#Privacy: Drivers to operational resilience and SM&CR in financial sector revealed

surveillance

Henry Umney, CEO of ClusterSeven, offers the following views on the regulatory, business and risk management trends in the banking and financial services industry for 2020:

Modelling will become central to commercial operations, making model risk management a constant business theme.

With all-round, general uncertainties in the geo-political landscape – trade wars, Brexit, Middle East tensions, etc. – these events are likely to cast a shadow over the global economy. Reports signal a slowdown in growth, which will increase pressure on yield.

Business operations will increasingly look to their modelling teams to seek opportunities outside of its traditional remit, placing a heavy reliance on this niche function. Alongside this, with the availability of advanced machine learning/artificial intelligence-led tools, firms will look to leverage them to gain operational efficiencies, which again will place a reliance on technical staff who are familiar with these technologies.

Firms seek to embrace the phenomenal computing power that technology offers but need to be weary of how these modelling tools are utilised. Most people’s smart phone today is 100,000 times more powerful than the command module on Apollo 11! It is easy to underestimate how powerful and uncontrolled this computing power can be.

The multifaceted economic, business and technological complexity (together with the latter’s widespread access and unprecedented computing power) will create the perfect storm, greatly increasing the risk of modelling errors, which potentially could have crippling commercial and regulatory consequences.

This will make model risk management a constant theme as firms take concrete measures to pre-empt commercially impacting errors and evidence best practice model management to auditors and regulators.

The Bank of England’s Operational Resilience initiative will enforce a joined-up approach to regulation
The Operational Resilience (OpRes) initiative, jointly driven by the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA); is demanding demonstrable operational resilience of every conceivable aspect of business across firms’ operation. This is in addition to the abundance of individual regulations that already exist.

The PRA is already asking firms to respond to their organisation’s Board’s awareness of the operational resilience status, even though the OpRes programme is likely to only take effect in Q2 2020. OpRes draws together several themes and represents a drive for higher ethical and commercial standards in business that haven’t been asked of firms before. The wide and non-prescriptive scope of OpRes will force financial institutions to take a joined-up and all-encompassing view to regulation, markedly moving away from a siloed approach that commonly exists today.

The UK’s Senior Managers & Certification Regime will go overseas
The FCA’s Senior Managers & Certification Regime (SM&CR) – the first of its kind in the world and potentially the strongest regulation of people in business thus far – has become the cornerstone of UK regulation, with its focus on enforcing individual accountability for senior executives in the banking and insurance sectors.

As of 09 December 2019, all UK firms solely regulated by the FCA will need to adhere to the SM&CR. Following its success in driving a shift in mindset towards proactive and responsible governance in the UK, 2020 will see other countries adapting the regulation for a similar cultural shift in approach and attitude. Already, countries including Australia, Canada, Singapore and Ireland are considering ‘light’ implementation of the regulation, which will become more embedded in regulatory programmes in 2020 in these regions.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/