While the financial services industry has been the fastest-moving sector over the past 30 years, the industry undoubtedly is being and will continue to be affected by weighted shortfalls that it is experiencing currently and those that would show up in the future. ROSIE KMEID analyzes the main initiatives that have floated to the top of most financial institutions in 2015, with a key focus on regulatory compliance.
Although major reform initiatives undertaken by governments aim to strengthen the sector, the financial services industry is undeniably engaging in a battle with three frontiers that are security, regulatory compliance and revenue growth. For the financial services industry, security and regulatory compliance go side by side as strategic concerns, which in turn directly affect revenue growth.
In today’s digital age, and fraud taking on an intensified role, the topic of IT security has quickly ascended the attention scale and has become unquestionably a C-suite priority. While the sector may be ahead of many industries in terms of prevention and detection of security crime, it remains a prime target as data is considered a high-value commodity for IT criminals, and financial institutions are struggling to achieve or sustain best-in-class practice in this particular area.
But the news is not all bad. According to experts, the outlook for increased budgets to address security concerns is good. With public perception of the financial services industry sector still at rock bottom, it is worth mentioning that smaller IT security budgets are on the decline these days and security spending is on the rise.
As technology plays a fast-growing role, it has been noted that in 2015 there was a massive spending on IT security initiatives among financial institutions worldwide and this was the biggest jump ever in spending. Large financial institutions have spent vast amounts of money on diversified security technologies and worked on increasing security awareness on the sophistication of cyber attacks. Yet, they found out later that there may still be gaps in spotting potential vulnerabilities before they become a major problem, as with the high upsurge in data, devices and connections, security challenges have increased in number and scope.
The industry is thus more reliant than ever before on technology as many of its advances, i.e. mobile, analytics and cloud, have a direct role to play in the area of IT security. Forward-thinking financial institutions began to leverage and exploit innovative security tools such as advanced authentication and biometrics, many of them cloud-enabled. The top-ranked IT security for the fourth year in a row is further evidence to the increased reliance on technology to help achieve a secure, sustainable financial environment.
Financial institutions are aware that the threat landscape is constantly evolving; nevertheless, they find it difficult to keep up with the latest developments. But no financial institution can afford to be complacent because any organization can be the victim of a costly security breach, regardless of size. Security is too important not to be given due consideration, and the threats against the financial sector look like they will only continue to escalate.
On the other hand, the more invasive regulations to curb undue risk-taking by financial institutions aim at regaining and maintaining high performance. It is becoming increasingly clear that the historical approach to dealing with regulations and compliance will no longer work. Financial institutions are being asked to comply with a steadily increasing number of international, local and industry regulations and standards with each having its own rules and reporting requirements, and these include the Sarbanes-Oxley (SOX), J-SOX, CCAR, COSO, COBIT, IFRS, IAS 7, FATCA, various ISO/IEC international standards, the EU Data Protection Directive and the Directive on Payment Services 2, Basel II and the new Basel III frameworks. Likewise, Islamic financial institutions are advised to comply with AAOIFI accounting and auditing standards and IFSB capital adequacy guidelines for a greater harmonization of international Islamic finance practices, to achieve operational excellence and to strengthen the sector.
Although we noticed that in 2015 the vast majority of nations started to reshape their laws and regulations to comply with a series of international banking rules, following these directives often takes a significant amount of time and effort whether in developing appropriate internal controls, or during implementation and monitoring compliance.
The Basel accords for instance, which were endorsed by the G20 nations, are voluntary agreements among national banking authorities. This means that recommendations are enforced through national laws and regulations, rather than as a result of the Basel Committee on Banking Supervision’s recommendations; thus some nations tend not to implement the committee’s policies at all, and if they do, some time may pass between recommendations and implementation of the law at the national level.
For Islamic financial institutions, compliance with the legal framework referred to as Shariah law is mandatory, but compliance with AAOIFI and IFSB (two international Shariah standard-setting bodies) is not, and that explains why their recommendations are not implemented by all Islamic financial institutions and also explains the availability of a Shariah board for each individual institution.
The dilemma currently experienced in terms of the divergence of AAOIFI accounting standards implementations and the inconsistency of financial reporting, and the IFSB’s capital adequacy, risk management and corporate governance standards, which serve to complement the guidelines of the Basel committee by catering to the specificities of Islamic financial institutions, poses a great threat to the sustainability of the industry. The latter even went as far as to clarify the tools that Islamic financial institutions can use to meet Basel III regulatory requirements. Both institutions’ frameworks are currently the subject of much discussion and review to determine the factors associated with nations’ and Islamic financial institutions’ non-compliance.
On one hand, it is undisputable that compliance with Shariah is necessary to ensure that all matters related to Islamic financial institutions are within a legal framework which is acceptable to the entire Muslim community. But on the other, there isn’t a coordinated and unified approach among Islamic nations as to the interpretation of pertinent Shariah laws. Serious attempts are being made by AAOIFI and IFSB to gather support to identify the gaps at various stages of implementing their initiatives; as yet, no such progress has been noticed.
The financial regulatory landscape is getting crowded and there are numerous initiatives scheduled for both short and medium-term implementations which need to be addressed through robust technology platforms capable of reacting quickly to changing market conditions, and more effectively managing complexity.
It is evident that the top priority for financial institutions across the globe is growth. The two most important constituents that need to achieve this target are IT security and regulatory compliance to contribute together to that growth.
Increased growth of revenue, greater reduction of cost, and more effective handling of internal risks and external threats are reflected in financial institutions that swiftly react and adapt to changing environmental conditions. They can not only respond quickly to detected IT security threats, but they can also anticipate the imposition of new regulations and adapt quickly to changing circumstances.
But adapting quickly to a changing competitive landscape in the financial services sector is easier said than done. The progressively tightening regulatory frameworks and evolving threat of cybercrime are fast-integrating and burgeoning. Despite an unusually uncertain economic outlook, financial institutions remain determined to find ways to maintain profitability and expand their market share. In 2015, many financial institutions have been responding to the new challenges by modernizing their legacy systems. Nonetheless, others remained skeptical and uncertain about how to adapt their businesses and operations to new security and regulatory demands and are far from discarding their old technologies to adopt new ones.
Looking back at 2015, after a long latency, the reforms have helped most, if not all financial institutions to reposition themselves and try to adjust and capitalize on new opportunities for growth. Early results of these strategic priorities were evident in industry performance last year.
Going into 2016, we are likely to see more of these initiatives in one of the most transformative periods in the financial services industry. In pursuit of growth and profitability, the industry will seek to better acclimate to regulatory pressure by investing in compliance infrastructure and enhancing IT security. These trends will keep profitability front and center as the sector improves in the years to come.
The future of financial services promises to be one of the most important and challenging journeys in the decades ahead, and technology’s role, being a level-playing field will become even more vital for the industry to perform better.
Make no mistake – the stakes are high and will only increase over time. The challenge for financial institutions will be to leverage the power of technology by achieving a global operating model that would give them the edge in this dynamic environment.