We begin by taking a look back at How The Great Recession Changed Banking, looking at the highlights from our recent Harvard Business Review article on the topic, which finds that returns on equity have halved while capital ratios have doubled in the wholesale banking business. We look at what has driven the change, and what will drive change going forward.
Next up, we provide three drill downs on the themes from our recent European banking report, including insights into how digital can improve the customer journey through the loan application process, our views on the future workforce, and the growing attention on data security in the wake of cyberattacks.
Finally, we focus on the agenda for 2018 and beyond. The year 2018 will see key EU regulations such as MiFID II and GDPR come into force. We believe the industry still has much work ahead to meeting these requirements, both in terms of addressing the immediate need to be compliant and in the longer-term impact the regulations will have on the banking sector. Likewise, the compliance functions have a lot to do to develop new monitoring schemes to ensure the new rules are met. In our view, banking has a long way to go before it reaches next-generation compliance, which will require a more systemized and automated approach. The final Basel IV package has now been announced, but will not become effective until it is embedded in national/European laws and regulation. Therefore, engagement with European regulators on the topic will be critical in the coming months.
Our longer- term regulatory outlook for financial services highlights the new regulatory and political equilibrium following the move from multilateralism and free trade to more domestically focused policies.
How the Great Recession Changed Banking
Just over 10 years ago, French bank BNP Paribas froze US mortgage-related funds. Defaults on subprime mortgage loans mounted. The market panicked. There was a run on British bank Northern Rock. Over the next year, many banks fell or needed bailouts. It may feel as though the financial system has not changed much in the decade since the downturn, but in our paper How The Great Recession Changed Banking we show that it has. The financial industry has witnessed revenues drop and balance sheets shrink. Returns on equity have been halved, and capital ratios have doubled. The recession transformed investment banks and created a deep divide between banks that quickly remodeled their business and those that failed to move rapidly.
Exhibit 1 – Capital ratios
A dramatic expansion of regulation drove most of the change until now, in an attempt to safeguard the financial system from another crisis. The change going forward will be driven by technology and digitalization. Banks hampered by tight technology budgets, overly rigid organizational structures, and competing internal visions of the future will risk stagnation — or worse. While there is no doubt the Great Recession and its aftermath left the industry reeling, the next phase of technological disruption may actually lead to a more fundamental transformation of the industry.
Great Expectations: Improving the Loan Application Process for Small Business Borrowers
As we noted in the European banking report, digital is changing customer buying behavior. We recently worked with Fundera to carry out a study on how to improve the customer journey in the loan application process. This research identified several areas in which lenders of all types fall short of what borrowers told us they want. Borrowers said that the search and application processes are complicated and time consuming, loan pricing and terms are difficult to understand, and comparison shopping is arduous because it requires multiple applications and comparison of inconsistently presented offers. These largely unaddressed needs create opportunities for lenders to differentiate themselves.
In addition, the study confirms that banks generally lag behind fintech lenders in creating a satisfying borrowing experience across factors like application length, communication of next steps, and time to approve loan applications. Borrowers from traditional institutions are about twice as likely to be frustrated by these aspects of the application process as borrowers from alternative lenders. (See Exhibit 2.) However, alternative lenders’ high cost of funds leads to higher pricing that frustrates borrowers. If alternative lenders begin to develop stable, low-cost funding sources, banks might need to shore up their relative weakness across most elements of the customer experience.
Exhibit 2 – Borrowers reporting aspect of obtaining a small business loan was frustrating or very frustrating
The report identifies a series of tangible actions banks can take to improve the lending experience for their customers. Some of the important activities highlighted in this paper are:
Disclosing loan terms in a clear and consistent manner
Simplifying the product suite
Streamlining and standardizing the application process
Investing in customer-facing digital solutions that reduce friction
Automating the underwriting of lower-risk loans
Delivering the Workforce for the Future
We expect the digital era to result in changes to the banking business model and subsequently require changes to the workforce. Over the past year, we have seen several fintech companies enter the industry and challenge conventional banks – bringing new and improved services to customers. In response to these market changes, banks need to review their workforce. Traditional jobs are being reconfigured and new skills are becoming critical to success, resulting in new requirements for the future workforce.
As companies transform their business models and strategies to realize the opportunities of the digital revolution, they must also define their workforce of the future. Three interrelated questions must be addressed to define the future workforce:
What skills are required?
What size of workforce is needed?
What shape should it take?
In Delivering The Workforce For The Future, we share our point of view relating to skills, size, and shape, and provide an outline to guide business leaders as they progress from envisioning to delivering their future workforce. To build and implement the future workforce, HR, Business, and Strategy functions must partner and work together in an integrated fashion. Moreover, workforce management will become a critical and integrated component of business strategy. For many companies, the path toward this future will require a fundamental transformation in the way they think about strategy, business models, HR, and their most critical resource — their staff. Ironically, with the increase in digitization and technology, human beings and human skills will play an even greater role in helping organizations succeed in a sustainable manner.
Embedding Cyber Defenses Where They Matter
Cyber risk continues to grow, and global cybercrime has now reached such a high level of sophistication that it represents a mature global business sector itself. In 2017, we have experienced the widespread use of nation state-caliber attack methods by criminal actors. Powerful, self-propagating malware designed to destroy data, hardware, and physical systems has disrupted companies and businesses worldwide, all at an enormous cost (e.g., Scandinavian logistics provider Maersk has announced a loss of up to EUR 300 m after being hit by the Petya attack earlier this summer). The number of ransomware attacks has also spiked significantly. The impact of these attacks extends well beyond their initial targets, with broad systemic ripple effects.
Exhibit 3 – Trend in ransomware
Given the accelerating frequency of data breach announcements and the fallout that takes place when a breach is discovered, the line of attack taken by many organizations to addressing known weaknesses is not working. We believe that corporations need to consider fundamental changes in their approach to cyber risk that goes beyond their current endeavors.
In our report Embedding Cyber Defenses Where They Matter, we discuss six key practices – that address recently exposed weaknesses as well as fundamental changes – that leading companies are undertaking to improve cyber defense:
Move beyond a castle-defense model
Harden your data assets
Migrate from APIs to secure APIs
Don’t just secure, verify
Make security a primary design requirement
Upgrade your cyber risk culture and accountability structure
In the 2018 edition of the MMC Cyber Handbook, we have collected a set of articles from business leaders across Marsh & McLennan Companies, as well as experts from Microsoft, Symantec, FireEye, and Cyence. The handbook provides perspective on the shifting cyber threat environment, emerging global regulatory concepts, and best practices in the journey to cyber resiliency.
MiFID II
The January 2018 MiFID II deadline is fast approaching. Across the industry, firms are sprinting to be compliant by Day 1. On the sell-side, firms for the most part have fixed their reporting and best execution arrangements and come to a reasonable strategic clarity on their research offering. Now, many are focused on a) ensuring their clients actually have legal entity identifiers (typically, we see between 20 percent to 30 percent of clients without LEIs, and the UK FCA has made “no LEI, no trade” very clear), and b) figuring out the costs disclosure requirements, which we expect will create major communications challenges with some clients.
For buy-side and private banks, firms have so far spent much of their focus on transaction/ trade reporting and figuring out their research strategy (something we reported on in our last Spotlight. Much work remains to be done on product governance, inducements, and costs and charges disclosure at many players, with a particularly wide span of different methodologies being employed on costs and charges disclosure. Smaller funds and firms may need to rely on some degree of regulatory leniency – most regulators have signaled that good faith efforts will be accepted for Day 1 for some aspects of the regulation.
General Data Protection Act
Earlier this year we published the report Future Proofing Privacy: GDPR Compliance In A Networked Banking System in which we outlined the core steps to reach sustainable GDPR compliance ahead of May 2018, when it goes into effect. (See Exhibit 4.)
Exhibit 4 – Five steps to sustainable GDPR compliance
In August, we discussed The Coming Consumer Data Wars . In the article, we argue that even though GDPR itself complicates business models for both European and US companies, the greater challenge may lie in the anticipated consumer data war that will arise between the companies that customers trust enough to compile their personal data and the companies forced to let their data go. In this environment, the “haves” will be able to keep customizing and improving their offerings to EU citizens using more data than they ever dreamed accessible. At the other end of the spectrum, new products and services sold by “have-nots” will likely emerge slowly — or worse, miss the mark entirely because of the lack of insight into evolving customer needs and tastes.
Thus, the solution lies not in focusing on how to do the minimum required, but in devising ways to use the law to forge new business lines that will change the economics of consumer-data privacy protection. Those companies that embrace the future under the new law may find themselves with access to unclaimed digital territory. Across the industry, firms continue to focus on regulatory compliance when they should be moving on to the strategic option GDPR opens up for their industries.
Next Generation Compliance
Events over the last five plus years have highlighted serious misconduct across the financial industry, with numerous major banks named in investigations or lawsuits such as the FX and LIBOR scandals. These types of events prompt reasonable questions from regulators, the public, and the institutions involved, as to why the misconduct was not detected internally. Conduct expectations and regulatory requirements have increased dramatically with regulatory changes including the Market Abuse Regulation (MAR) and MiFiD II. In response, banks have invested heavily in remediation programs and surveillance frameworks to detect potential employee misconduct.
The surveillance tools used by many banks today are relatively simplistic and rules-based, resulting in vast numbers of false-positives requiring manual investigation. To address the increased expectations on conduct and compliance, we recommend banks to transition from this current rules-based approach towards a more dynamic, integrated, and conduct-oriented detection process. This strategy should be broader than selecting among new vendors and should include investment in the human and technological capacity to enable financial institutions to more dynamically respond to emerging risks and more effectively and efficiently detect misconduct. In Embarking On A Journey From “Surveillance” To “Detection” we outline the typical shortcomings of current surveillance frameworks, and which investments to prioritize in order to reach a target state with more customization, iterative feedback and forward-looking analysis that detect misconduct.
On our hub for Conduct, Culture, and Ethics in The Financial Services Industry, we have collected our insights on the topic, as well as comments on the latest observations on how banks are addressing the growing need for a structured approach to managing culture and conduct.
Basel IV Implementation Date Pushed Out To
January 2022
The final Basel IV package was announced by Mario Draghi and Stefan Ingves on December 7. While Basel IV will affect all regions, the biggest impact on aggregate capital requirements will be in Europe. In addition, virtually all large banks will need to make a series of substantial technical changes. Further, relative capital requirements for different products and businesses will change, generating reactions within banks and in the market at large.
The main points of contention on Basel IV have been resolved as follows. The “output floor” is on an aggregate basis and is set at 72.5%. The implementation date for all the changes has been pushed out to January 2022, with a further 5-year phase-in for the output floor. The Fundamental Review of the Trading Book (FRTB) will go back to Basel for recalibration, which will presumably require a new consultation paper to be issued shortly along with a new Quantitative Impact Study.
The Basel agreement will not become effective until it is embedded in national/European laws and regulation. Therefore, engagement with European regulators on the topic will be critical in the coming months.
Beyond The Immediate Regulatory Horizon
While 2018 will include some core regulatory implementation deadlines as discussed above, we see further changes on the regulatory horizon. Last month, Oliver Wyman and the Centre for International Governance Innovation (CIGI) hosted the 4th annual Financial Regulatory Outlook Conference, which focused on the trend from multilateralism and global coordination to more domestically focused policies. Over 130 participants, including a distinguished group of speakers and delegates, took part in this year’s edition. A decade from the onset of the crisis, banks across the globe have come a long way, and significant regulatory reforms have strengthened the international financial system. However, movements against further regulation and centralization have arisen in many jurisdictions in Europe and beyond. Rising income differences, tax arbitrage, lower taxation of capital, and trade deficits nurture sentiment against multilateralism and free trade. Against this backdrop, senior executives from both the public and private sector discussed the various reasons for national resistance to further regulatory harmonization, how banks should react to recent developments, the role of fintech as enabler for incumbents, and what the new regulatory and political equilibrium ultimately may look like. A summary video is available on the conference website. A more detailed conference report summarizing the discussions will be published shortly.
