviewing the allocation of their research wallet and reducing the number of brokers they deal with.

Policy (premium) pricing practices have also been brought to the forefront of insurers’ minds, as they respond to the UK Financial Conduct Authority’s (FCA) thematic review of fair treatment of long-standing customers in the life insurance sector. Also to new guiding principles from the Association of British Insurers’ and British Insurance Brokers’ Association, which target excessive discrepancies between new business premiums and policy renewals.

Furthermore, the application of the Ogden rate changes, reducing it from 2.5% to -0.75%, has piled the pressure on insurers and their approach to reserving.

The challenge for every board is to ensure that compliance functions have the resources, know-how and organisational status to provide proper checks and balances. Failure to do so results in heavy fines. In 2017, Barclays chairman John McFarlane said the bank had given all its revenues back in fines. As a result, the bank’s share price remains depressed.

Ineffective compliance can destroy shareholder value and damage corporate reputation. Goldman Sachs is braced for a legal battle after one of its former bankers said the bank encouraged a culture of evading compliance in the pursuit of deals. Other banks such as HSBC and Standard Chartered have suffered punitive settlements with regulators following the breach of anti-money laundering regulations. They have also been forced to adopt know-your-customer programmes that ensure they do not trade with corporations or individuals that break the law, while the PPI (payment protection insurance) scandal has cost UK banks billions of pounds.

The financial and non-financial sectors held their collective breath in anticipation of the first round of potentially significant fines being levied for non-compliance with the EU’s General Data Protection Regulation (GDPR), expected by the end of 2018. GDPR imposes a maximum fine for breaches of €20m or 4% annual global turnover, whichever is higher.

Mellows adds: “Whilst public opinion is that the Information Commissioner’s Office will actively scrutinise dotcom giants’ and public bodies’ treatment of personal data, larger financial services institutions are unlikely to be far down the ICO’s risk list. This is due to both the sensitivity of the data they hold and the potential for prevailing mistrust in light of a chequered past, notably the PPI and Libor scandals.”

The key is for boards to ensure compliance by placing it top of the agenda. A survey of 22 institutions conducted last year by the FCA found that, by and large, “the compliance function is moving toward a pure, independent, second-line-of-defence risk function with a higher profile within firms.”

Compliance representatives have been added to boards and governance committees, and reporting lines of the function elevated, it found. The survey also found that compliance functions have grown in size and are relying more on technology to deliver against their mandates. Business and product knowledge are required to understand and effectively challenge front-office activities, as are communication and influencing skills.

Stay ahead

Boards can take a number of steps to ensure they stay ahead of this new complex environment. In terms of governance and oversight, measures can include creating new board level representation, and ensuring they have the right talent within the compliance function.

“Indeed, the effectiveness of the second-line functions should be of personal interest to those fulfilling regulated functions due to the role risk, compliance and legal play in protecting them from myriad regulatory and organisational pitfalls,” says Mellows.

Allocating accountability for specific compliance activities is also crucial, and the creation of regulatory affairs functions is now more commonplace. As a third-line function, internal audit is increasingly being used to assess the maturity, status and impact of their counterpart compliance functions.

There are also a number of organisational and structural elements to consider. The perceived Balkanisation of regulation, with firms subject to increasingly local rules as well as global directives, presents a particular challenge, especially when financial services institutions continue to operate as global entities.

The growth of the compliance function means that it may be more appropriate to align it with global divisions and functions, while embedding it more within operational risk. One of the lessons of the financial crisis was that compliance functions were seen as supine, powerless in the face of autocratic management against a backdrop of light-touch regulation.

This tide has turned, and as legislation such as the Senior Managers and Certification Regime shows, regulators have more power than ever before. Compliance functions are stiffening their resolve and finding their voice. This creates a new concern: as control stands at the very top of board agendas, risk avoidance must not be prioritised at the expense of pragmatism and entrepreneurialism.

In a fluid technological and regulatory landscape, firms seeking growth must stay ahead of more nimble competitors while ensuring they maintain compliance. This requires strong leadership at board level but also a recognition of the second line’s status and the importance of its counsel.

Chapter 6: The board’s role & the impact of technology in financial services

The global economy is undergoing a profound shift driven by technology, which is harnessing advances in medical science, biochemistry and machine learning to reshape the boundaries of human endeavour.

The artificial intelligence revolution could prove to be the most fundamental development since the original rise of homosapiens, according to Nick Bostrom, a professor at Oxford University.

The pace and complexity of change makes the future hard to predict, but some of the changes have already arrived and are reshaping industries and consumer behaviour. The financial services industry stands at the cutting edge of technological change.

The advent of blockchain and cryptocurrencies such as bitcoin have created a financial market worth $1trn, while fintech is revolutionising the payments industry and disintermediating banks, which are moving away from traditional bricks-and-mortar branches to becoming increasingly digital platforms. Financial services firms are committed to massive IT investments in a race to upgrade ageing infrastructure and keep pace with more innovative, nimble start-ups.

Data lies at the heart of the technological revolution—how firms collect, understand, protect and process it will define future winners.

“Nimble companies from unrelated industry with deep behavioural insights gained through big data are increasingly competing in financial services,” says Mazars’ Michael Tripp.

Regulatory change is forcing boards to invest in state-of-the-art technology to ensure compliance, and while this constitutes a considerable investment, it will bring benefits in enabling boards to gain greater group-wide oversight.

For example, many insurance companies made great strides in improving the automation of its actuarial systems, but the introduction of IFRS 17 will require them to take this to the next level. This will lead to an improvement in governance standards because it will help compliance, reduce costs and manual errors and make it easier for management teams and boards to access and share risk insight.

Consumer protection and cybercrime

Alongside a big data “arms race” is the importance of consumer protection and its corollary, cybercrime. By the very nature of their business, financial services firms possess and process vast quantities of highly confidential and sensitive information, whether for pension funds, corporations, wealthy individuals or high-street customers.

Any breach or compromise of this information, whether intentionally by cyber-criminals, by rogue traders within an organisation, or simply by human error, can trigger huge financial losses and destroy reputations.

This presents additional challenges for boards to understand the profound changes reshaping the industry. The most pressing of these is cyber-risk and how it is handled by financial services firms. In 2014 JP Morgan fell victim to the biggest data breach in banking history, with 74 million bank accounts hacked. The bank devoted an entire subsection to its cyber-strategy and apportioned $250m to digital security. That amount could grow to half a billion dollars by 2020 based on new projections.

In 2017, banks and other financial institutions spent three times the sum that non-financial organisations devote to cybersecurity, according to a report by Kaspersky Lab. In his 2017 letter to shareholders, Jamie Dimon, JP Morgan’s CEO, called for better cyber-laws in banking to bring them in line with other industries such as aviation and shipping.

“We must also be far more aggressive in protecting ourselves from cybersecurity risks, both within the banking system and across the financial system…” he wrote.

Banks have introduced dedicated units aimed at combating financial crime and tackling cyber-risk. These have sprung up in response to regulatory censure but have become the norm at big banks, which employ regulatory and crime specialists to lead them.

As an indication of the scale of these operations, HSBC’s Financial Crime Threat Mitigation unit employs 3,000 people globally. The sheer scale of this means it is essential for boards to apply “big picture” principles to cybersecurity, requiring a broad view of risk management and implementing a culture that is collaborative, security-conscious and aware of the financial and reputational consequences of data breaches.

Boards must prevent “siloes” developing between businesses, where specialist knowledge is retained by a small number of technologically savvy individuals and they must understand the complexity of the products that they manufacture.

They must also be sufficiently balanced with non-executives who understand the technology that their departments are using, especially in investment banking, where complex algorithms are deployed to trade securities. In 2010, the so-called “Flash Crash” wiped $1trn from the value of the US stock market in 36 minutes when a group of algorithmic trading programs triggered a mass sell-off.

Structure and expertise

Effective cybersecurity begins at the top of the organisation. Firms need a structure that highlights business issues relating to cybersecurity, while providing the expertise to deal with threats.

Strong leadership is essential and those firms that have put systems in place to ensure immediate reporting of security incidents to the CEO will appear more robust. Boards should set the tone from the top by ensuring the firm has a company handbook which outlines security requirements to all employees, including the sanctions that could arise from a failure to comply.

Some banks have already adopted new technologies such as biometric identification at automated teller machines, to prevent cyber-attacks. When it comes to data security, organisations must ensure that regulations such as GDPR are adhered to, with minimum disruption to customers. The chief information security officer should report directly to a senior executive and should have a direct line to the CEO, or chair, in the event of a serious security breach.

“As technology plays an ever-more embedded role in financial services, cyber-risks will intensify, and boards and management teams must find ways of monitoring and combating it,” says Tripp.

But boards cannot just view technology through a prism of compliance. If they limit themselves in this way, they will lose the race to innovate.

“Boards should think about the talent they have in the boardroom, and whether they should appoint futurologists to help with big-picture thinking,” adds Tripp.

The challenge for the boards of financial services firms is to stay ahead of technological change at a time when small fintech companies are proving more agile at innovation. With such fast-paced innovation, it is becoming increasingly difficult to future-proof by picking the winning technology solution.

According to Winning Under Pressure, the annual survey of the global financial services industry by Morgan Stanley and Oliver Wyman, the asset management sector faces disruption on an unprecedented scale that could result in its “Uberisation”.

The report says: “In an extreme case, we could see the emergence of an Amazon-like marketplace—distribution largely disintermediated (i.e. directly provided to end-investors) and unbundled from advice. This is the exact opposite of how most markets are structured today, where advice remains bundled and intermediated, for example via bank distributors, independent financial advisers or investment consultants.

“Such an outcome would lead to significantly more price transparency and a magnetic pull to a Vanguard-like pricing for active management. We estimate this could eliminate up to 50% of industry revenues.”

Automation

Technology is an opportunity and a threat to asset managers, who see great potential in automation as a way to substantially reduce costs.

“The biggest potential cost lever is automation and better use of data and analytics,” says the report, which was compiled following extensive interviews with the CEOs of global asset management companies. “Firms typically spend 10-20% of their cost base on data management and are now thinking hard about how to increase the impact of their spend.”

But while automation and greater outsourcing can help firms reduce headcount, the reports estimates that up to 40% of the workforce will require fundamental retraining and places responsibility for managing this transition at the door of senior management and the board.

The report continues: “The depth and speed of change required far exceeds the traditional change management process handled by HR departments. We believe that the workforce of the future is a CEO topic, requiring strong top-down guidance and a clear understanding of how the organisational set-up and glue will have to change. However, we view this as a 5–7-year journey requiring many boards to also adjust incentives for the C-suite.”

When it comes to the day-to-day operations of senior management teams and boards, there are clear benefits to be gained from technological innovation. Real-time data is available on a far more granular level than previously, improving management intelligence, and that can feed into improved reporting.

Tripp concludes: “Financial services firms are in the risk business, and they must constantly strike a balance between prudence and entrepreneurialism.”

You can download a copy of the full Future-Proofing Financial Services report here.