Ed Sibley: Prudential regulation, the international financial services sector, and priorities in Ireland for 2018

Remarks by Mr Ed Sibley, Deputy Governor (Prudential Regulation) of the Central Bank of Ireland, at the FSI Financial Services Forum, Dublin, 8 December 2017.

The views expressed in this speech are those of the speaker and not the view of the BIS.

In my remarks today, I will cover three broad areas relevant to internationally focused financial services firms. Firstly, I will describe our objectives and approach to prudential regulation, secondly, I will consider some of the key challenges the international financial services sector faces, and thirdly, I will outline some of our priorities for 2018.

Within these broad areas, you will hear:

• the Central Bank's prudential regulation priorities for delivering on its mandate of safeguarding stability and protecting consumers;
• that while much progress has been made in improving the safety of the financial system, more work is required to address issues that still remain; and
• that even as we are still dealing with legacy issues from the last financial crisis, significant headwinds and risks are on the horizon. 

Regulatory and supervisory approach

The core work of the Central Bank is focussed on delivering a financial system that is well-managed, well-regulated, and sustainably serves the needs of the economy and consumers over the long term. Given the international nature of much of the Irish financial services system, this objective includes consideration of our responsibilities regarding European financial stability. 

Indeed, in comparable ways to your firms, the Central Bank is also part of the complex European financial services ecosystem - playing an active role in the European framework of regulation and supervision¹. Within that framework, the Central Bank operates a robust and effective approach to supervision that underpins our aim of enhancing the standing and reputation of the Central Bank (such that it is trusted by the public and respected by our peers), and the wider reputation and long-term attractiveness of Ireland as a financial services centre.

Delivery of our overarching vision for the financial services system requires that we deliver effective, intrusive, analytical and outcomes-focused supervision. This is risk-based and anchored by our PRISM supervisory methodology. Our supervisory effort involves our day to day supervisory team engagement with regulated firms; in-depth and intensive inspections; and high quality analysis designed to support and challenge the supervisory work.

We undertake this work with the aim of ensuring that regulated firms:

• have sufficient financial resources, including under a plausible but severe stress;
• have sustainable, capitally accretive business models, over the long-term;
• are well governed, have an appropriate culture, with effective risk management and control arrangements in place, which are commensurate with their nature, scale and complexity; and
• can recover if they get into difficulty, and if they cannot, are resolvable in an orderly manner without significant externalities or taxpayer costs.

Distilling our supervisory approach and objectives into a few lines is relatively straightforward. Delivery of the approach, and for regulated firms to be operating in line with our objectives is less so, particularly in the context of the continued developments and changes to regulatory frameworks, which I will come onto in one moment. Nonetheless, it is what I expect of my teams, and it is what I expect of the firms that we supervise, whether they are focused on the domestic economy or internationally focused.

In the 10 years since the onset of the financial crisis, multiple reforms have sought to address the root causes of the crisis and other issues. Indeed, there continues to be reforms of the reforms, and regulatory reform packages have started to sound like extended movie franchises. 

While not yet reaching the number of iterations as the Fast & the Furious franchise, we are still embedding recent changes such as Solvency II, and implementing further changes, notably MiFID II² and PSD 2³. We are close to agreement on Basel III. In parallel, accounting standards continue to be updated, with a 1 January 2018 effective date for IFRS9⁴ and IFRS17⁵ coming into force from 1 January 2021 for Insurance firms. 

Further change is on the way with Capital Markets Union (CMU)⁶, an important response to the challenge of achieving more diversified sources of funding of the European economy, wider opportunities for investors, and broader risk sharing. The objective to diversify the funding mix, reducing reliance on traditional funding models, is a valuable one. 

The recently proposed revision of the ESA's framework is also relevant⁷. Negotiations are continuing under the Estonian Presidency on the European Commission's Risk Reduction Measures package. This package constitutes the EU's completion of the Basel III and FSB reform agenda and revises parts of the CRD / CRR and BRRD frameworks⁸. 

It is both clear and unsurprising that there is some regulatory change fatigue in the system. So it is important to consider why these changes have been needed - indeed, why regulation is needed at all. Ultimately, this comes down to a question of trust. And without regulation and effective supervision, financial services firms cannot be trusted to deliver what is required of them in the way the economy needs and society expects. This is the lesson of the most recent crisis and all crises before that. It is the lesson from the multitude of conduct failures. Regulatory change has, among other things, been required to address gaps or weaknesses in the system that were being exploited or at risk of being so. 

We all have a job of work to do to try and restore trust in the system.

Current challenges

With one very notable exception, the internationally focused financial services firms operating in Ireland have not experienced the same levels of failures and losses as the domestically focused sector. This is obviously welcome, but should not be a cause of complacency. There are significant risks and challenges that need to be addressed, including: 

(i) Macro risks

The macro economic environment has improved considerably, both domestically and internationally. Growth has returned in the Eurozone and is now well established in Ireland. However, significant risks are evident. 

Our latest Macro Financial Review will be released next week. I urge you to read it, as it covers in some detail the progress and vulnerabilities in the Irish economy and the financial system. For example:

Valuations for many asset classes have been increasing for a long period - from government bonds through to bitcoin, from stock markets to real estate. Market volatility is very low. This bull run can not last forever. Quantitative easing will end. Interest rates will rise. Asset valuations will fall. Hopefully, this will all be orderly, but history would warn against any complacency in judging that this time is different.

Geo political risks are also elevated. Most notably, we may all hope for an orderly Brexit, a topic I will return to, but there is no certainty that this will be the case. Whatever the outcome, it is likely to be negative for the Irish economy and the financial services system here and potentially across the EU. 

At the risk of generalisation, as CEO's and senior managers in international financial services firms, the majority of you are likely to be more optimistic than your prudential regulator. In fact, in the same way as I am paid to consider downside risk, you are incentivised to consider the upside. Nonetheless, we all need to be prepared for the plausible worse case. 

After a storm it is important that roofs are fixed, leaky pipes mended and so on. While there is a natural tendency for a 'risk on' mentality to dominate in the current environment, repair is still needed, and lessons of the past cannot be forgotten. Even as we are still dealing with legacy issues from the last financial crisis, significant headwinds and risks are on the horizon. 

To deliver a resilient financial system, firms need to prepare for challenging times ahead. Today, economic conditions are more positive than in recent times. During such times it is critical for firms to prepare for the potential downside risks and plausible shocks that include Brexit, tighter economic conditions and on-going disruption of business models. 

(ii) Pace of change

There are considerable opportunities and risks for the financial services industry arising from technology changes. History is replete with examples of industries being transformed, created and disrupted by technology changes. This dates back centuries, but the pace of this change and the risks associated with it are increasing, in what seems like an exponential way.

It is beyond doubt that banking, insurance, asset management, payments, and other financial services sectors will be disrupted by technology change. Are you ready, or is your firm or your sector more like Kodak or Nokia?

Fintech is changing barriers to entry and blurring the boundaries between technology firms and financial services firms. New business models, products and services are emerging, and changing the way users interact with the system. Value chains are being disrupted. Available data is growing exponentially. The sophistication and reliance on artificial intelligence and machine based learning is increasing. Opportunities for innovation through digital technology are abundant as financial services is focused on recording, analyzing, and interpreting transactions and managing associated information flows. 

So there are threats and opportunities for all of your firms. Smaller, niche players, can be more nimble, can target specific higher margin business - cherry picking from the bigger players, but new entrants might also arrive - including from the technology sector. Alternatively, bigger players with larger wallets can buy technology firms, achieve economies of scale, and so on, and can compete easily on a cross border basis. 

However it arrives, there will, undoubtedly be disruption to the system and your firms. I expect that you will be actively thinking about these issues, how they will affect your business, your capabilities to deliver change and the services you want to provide, and ultimately what a sustainable proposition is.

(iii) Operational risk & resilience

We are all operating in an increasingly complex environment, with a greater and greater degree of reliance on technology, an exponential growth in data, continuous change, increasingly organisation complexity - including through outsourcing. All of these factors increase operational risk, and the need for greater resilience in our processes, people and systems. 

System resilience and cyber security threats are acute. Risks can crystallize instantly and catastrophically. The evidence from our onsite IT risk inspections is that much more needs to be done to manage this risk. For all of you, it is a question of when, not if, so you need to not only reduce the risk of occurrence but have advanced plans for how you will deal with the risk crystallising. 

To take outsourcing as another example, while there are strong business benefits from successful outsourcing, it does bring additional complexity into the system. It may be more difficult to get a co-ordinated response when issues arise and to get separate firms, perhaps un-regulated, to operate in a co-ordinated manner during a time of stress. The firms may have conflicting responsibilities between their own stakeholders. You need to be satisfied, and to be able to demonstrate, that this additional complexity is being managed and mitigated. 

(iv) Governance & risk management

As I have already alluded to, we are living in an increasingly complex, fast moving and challenging world. Successfully meeting these challenges requires effective leadership, governance and risk management. It is therefore of serious concern that, in too many cases, the implementation and embedding of effective governance arrangements and risk management frameworks in Irish financial services firms is not sufficiently robust. More than one third of the largest firms (PRISM impact High or Medium High) have significant issues, which require remediation in order to bring governance arrangements within our supervisory risk appetite. This needs to change. 

As does the culture in many firms - not just the retail banks. We expect institutions to critically evaluate their culture, considering what type of culture they want to develop, how staff are incentivised to behave, and to be held to account as to whether the culture they want is the culture they have and how would they know if it is not.

We will also be stepping up our work from a diversity and inclusion perspective - linked to our work on culture. It will increasingly feature in our ongoing supervision and inspection work, supported by analytics. We expect regulated firms to meaningfully address diversity and inclusion in the boardroom, at the executive level and the pipeline of talent needed to run the organisation in the long-term.

Supervisory priorities for 2018 

Turning now to the final part of my remarks - our supervisory priorities for next year. There are some differences across sectors, such as:

• for Banking: continued drive to reduce NPLs, supporting our Financial Conduct colleagues on the tracker mortgage examination, implementation of PSII, the implementation of IFRS9, and the EBA stress test;
• for insurance: focus on risk transfer, cross border insurance and completing further work on internal models;
• for Asset Management and Investment Firms: the implementation of MiFID II; and
• for Credit Unions: further enhancements of the regulatory framework, addressing viability issues, restructuring and responding to the bifurcation of the sector, and credit risk. 

But there are also many common priorities and there is absolute consistency in our desired outcomes - that of delivering on our mandate of safeguarding stability and protecting consumers and our vision of a well-managed, well-regulated financial services system that sustainably serves the needs of the economy and consumers over the long term.

Common key areas of focus in 2018 will include: 

(i) Core supervisory activity: 

My number one priority is to ensure that my teams deliver an effective, intrusive, analytical and outcomes-focused approach to supervision. We will relentlessly pursue improvements in those areas necessary to bring financial service firms within our supervisory risk appetite. This will include significant work on the areas I have raised earlier - governance, culture, IT risk, and outsourcing. 

(ii) Brexit: 

As I have touched on earlier, Brexit will have a direct and negative impact on the Irish economy. This impact will have knock on effects on the Irish financial services system. Even in a best-case scenario, new frictions and duplications, with associated costs, will emerge in the European financial services system. The loss of the UK voice from the European system of financial regulation is also negative for Ireland.

There is considerable uncertainty and complexity for firms in dealing with Brexit, regarding, for example contract continuity, risk transfer, appropriate governance structures and regulatory treatment of third country branches by both the home and host state. 

While some firms have robust plans that deal with a range of scenarios, other firms' plans are not as advanced as they need to be. Some firms have not considered a scenario of a 'hard' Brexit with no transition period. More work is required to be prepared for this plausible scenario.

With regard to Brexit related authorisations and approvals, we will continue to prioritise our authorisation activity and continue to deliver on our commitment of being transparent, predictable and consistent in our approach to authorisations and material business changes. Where Brexit has a material impact on business strategy and business models, we will challenge firms to ensure they appropriately address associated risks.

We will continue to both operate to and influence European norms of supervision. We have engaged effectively within the SSM and with the ESAs and have been influential in the decisions being taken on supervisory stances for the many thorny issues that Brexit is causing.

We will continue to dedicate our most senior and experienced supervisory and regulatory experts to work on Brexit - as befits one of our highest priorities. We have approved an expansion in the regulatory staff in the Central Bank to ensure we have the resources to both authorise and supervise new entrants or changes to existing firms.

We have put in processes that are transparent, predictable and consistent. Firms that are engaging with us will find us open, engaged and pragmatic. But they will not find that we are willing to compromise on the need for governance and control arrangements to be commensurate with the size, scale and complexity of operations.

(iii) Meaningful progress in the recoverability and resolvability of firms

There has been significant progress in recovery and resolution planning in the last two to three years. However, more needs to be done by regulated firms to develop credible and executable recovery plans, and to address impediments to resolution - including the raising of MREL for banks, and addressing operational continuity issues. The absence of a resolution framework for insurance firms is a concern, and will be a focus of our engagement in European forums. 

(iv) Continuing to enhance our supervisory approach 

I expect all of you to be seeking to both continuously improve your firms as well as responding and anticipating the changing environment we operate in. I expect the same in the Central Bank. We will continue to enhance our supervisory approach, including the use of the data and analysis (reflecting the huge growth in regulatory and non-regulatory information that we need to consider as part of our supervision).

(v) Resourcing

And finally, resourcing will remain our number one internal priority, recognising that we can only deliver through the quality, expertise and commitment of our staff.  

Conclusion

I will conclude here. The Central bank's core work is focused on delivering the financial system the economy needs and consumers deserve. The work of regulation and supervision and your efforts have helped deliver a safer system. But significant issues remain that need attention to achieve our desired outcomes of regulated financial services firms:

• having sufficient financial resources, including under a plausible but severe stress;
• having sustainable, capitally accretive business models, over the long-term;
• being well governed, with an appropriate culture, effective risk management and control arrangements in place, which are commensurate with their nature, scale and complexity; and
• being able to recover if they get into difficulty, and if they cannot, being resolvable in an orderly manner without significant externalities or taxpayer costs.

This is the time to fix what needs to be fixed, to refocus on consumers and to build resilience within your firms. This will result in financial services firms who are in a stronger place to serve the needs of the economy and consumers through an economic cycle.

---

¹ Sibley, Ed, Innovation and insurance in Ireland: a supervisory perspective 2017. 

² MiFID II contains new EU-wide rules governing investment firms, credit institutions, trading venues and market structures, as well as third-country firms providing investment services or activities in the EU. It significantly broadens the scope of MiFID by bringing new activities and firms into scope, removing or narrowing exemptions and covering new financial instruments and products. 

³ The Payments Services Directive 2 (PSD2) will come into force in the EU in January 2018. Banks will be obligated to share their customer information with third parties; such as payments firms. 

⁴ IFRS 9 is a new accounting standard that will be effective from 1 January 2018. It introduces an expected credit losses model (ECL) which may lead to higher impairment provisions and more volatile impairment charges with a consequent impact on capital ratios.

⁵ IFRS 17 relates to the principles for the recognition, measurement, presentation and disclosure of insurance contracts within the scope of the standard.

⁶ See recent update from European Commission - Reinforcing integrated supervision to strengthen Capital Markets Union and financial integration in a changing environment. Available here.

⁷ Cross, Gerry. The Evolving Regulatory Architecture: A Supervisory Perspective. 2017

⁸ The Capital Requirements Regulation (EU) No. 575/2013 (CRR) and Directive 2013/36/EU (CRD IV) came into effect on 1 January 2014. The CRR is directly applicable to all Member States while CRD IV has been transposed into Irish national law via Statutory Instruments 158/2014 & 159/2014 [European Union (Capital Requirements) (No.2) Regulations 2014]. Further information. The Bank Recovery and Resolution Directive (BRRD) provides national resolution authorities with comprehensive and effective powers for dealing with failing banks. This framework and related legislation enhances both the resilience and the resolvability of EU institutions and in-scope investment firms, which will be better prepared to deal with, and recover from, a crisis situation. Moreover, in the event that an institution does fail, the impact associated with that failure should be minimised. Available here.