R&C: How would you characterise the current readiness of companies to cope with the range of regulatory risks they face? In what way has this risk profile changed in recent years?

Johns: In the years since the financial crisis, the financial services sector has faced a torrent of regulatory requirements. After the crisis, regulators were focused on credit and market risks. But now they have shifted their focus towards non-financial risks — cyber and data stewardship and security, in particular. New regulations laid down by supervisory authorities are raising the stakes for data management. And call it a sign of the times; ethical questions around data privacy have gained significant traction thanks to the EU’s General Data Protection Regulation (GDPR), which has armed consumers with a greater understanding of the value of their personal data and protections that have been made available to them. Our recent ‘Global Reputation Trust Index’ (RTI) dug deeper into consumer behaviours and cyber security: financial services data breaches ranked as the highest company crisis concern for those we surveyed. With the risk landscape continuing to be dynamic as other disruptive factors like imperilling regulatory change and an upsurge of informed consumers becoming the norm, this adds pressure on traditional risk management capabilities. To keep pace with the regulatory change, most firms have responded piecemeal to new requirements, often implementing a number of point systems to address specific regulations and quite often relying on one-time fixes. Moreover, these activities often take place in silos, and with software partners overpromising results, making it difficult to gain a comprehensive view of risk across the whole organisation. The challenge and opportunity is how to balance the rapid complexity of existing and emerging risks with cloud-based, data-led technological advancements.


Jul-Sep 2019 Issue

SAI Global