The top 10 regulatory trends in banking
To survive and thrive, the banking industry should keep an eye on the fundamentals while preparing for new laws and regulations.
The nature of the banking business—and people’s understanding of what banking is—continues to evolve in ways that challenge veteran industry players, as well as state, federal and global regulators.
To survive and thrive, the banking industry should keep an eye on the fundamentals while, at the same time, preparing for new laws and regulations in emerging focus areas such as climate, financial inclusion and digital assets. That was a key observation from our recently published Banking Regulatory Outlook, which listed the key areas — both established and emerging — to which smart banking stakeholders are paying attention.
In a nutshell, maintaining a laser focus on good governance, risk management, internal controls and financial strength is essential. Social and environmental movements have transformed the expectations of corporate responsibility and digital technologies are rapidly evolving—many of which will be transformative to centuries-old financial systems. In this reality, regulators and the financial services institutions they supervise are racing to keep pace.
According to our industry specialists, there are many areas for increased awareness and proactivity, including:
Climate: As environmental, social and governance (ESG) concerns gain importance across a wider variety of stakeholders, we expect U.S. financial regulators to continue accelerating their climate response, specifically around seeking to improve the quality of stress test data.
Cyber and operational resiliency: Increases in cyberattacks, data breaches and service outages have steered bank leaders and regulators to increasingly focus on managing operational and cyber risks.
Digital assets: Regulators are taking a more active role in regulating digital assets in two areas: regulated financial instruments (deposits, futures, securities) and regulated entities (banks, broker-dealers, money transmission entities). Flexibility will be essential as the rules unfold, and firms will need to respond quickly.
Governance and core risk management: Ensuring that foundational risk management; governance expectations; and strong internal controls are implemented and owned by board and supervisor-level employees remains a critical industrywide call to action. This is particularly important in newly emerging risk areas like remote and hybrid work, where many employees are demanding more flexibility in hours and working conditions.
Consumers and consumer protection: Building on the momentum and renewed focus on consumer protection, we expect that banking and financial regulators will accelerate consumer-related supervision and enforcement activities, with particular focus in areas such as fair and responsible banking.
Capital and liquidity: While capital and liquidity planning will likely continue to be unusually complex, regulatory expectations remain in flux. The need to demonstrate resilience under stress could require higher capital and liquidity levels along with more sophisticated contingency planning.
Data infrastructure and technology resilience: More than ever, data are critical to identify and manage emerging risks and develop risk mitigation responses. This results in a need to look at a technology strategy alongside a data strategy and consider integration and legacy systems; data availability across the firm; privacy protection and data security; and analytic capabilities.
Regulatory perimeter: Several banking activities occur outside the federal bank regulatory perimeter and are instead addressed at the state and local levels. This model is coming under increasing pressure with digital developments like stablecoins and decentralized finance. Absent a crisis and given the closely divided Congress and midterm elections, regulatory advancements may come from agencies instead of through legislation.
Compliance and anti-money laundering: The compliance perimeter now covers new areas such as board governance and third-party risk management (TPRM), along with detailed requirements in prudential risk management areas such as capital and liquidity management. An effective compliance management system should effectively cover all new and nontraditional areas in addition to the more common ground of consumer protection, AML, and the Bank Secrecy Act. With AML reform underway, banks need to strike a balance between maintaining compliance and adopting new approaches.
Third-party risk management. TPRM is a cornerstone of non-financial risk for banks, and banking regulators understand that the banking ecosystem is expanding and integrating with other industries. This, in turn, is changing the way banks operate their TPRM programs in three areas: Agility and responsiveness, consolidation and expansion.
Richard Rosenthal is a principal in the risk and financial advisory practice at Deloitte & Touche.