“Disruption in financial services: Navigating the winds of change”– Deputy Governor, Ed Sibley to the Association of Compliance Officers of Ireland (ACOI)

1. Introduction

Good morning. I would like to thank the ACOI for inviting me to today’s conference. The conference theme – “From Tiger to Crisis to Recovery & Beyond – the future evolution of Compliance” – resonates well with me. We are in a period of considerable uncertainty and change, with a strong need for continued evolution and agility to successfully navigate this change.

I spoke earlier this year about the implications of uncertainty for how we think about risk and probabilities, and importantly how we govern, lead and manage ². The Central Bank’s new strategy³  takes account of our view that the next decade will continue to be characterised by rapid change in our societies, our economies and in the financial system. These changes will be driven by, among other things, technology disruption, the climate crisis, demographic change, different ways of working and the associated societal impacts.

This level of change and the associated uncertainty presents real challenges for boards and senior management. They need to have sufficient understanding of the breadth of the changes and their implications and gain assurance that there is sufficient depth of expertise within the organisation to take advantage of the opportunities and manage the associated risks. The second line (compliance and risk) and third line (audit) functions have an important role to play in both supporting and challenging boards and senior management in these areas.

In my remarks today, I will speak about some of the key drivers of change, the Central Bank’s regulatory priorities in this regard and our associated expectations of regulated firms. It will be no surprise to you to hear me emphasise that effective governance and risk management will be critical for regulated firms to successfully meet the challenges ahead.

2. An uncertain environment

As I have touched on already, there is considerable uncertainty about the future. At a macro level, the path of the pandemic is still uncertain, particularly at a global level and the economic recovery is uncertain and, in the short term at least, is creating some frictions ⁴. In order to successfully navigate through this uncertainty we need to consider the implications of the key drivers of change. I will discuss a few of these now.

a) Lessons from COVID-19

We are still in the midst of a global pandemic. It continues to have a profound effect on people’s lives, with some tragically losing loved ones and many experiencing unforeseen hardship. While the pandemic is still with us and a cause of great concern, the rapid medical advances, strong societal response and extensive fiscal and monetary supports are facilitating a rebound in economic activity and a recovery from the initial shock of the pandemic.

It is important that lessons are taken from the experience of the pandemic. We need to consider what the pandemic has taught us about how we view risk and probabilities and how we build resilience. It is worth us reflecting on how we think about future events that have a near certainty of occurrence over time, but with some doubt about precise timing and impact. In other words, how well do we prepare for predictable surprises?

One lesson from the pandemic is that, globally, this is not something we are doing well. Global pandemics have been on risk registers for a long time – in my own experience, at least a couple of decades. High profile organisations and experts have been clear that a global pandemic was a certainty, but the timing nature, type, gravity of one was open to doubt. Notwithstanding its inevitably over time, we were all ill-prepared for its occurrence in 2020.

Better consideration of risk over a longer time horizon is required. The probabilities of a sustained operational outage, a serious cybercrime incident, or a severe climate related event may be relatively low in a given year, but when looking over a longer term horizon, that probability increasingly comes closer to a certainty. After considering our level of preparedness for COVID-19, what are the other issues that will bring about disruptive change to our economies and to our financial systems, and how well prepared are we?

b) The climate crisis

Climate change effects and costs are with us today. There is broad scientific consensus that these effects and costs are going to grow exponentially and that the future costs of deferred and inadequate action today also continue to grow. And yet, at global, national, political, economic, business and individual levels our responses and planned actions have been woefully inadequate. While there is some evidence of an increased urgency in tackling the crisis, the global commitments that have been made to date are significantly below what are required to meet the target of the Paris accord ⁵. This gap increases the probability of severe climate related risks crystallising in a non-linear way and, ultimately, a much harder transition.

Yes, there is uncertainty as to how risks will crystallise, but there is sufficient predictability that they will, and so there is little excuse for surprise when they do.

The monetary policy⁶, economic advice, financial stability, and consumer and investor protection implications of climate change put it firmly in the bailiwick of Central Banks and regulators. Further, physical and transition risks to the financial system are significant. The financial system has a role to play in addressing climate change risk through moving away from financing governments, firms and projects that are environmentally damaging and moving into financing actions that support the transition to a more sustainable economic model.

Boards and executives need to act now to understand and address the challenges associated with climate change. In order to mitigate the risk and adequately position themselves to respond to these challenges, opportunities and regulatory expectations, firms will need to understand the impact of climate related risks on their business environment, their business models and investments. This requires lessons to be learnt from the pandemic, changing how we think about risks and probabilities over the longer term.

Earlier this month, the Central Bank issued a pledge to redouble its efforts on climate change and endorsed the NGFS “Glasgow Declaration” ⁷. We also wrote to regulated financial services providers to highlight the statutory obligations and related supervisory expectations relating to climate and sustainability issues ⁸  and announced the establishment of a Climate risk and Sustainable Finance Forum.

c) Technological disruption

The pandemic has accelerated and deepened our reliance on technology. Technological change is disrupting the landscape of financial services, with new entrants, new business models, a race by incumbents to invest in developing the necessary capabilities, and in many cases the potential for a fundamental disruption in the value chain of traditional financial services firms and sectors. Moreover, it is becoming ever more evident that data, and the harnessing of it, is the new currency of this new digital age.

Financial firms are looking to innovation for its potential to deliver cost reductions and efficiencies, and competitive advantage resulting from improved customer offerings. Increased automation, digitisation of processes, the use of algorithms and machine learning - these and others are amongst the aspects that firms are seeking to benefit from. Big data analytics can allow for advanced risk assessment and pricing ⁹. Internal disruption will fundamentally re-engineer many business lines, requiring successful management of change to build necessary capabilities, resilience and take advantage of opportunities.

New payment methods and platforms bring challenges for the traditional role and dominance of banks in this area, while digital payment channels have lowered the barrier to entry for alternative providers. Consumers increasingly expect a customer-centric, seamless digital experience when buying financial products and services or engaging with their financial service provider and these drivers are demanding solutions which technological innovation is aptly placed to provide.

This innovation in financial services has the capacity to bring many benefits for consumers, the economy and society in general. However, while innovation is good, not all innovations are good, and not all good innovations are done well.

This pace of change is a significant challenge for firms, and their boards and senior management. They need to ensure that offensive and defensive initiatives are well aligned, and that they are successful in considering and addressing both the horizontal and the vertical implications. Regulators and supervisors ¹⁰ will be focused on ensuring that the associated risks are well-managed; and that boards and executives are adequately considering their use of data and technology in their interactions with their customers so that these align with their stated values.

Moreover, customers require firms’ systems and data to be available, reliable and secure. This is also important for financial stability reasons. Firms must strive to minimise the frequency and impact of issues and have an ability to recover quickly from them. Resilient systems are a fundamental pre-requisite for successful innovation.

The importance of operational resilience has been further reinforced by the experience of the immediate shock from COVID-19 and the ongoing shift in consumer behaviour and reliance on remote working. It is noteworthy that industry efforts to enhance operational capabilities and continuity plans have ensured the financial system as a whole has stood up well to the operational shock caused by the pandemic. Given the importance of operational continuity for the stability of the system and for consumers, businesses and the wider economy, we will continue to challenge how firms are ensuring that risk and control frameworks are operating effectively under the current working environment and are prepared for unforeseen operational disruptions. We will shortly be publishing guidelines on our expectations of firms regarding operational resilience.

As firms take advantage of technologies and further embed them into their processes, it is important to highlight the importance of IT risk management. Digital transformation can, without proper oversight, increase vulnerabilities in firms’ IT operations, with increased risks around IT failures, outages and cyber-attacks. IT risk management should be implemented as an enabler to a firm’s business model as it is becoming more data centric. It is important to emphasise that ultimate responsibility for firm’s IT risk, strategy and governance rests with the Board, including the adequacy of digital and IT strategies to deliver and support business strategies and plans. Boards must firstly ensure they themselves have the skills and knowledge to meaningfully understand the risks their organisation faces and the responsibilities they bear.

d) Regulatory change

The financial system relies on trust and confidence. Effective regulation and supervision are required to ensure that the financial system as a whole is operating in a trustworthy way. With this in mind, there have been considerable change to the regulatory framework and rule books since the global financial crisis. As with any major changes, lessons can be learnt from implementation and we can expect to continue to see smaller refinements in the post financial crisis regulatory framework. For example, relating to Basel III implementation, insurance solvency rule changes, IFRS17, investment firm regulation.

Arguably more significant regulatory changes are required in areas where the regulatory framework needs to keeps pace with the evolving risks arising from change, including bringing new activities under the regulatory umbrella; for example, relating to non-bank financial intermediation; operational resilience and reliance on ‘too big to fail’ tech firms, and crypto assets.

There are also gaps to be closed – notably relating to anti-money laundering and counter terrorism financing (AML / CTF) and individual accountability.

AML / CTF – revelations in recent years of money laundering within the European financial system has led to consideration of how to better prevent the illicit flow of money through the system. The planned creation of a central AML/CFT authority and further enhancing AML/CTF regulations will have far-reaching implications for financial services firms across all sectors both newer (e.g. payment and e-money firms, funds and other non-bank financing) and more traditional players.

Accountability and decision making - In July, Minister Donohoe published the General Scheme of the Central Bank (Individual Accountability Framework) Bill 2021 containing the four key components of this proposed framework:

(i) Conduct Standards which will set out the behaviour the Central Bank expects of regulated financial services providers (RFSPs) and the individuals working within the

(ii) A Senior Executive Accountability Regime (SEAR) which will ensure clearer accountability by placing obligations on firms and senior individuals within them to set out clearly where responsibility and decision-making lies for their business;

(iii) Enhancements to the current F&P Regime to strengthen the onus on firms to proactively assess individuals in controlled functions on an ongoing basis, and to surmount some current limitations of the F&P Regime; and

(iv) A unified enforcement process, which would apply to all contraventions by firms or individuals of financial services legislation.

In evolving the individual accountability framework, we are of course keen to ensure that we do not unbalance the framework of collective decision-making and individual accountability by an increased focus on the individual aspects. In fact, we expect that individual accountability should result in better collective decisions due to a heightened awareness on the part of individuals of their own increased accountability for the discharge of their function, including with respect to their participation in collective decision-making. We expect that the new framework will reflect this in the obligations of individuals ¹¹.

3. Financial Regulation Priorities

As I have touched on already, the Central Bank has recently published our ambitions over the next 5-years in our new Strategy ¹². Our regulatory and supervisory priorities are informed by our overarching aim for the financial system to be resilient and trustworthy, for it to sustainably serve the needs of the economy and its customers and for firms and individuals within the system adhere to a culture of fairness and high standards.

The Central Bank has four core financial regulation objectives:
- Financial Stability: safeguarding financial stability, such that the financial system does not cause or amplify shocks and is resilient over time
- Consumer and Investor Protection: Inappropriate losses are not sustained by consumers or investors; consumers and investors are treated fairly and their interests are protected and served
- A clean and trustworthy system: Financial services firms have appropriate cultures and are well run by individuals who meet high standards of conduct. The financial system is not abused for money laundering or terrorist financing purposes
- Orderly market functioning: The financial system operates in an orderly manner thereby supporting the effective functioning of the economy

For the financial system to be resilient and trustworthy, firms need to have sustainable business models, have sufficient financial resources, including in plausible stress scenarios; be well governed, with appropriate cultures, effective risk management and control arrangements in place; and be able to recover if they get into difficulty, and if they cannot, they should be resolvable in an orderly manner without significant externalities.

Our financial regulation priorities for the next five years can be grouped in the four key themes identified in the Strategy:

(i) Under the theme of Safeguarding, our aim is to maintain and enhance supervisory effectiveness with enhanced risk focus, impact and resource efficiency to deliver best overall outcomes and drive for fair outcomes and consumer/ investor interests to be at the centre of the provision of financial services. As I noted earlier, we are focused on increasing the accountability of firms and individuals in the financial sector for the management of risks and for conduct and performance, including by the targeted use of our enforcement powers.

(ii) We are focused on ensuring an appropriately resilient financial system by being Future Focused. This includes a number of key areas such as dealing with pandemic aftershocks and supporting the transition to a carbon neutral economy. We also see the critical importance of creating the regulatory context in which the interests of citizens and the economy are served by change, innovation and competition in the financial sector, including influencing and responding to technological and business model changes to this end.

(iii) We will be Open and Engaged as we engage with stakeholders domestically and abroad in a manner that is effective to support the delivery of the Central Bank’s mission and strategic plan and ensure that we connect our mandates across the bank to leverage our unique strength and potential for coordinated action and collaboration.

(iv) We will meet the challenges and opportunities of a changing environment by ensuring that our entire organisation is Transforming to be able to continue to deliver while also focusing on the future.

In the near term financial, operational resilience and effective governance and risk management will continue to be core to effective regulation to safeguard stability and protect consumers. In the current environment, we are increasingly focusing on operational resilience and the need for firms to demonstrate readiness for and resilience to idiosyncratic and system-wide risk crystallisation (geo-political, climate, cybercrime, etc.).

The changing and uncertain environment I have covered also have implications for how we supervise. Supervision will continue to evolve and adapt, becoming increasingly data driven and data demanding, with the aim of delivering an intelligent decision-making approach to supervision.

4. Conclusion

The considerable challenges, issues and changes I have highlighted require effective governance and risk management to allow firms to grasp opportunities, build and evolve sustainable business models, to be sufficiently agile for changing circumstances and have the necessary operational and financial resilience.

For boards and senior leaders to recognise and deal with complex issues that we face, they must have a breadth and depth in their understanding of the issues, the complexity involved and what is required to keep pace with change to maintain sustainable models and effectively manage the risks. They cannot do this alone, and will require the support of and challenge from compliance, risk and audit functions.

Diversity in leadership has long been recognised as crucial for effective governance ¹³. It fosters independence of opinions and the openness to critically challenge management decisions ¹⁴. This is becoming even more important as we strive to deal more effectively with the complex challenges we face today. It is in times of change and uncertainty when qualities such as resilience and innovative thinking are essential, and the value of diversity of background, thought and experience are all the more important.

Our supervisory focus will continue to evolve to incorporate assessments with a sharpening focus on how emerging risks and other developments are being considered. Much would still need to be done in these areas even if the financial services industry was operating in a steady state environment, so there are considerable efforts required to meet future supervisory expectations.

Finally, I would note that while incumbent firms have significant challenges in adapting business models and IT capabilities, it is also important that technology-driven firms recognise that they need appropriate governance and risk management arrangements and demonstrate appropriate cultures that sustainably deliver for their customers and maintain trust in the financial system.

Thank you for your attention.

[1] With thanks to Anthony Cahalan and Mary Cronin for their help in the drafting of these remarks
[2]See https://www.centralbank.ie/news/article/speech-governance-risk-uncertainty-change-ed-sibley-17-Feb-21 
[3] see https://www.centralbank.ie/publication/corporate-reports/strategic-plan

[4] See https://www.ecb.europa.eu/press/key/date/2021/html/ecb.sp211108~c915d47d4c.en.html

[5] https://unfccc.int/process-and-meetings/the-paris-agreement/the-paris-agreement

[6] See https://www.ecb.europa.eu/press/key/date/2021/html/ecb.sp210125~f87e826ca5.en.html

[7] See https://www.centralbank.ie/news/article/press-release-central-bank-sets-out-supervisory-expectations-of-regulated-firms-regarding-climate-change-and-reaffirms-own-commitment-to-take-action-03-november-2021

[8] Our supervisory expectations cover 5 key areas – Governance, Risk Management Framework, Scenario Analysis, Strategy and business model risk, and disclosure. For further information, see https://www.centralbank.ie/docs/default-source/news-and-media/press-releases/governor-letter-climate-expectations-november-2021

[9] See https://www.centralbank.ie/news/article/press-release-financial-regulation-technological-innovation-gerry-cross-27-november-2019

[10] See https://www.centralbank.ie/news/article/speech-innovation-in-financial-services-ed-sibley-29-november-2019 for more on this

[11] See https://www.centralbank.ie/news/article/speech-the-central-banks-evolution-of-enforcement-derville-rowland-13-october-2021

[12]   See https://www.centralbank.ie/publications/corporate-reports/strategic-plan