What systematic risks are regulators now observing?
Regulators have faced heightened risk to the stability of the financial market and a loss of confidence in the banking system in the first half of 2023 after the collapse of multiple Financial institutions. While regulators globally are increasing efforts to assess financial stability via the liquidity and capital adequacy levels of Financial institutions, which was on expected lines, we have also observed a robust regulatory focus on the non-financial risk profile of individual institutions.
Growing complexity, scale, and plausible system-wide impact of non-financial risks gain regulatory attention on Financial institutions and the supply chain.
The increased reliance on technology and interconnectedness with third parties and technology partners in the new financial ecosystem has meant that the non-financial risk profile of individual institutions has changed multifold in terms of its scale and complexity.
Non-financial risk is increasingly being viewed as a potential threat to pose a systematic risk to the operational resilience of the financial system itself. Solid and coordinated supervision efforts are observed right from consultation, rulemaking, standard setting, and enforcement across legislations especially in Europe.
We observe new regulations covering information and communications technology (ICT) risk management, third-party risk management strategy, scenario planning, operational resilience, and technology governance. New regulations and wider remit of regulators cover information and communications technology (ICT) risk management, third-party risk management strategy, scenario planning, operational resilience, and technology governance. Crucially, these regulations will have an enterprise-wide impact and reach out to third-party suppliers.
Supervisory reports, industry consultations and surveys in both the US and Europe continue to highlight the potential impact of non-financial risks. Policy responses are also in line, providing standards, rules, and guidance.
Consistent risk management standards designed to avoid system-level disruptions
Newer emerging technologies, newer participants, and interconnectedness of various market participants mean that any operational resilience failure of individual organizations can quickly spread across the eco-system, thereby causing systematic risk. Therefore, it is not sufficient to assess and monitor the operational resilience of individual organizations; instead, regulators are now adopting a holistic system view of non-financial risks in the eco-system.
A detailed study of the new and proposed regulations highlights supervisors promoting consistency in risk management practices among Financial institutions via regulatory frameworks on technology governance, regulatory standards, toolkits, and guidelines.
The maturity profile of NFR Risk management usually differs significantly between Financial institutions. These common standards are expected to align NFR Risk management and reporting practices similar to financial risk management and reporting pathways.
This consistency is critical for efficient supervision while enhancing the industry’s ability to mitigate and recover from any system-level ICT-related disruption.
To get more updates, subscribe to our Monthly Newsletter
