FS Infrastructure: Ready for G20 Reform?

In the EU, the number of rules just keeps growing. In 2012, the European Supervisory Agencies (ESAs) alone has listed so far over 200 deliverables in their work plan, while some estimate a quarter of a million pages of financial services regulations will be released worldwide by 2013. Needless to say, financial institutions (FIs) are grappling with a staggering number of rules and guidelines from many jurisdictions and are feeling the strain as they attempt to comply.

JWG’s latest research entitled ‘FS Infrastructure: Ready for G20 Reform?’ demonstrates the demands of regulations, such as Recovery and Resolution Plans (RRPs), Basel III/CRD IV, Solvency II, the European Market Infrastructure Regulation (EMIR) and data privacy laws are having on firms’ basic physical and organisational structures. It sets out what FIs need to do in order to to comply.

Securing compliance is a key industry concern. The breadth and depth of requirements, and the speed at which they are being written, means that the consolidated impact for both FIs and their suppliers is not yet fully known. However, regulatory demands cut across firms’ front, middle and back-office functions, business lines and geographies, and will alter the way day-to-day business is conducted.

Many FIs are trying to run services on disparate systems whose complexity and inflexibility make it difficult to respond to regulatory demands. Decades of ad hoc technology investment, combined with merger and acquisition (M&A) activity, has left them with disconnected silos of information and duplicative processes. Systems that were developed in an attempt to stay ‘ahead of the game’ are now holding firms back. Some refer to these physical components as ‘boxes and wires’, but they are much more than that. In reality, what supports a highly technical and information intensive industry like financial services (FS) is an ecosystem of networks, application servers, databases, physical storage, end user computing and the physical housing of all this.

All FIs, regardless of sector or location, are uncomfortable with this step change in ever-increasing ‘know your infrastructure’ (KYI) requirements that are being generated by regulators. While the sheer scale of regulatory reform and the pace at which it is being conducted means most FIs are being forced to focus on one problem at a time rather than looking at the consolidated regulatory effect on their underlying capabilities.

Additionally, post-crisis supervisors are under a renewed onus to ensure these rules are enforced meaning we are now in a new regulatory environment where non-compliance is more actively policed and punished. For example, in the UK, fines issued in the first quarter of 2012 have already surpassed the annual total of 2007. As such, high fines are here to stay and new non-compliance penalties are being introduced, such as increased capital buffers and even possible jail time. Clearly, financial institutions face some serious threats.

While regulators in the US are steering clear of prescribing detailed technical standards for record keeping, regulators, such as the European Securities and Markets Authority (ESMA) in the EU, have no such qualms. With only orders, but no guidance, from regulators, the onus of demonstrating what ‘good enough’ is going to fall back on the industry.

The absence of detailed standards creates an interesting variation on the prisoner’s dilemma. Because there have been no standards set, and regulators will be requesting information from individual firms to make comparisons, the industry is doing itself a disservice by not defining just how ‘good’ it should be. When the regulator compares firm A with firm B, one of those firms is going to lose, and could pay dearly. It is because of this that compliance becomes a moving target and regulators become reluctant to provide assurance that firms’ upgrades will be good enough.

Simply put, despite the severe consequences being written into law, the business case for wholesale upgrades is not strong enough. This means IT and operations are faced with real leadership challenges.

Without clarity as to what a ‘good enough’ infrastructure looks like, we can expect firms to be reluctant to start serious upgrade programmes. If there were a defined series of benchmarks that the regulator could compare firms against, then the industry wouldn’t be playing this stressful and expensive ‘keep up with the Joneses’ game. Inevitably, vendors are going to need to guess exactly what to offer along with the right delivery models to set these benchmarks.

Collectively, the industry needs to approve of common definitions across the supply chain. Once created, the financial industry can begin to leverage technology innovations to implement standards in a better, cheaper way. There is unlikely ever to be a single view of what regulatory compliant infrastructure is, but through closer collaboration between firms, regulators and vendors, a better idea of what is necessary ‘across the board’ is both possible and tangible.


Related reading