Quarterly update on global financial services regulatory developments

Heightened geopolitical risk will continue to have knock-on effects on the global economy and the financial sector in 2024, driven by a wide number of elections, greater political polarization, and conflicts within and between states. In response to greater uncertainty, financial services regulators will seek to strengthen firms’ operational, cyber and financial resilience, and in response to economic conditions, try to create better outcomes for consumers of financial services. Financial crime and sanctions enforcement will continue to have a heightened profile in response to global conflicts.

At the same time, regulators are taking some steps to reduce fragmentation in sustainability reporting, increasing the level of oversight of digital assets and strengthening their anti-money laundering regimes.

This update highlights key regulatory developments across global jurisdictions in the first quarter of 2024 that will lead to increased requirements for firms. Firms should stay close to developments over the year ahead. As ever, those operating across jurisdictions should pay particular attention to areas of national and regional divergence.

Regulators continue to respond to the lessons of 2023’s bank turmoil:

·     The Group of 30 discussed reforms that could limit contagion when bank failures occur (e.g., liquidity support mechanisms, changes to deposit insurance) and reforms to reduce the likeliness of bank failures (e.g., improved financial reporting, changes to prudential regulation, improved supervision, including more comprehensive stress tests).

·     Global institutional bodies will publish revised principles for effective banking supervision in April 2024, calling for an enhanced focus on operational risk and resilience, and further mitigation of financial and climate risks and will inform the G20 in October 2024 on how social media can accelerate bank runs and whether changes to liquidity rules are needed.

·     European Union (EU) banks’ exposures to interest rate risks in the banking book are under scrutiny, with a focus on hedging strategies and the effect of rate risks on banks’ net interest income. In the US, proposed bank mergers will face increased scrutiny and be assessed for violations of antitrust laws.

Regulators further mitigate prudential risks in banking and insurance:

·     Regulators aim to address window-dressing behavior at global systemically important banks (G-SIBs). G-SIBs are required to hold additional capital for certain risk metrics at the end of each year but some banks adjust their year-end operations to lower their capital burden. The potential revisions would require banks to disclose these metrics on average over the reporting year to avoid regulatory arbitrage.

·     In the US, the central bank and regulators are reconsidering the Basel Endgame proposal due to industry concerns about its potential costs, with discussions still ongoing.

·     The EU’s amended Solvency II directive will be more proportionate, while long-term guarantees will become more risk sensitive and sustainability will play an important role. Insurers can also expect a review of the capital requirements at a later stage.

Regulators address increasing vulnerabilities at firms, driven by third parties and cyber risk:

·     Globally, regulators are addressing dependencies on third-party providers for critical shared services.

·     Firms in scope of the EU’s Digital Operational Resilience Act should prepare for its application on 17 January 2025 by identifying gaps in their information technology governance and service providers that support critical functions as these will be subject to stricter requirements. The EU will also conduct a cyber resilience stress test at 109 banks in 2024, to assess how banks respond to and recover from a cyber-attack. This will not have an impact on banks’ capital requirements.

·     The Monetary Authority of Singapore has outlined the cyber risks associated with quantum computing and expects firms to determine critical assets for migration to quantum-resistant encryption and key distribution.

Regulators aim for better consumer outcomes and strengthen accountability:

·     Regulators are moving beyond compliance with existing consumer protection regulations. The UK plans to review how firms are responding to customers’ needs in vulnerable circumstances by the end of 2024.

·     The revised UK corporate governance code applies on 1 January 2025. It encourages firms to report on consumer outcomes and requires boards to make a declaration on the effectiveness of their material internal controls.

·     US supervisors are proposing to consider societal and technological changes in banking, which would require banks to meet the credit needs of their entire community, including lower-income areas.

·     In Australia, the financial accountability regime will apply for banks from 15 March 2024 and a year later for insurers and pension providers. It requires firms to integrate obligations on remuneration, notification and accountability to their internal accountability frameworks.

·     Proposed Australian legislation on buy now, pay later products would subject firms to requirements related to product disclosures, dispute resolution and financial hardship assistance.

Regulators will need to achieve global comparability of sustainability reporting and transition plans:

·     There are differing approaches to sustainability disclosure, despite attempts to align with international standards. Canada is consulting on sustainability reporting rules, which are based on the ISSB standards but include modifications. The US final climate disclosure rule excludes Scope 3 emissions. Australia has proposed mandatory climate-related disclosures, including Scope 3 emissions, but will require more quantitative information than the Taskforce on Climate-related Disclosures’ (TCFD) recommendations. The EU is delaying adoption of its reporting standards with adoption expected in June 2026. Firms should voluntarily apply ISSB standards as investors’ demand for consistent and comparable sustainability information is likely to increase.

·     Focus on transition planning is increasing: IOSCO plans to monitor frameworks across jurisdictions to address any risks of fragmentation and inconsistency. In the EU, firms will have to integrate due diligence into their policies and risk management systems, and put into effect a transition plan to comply with the limit of 1.5°C under the Paris Agreement. Transition plans will need to include time-bound climate change targets and key actions on how to reach them.

·     Greenwashing rules keep evolving: The EU will establish criteria for firms mentioning carbon offsets in their advertising and all green claims ought to be certified and verified. The EU’s greenwashing directive allows only sustainability labels based on approved certification schemes and final greenwashing reports will be published in May 2024 and could include changes to the EU regulatory framework. The UK is introducing an anti-greenwashing rule, which enters into force on 31 May 2024. Firms should assess their products against the naming and marketing requirements, prepare consumer-facing disclosures and ensure oversight and controls to mitigate greenwashing risks.

·     Banks to include climate-related risks in business models: In the coming months, BCBS will discuss the role of climate scenario analysis in assessing the resilience of banks' business models, while in the EU a revised guide explains how banks should include climate-related risks in their internal models and calls for implementation of a model risk framework.

Regulators are tightening regulations for various digital assets:

·     The Bank for International Settlements (BIS) recommends that global stablecoins arrangements should be required to have in place robust risk management and governance frameworks, as well as recovery and resolution plans. Hong Kong proposed a stablecoin regime, where issuers would need to be licensed and subject to offering and marketing restrictions.

·     In Hong Kong, providers of digital asset custodial services need to confirm they meet expected standards by August 2024 and a proposal to regulate over-the-counter (OTC) trading of virtual assets would introduce a licensing regime and require traders to comply with anti-money laundering rules. Hong Kong is also consulting on how to implement the global standard for the prudential treatment of crypto-asset exposures and firms should start preparing a plan for local implementation as revised rules would be effective by 1 July 2025.

Regulators are balancing the benefits and risks of AI in financial services.

Regulators continue fight against money laundering and drive sanctions enforcement.

Please look out for our upcoming articles on supervisory priorities in banking and insurance for 2024.

The views reflected in this article are views of the author and do not necessarily reflect the views of the global EY organization or its member firms.