Frontiers in Finance

Issue #60

Risk proofing the future

On the cover Andrea Pozzi, Grupo Santander, page 6

Featured interviews Julian Johns, Trunomi, page 51 Karina Whalley, AXA Global Parametrics, page 59

kpmg.com/frontiersinfinance Foreword Letter from the editors

Growing signs of a return to territorialism, new emerging technology risks, ongoing operational risks and a rising focus on environmental risks are all making the financial services agenda increasingly fluid, complex and uncertain. Combined with evidence of slowing economic growth and low interest rates in the US, Europe and China, the pressure on financial services organizations is growing.

This edition of Frontiers in Finance is about facing the challenges head on and triumphing over them. Instead of staring numbly at the risks, the articles compiled for this edition aim to help readers better manage their risks; more effectively respond to changing regulation; and uncover opportunities for competitive advantage. It is about capitalizing on the regulatory and risk landscape.

The articles explore a wide range of risks facing banks, insurers and asset managers around the world. Some, such as our articles on managing AI risks and RegTech, take a look into the future to help decision-makers plan their longer-term business and operating strategies. Others, such as our articles on weather-related risks, the adoption of IFRS 17 and the shift to alternative reference rates were written to help readers overcome much more clear and present challenges.

Throughout this edition, our authors and subject matter experts offer forward-looking and practical advice to help financial services firms turn some of today’s social priorities into longer-term competitive advantage. We look at how environmental, social and governance considerations are influencing investments by asset managers. We explore tax in the digital financial services world. And we shine a spotlight on efforts to stamp out human rights risks in the sector.

In today’s environment, decision-makers can either fret about the risks and challenges they face or they can take steps to capitalize on them. We hope that this edition of Frontiers in Finance catalyzes the pessimists into action and offers the optimists new ideas to help turn risk into opportunity.

On behalf of KPMG’s Global Financial Services network, we would like to thank all of those industry leaders, observers and subject matter experts that participated in the development of these articles. Omar Mahmood Partner To learn more about any of the themes raised in this edition of Frontiers in Finance, or to KPMG in Qatar Head of Financial Services discuss your company’s own unique risks and challenges, we encourage you to contact KPMG Middle East and South Asia your local KPMG office or any of the authors listed at the back of this publication. Chairman’s message 4

Cover story How Grupo Santander is staying Contents ahead of non-financial risks 6 10 30 52

Non-financial and emerging Environmental, social and Risk proofing the future technology risks governance

10 The banking board of the future: 30 A better view: Getting on top of 52 The rise of responsible investment The changing face of risk and your non-financial risks ESG moves from the sidelines to the governance Create an integrated approach to forefront of decision-making. The digital era is redefining global non-financial risk management. banking and challenging the role of 56 Combating climate risks: The boards with bewildering speed. 34 Keeping the AI in line: Managing future of insurance risk in an automated world How insurers can take the lead on How financial institutions climate change. 14 The future of tax: The impact on can improve their control and new business models governance over AI. As business models evolve, 59 In the eye of the storm: Q&A with pressure on the international tax AXA Global Parametrics system grows. 40 Fintech regulation: Balancing risk Karina Whalley provides insight and innovation into the actions insurers can take to How asset managers can respond combat climate change. 18 Bye-bye IBOR: The transition to to regulatory uncertainty and fintech. alternative benchmarks 60 The risk of human rights violations Banks preparing for transition today 44 Get serious about cyber: Managing human rights issues will reduce potential downside risks Protecting the crown jewels prevents harm and protects the in the future. Embedding cyber awareness into bottom line. risk and organizational culture. 66 Combating financial crime 22 IFRS 17: Making the most of the Move from fundamental to extra year 48 Beyond compliance: Regtech and transformational customer due A look at what insurers can do to the transformation agenda diligence maturity. make the most of the time they have Leveraging regtech to integrate been given to implement IFRS 17. regulatory change into the business. 70 Closer scrutiny of costs versus 51 One to watch: Trunomi performance 26 The move to multiparty investing A new platform to help financial Regulators seek simple and Understand the drivers, benefits and institutions deal with data rights meaningful disclosure about costs challenges of multiparty investing. regulation globally. and performance. Chairman’s message Resilient enough?

elieve it or not, it’s been 10 years since the global financial crisis ripped through the industry. And we B have seen significant changes in regulation, business models and risk management approaches since then. But is the industry more resilient as a result?

James P. Liddy Global Chairman, Financial Services Partner KPMG in the US

A decade of heavy lifting The risk profile changes An evolving regulatory One thing is for sure: the increased Yet, at the same time, the world has environment regulatory focus on capital and the become much more complicated over Not surprisingly, regulators are also resiliency of funding sources over the past the past 10 years. And that is creating becoming increasingly concerned about decade has put the industry on a much new risks and accentuating old ones. these risks and issues. Over the coming stronger footing. Indeed, after a decade In my conversations with financial decade, we expect to see regulators of regulatory scrutiny of business models, services CEOs, I am frequently struck continue to focus on some of the broad- management oversight, capital resiliency by a growing sense of concern and based issues of the past — capital resiliency and loss absorption capabilities, many unease. CEOs are worried about the will continue to remain high on the agenda, of the risks that precipitated the financial changing needs, wants, desires and particularly in Europe and Asia, as will loss crisis are now being better managed. dynamics of their customers. They are absorption capabilities and capital allocation Compensation models have been revised concerned about new technology risks methodologies. Regulators will also be and many companies now have a much and new competitors. They are worried focused on ensuring product suitability; better understanding of the attendant risks. about geopolitical events and their looking at how customers are being treated impact on current business models. And and mitigating some of the more recent At the same time, we have also seen a they are concerned about the potential business and investment practice issues. massive shift in the way financial services for continued regulatory scrutiny and organizations view and manage their risk challenge. But, at the same time, we also expect to see inventory. Rather than being relegated regulators shift their focus towards ensuring to the back seat in strategy sessions, Public trust in institutions — which took that financial institutions have the capabilities we have seen risk management start a beating during the financial crisis — has they need to identify and manage risks as to take a much more prominent role in rebounded somewhat. But social norms they emerge. Regulators are increasingly setting the strategic direction and advising and expectations have also changed and looking at whether financial institutions on day-to-day management activities. that has brought a number of financial have the right data and analytical capabilities Most management teams are spending services firms into the spotlight for to properly identify, measure and manage significantly more time thinking about business practices that (at one time) potential risks. And they are taking a closer their business models, their management were considered the norm but may look at whether decision-makers have the practices and the intersection between now be seen as predatory. While trust infrastructure — including the right systems, business activities, risk management and may be on the rise, customer loyalty processes and talent — to help ensure a compliance. And financial institutions are and ‘stickiness’ is not, and that has only high degree of management attention on stronger as a result. increased the risk of a misstep. managing risks.

4 | Frontiers in Finance Chairman’s message

A new view on resiliency to understand the core characteristics As this edition of Frontiers in Finance makes that will likely drive the most successful very clear, the financial services industry financial services firms through the continues to face some very challenging 21st-century (see below for a list of risks. Throughout this edition, our subject characteristics) and to start building matter experts have identified some of the an action plan that encourages these bigger and more pernicious issues now characteristics to manifest. emerging on the horizon for many financial services organizations. And they have What is clear is that — while financial offered their perspectives on how decision- institutions and regulators have made great makers and industry executives can start progress over the past decade — the risk to address and respond to the evolving risk profile has continued to change. Financial profile that most financial institutions are services organizations will need to be agile now grappling with. and analytical if they hope to successfully navigate the turbulent waters ahead. When I talk with financial services Those financial institutions that are able to decision-makers, I often focus on a move quickly — either as disruptors or as series of broad issues — from assessing fast followers — will be better placed to the resiliency and efficacy of the navigate through these periods of change. business model through to managing Those that stick to their knitting and fight to the disruption that is emerging from retain the status quo will almost certainly new technologies and new customer run afoul of the new risk environment and expectations. The key, in my opinion, is changing business dynamic.

Are you managing your risks? A checklist for 21st-century enterprises. Do you have…

A clear strategy and vision that is well understood throughout the organization? A coherent culture and customer-centric values? An enabling governance and a clear focus on execution capabilities? A motivated and energized workforce? A ‘total quality’ mind-set and focus? A suite of appropriately balanced compliance and risk management activities?

A focus on making innovation and collaboration a core competency? Contributor An entrepreneurial culture where independent thought and action is encouraged? Agile technology and enabling technological platforms? An organizational recognition of the value of data? James P. Liddy A total focus on customer experience and expectations? KPMG in the US E: [email protected] Jim is the Global Chairman, Financial A continuous drive for financial and operational excellence? Services, KPMG International. He also leads KPMG in the US’ Financial Deep analytical capabilities? Services practice. Prior to assuming his current roles, Jim served as Americas A plan to deliver everything as a service? Leader, Global Financial Services.

Frontiers in Finance | 5 Cover story Continuously adapting to a changing world: How Grupo Santander is staying ahead of non-financial risks

Andrea Pozzi, Grupo Santander Francisco Pérez Bermejo, KPMG in Spain

he universe of non-financial risks is continuously evolving. And financial T services organizations will need to move quickly to keep up. Here is how Santander — one of the world’s largest banks — is working to stay ahead of their risks.

6 | Frontiers in Finance Cover story

Frontiers in Finance | 7 Cover story

“In this job, you can’t ever allow yourself “The big challenge is how to maintain to be satisfied,” says Andrea Pozzi as our robust control framework when we sit down in her office in Madrid to the organization is trying to transform The reality is that talk about non-financial risks. “The risk in an environment that is trying to be landscape is continuously changing and disrupted,” she notes. “Frankly, I’m less our competitive that means you need to constantly be worried about specific technologies than thinking about what you can be doing to I am about the sheer pace of innovation. advantage lies improve your program. There’s never a As an organization, we have a deep in the trust and dull day when you are managing these desire to move quickly to meet the types of risks.” evolving needs of our clients. But we confidence of need to do that in a controlled way.” As the Global Head of Grupo Santander’s our clients. As Non-Financial Risk unit, Andrea has a Putting risk management first unique view into the growing complexity It’s a challenge that regulators also seem we progress of managing risk in an increasingly to be worried about. “After the financial through our digital globalized financial services marketplace. crisis, the regulators were very focused Santander is, after all, one of the world’s on credit and market risks. But now they transformation, largest banking groups with a solid are starting to shift their focus towards presence in 10 markets across Europe non-financial risks — cyber and data my team helps and the Americas, serving 144 million security, in particular,” Andrea notes. customers. ensure that we’re However, while regulation may be the really thinking Taking the risk out of digital driving force behind many banks’ non- transformation financial risk programs, that is not the through all of the While the sheer size and scale of the case for Santander. “I’m not building organization creates some obvious risks, the program to meet the regulatory different potential what Andrea is most worried about requirements; I’m building a program is how the organization will handle its that solely positions the bank correctly unintended current shift towards digitization. Not and ensures it is managing its risks consequences surprisingly, perhaps, cyber risk is high on appropriately. At the end of the day, that’s of the new her agenda. also what the regulator wants.” “We need to help the organization Reinforcing the first line of defense technology. ensure that whatever we do is robust To create a solid second line of defense, and protects our clients. The reality is you need a strong first line. And Santander that our competitive advantage lies in has been very active in developing and the trust and confidence of our clients. strengthening their first line, particularly in As we progress through our digital fast-moving areas like cyber. transformation, my team helps ensure that we’re really thinking through all In fact, Andrea spends much of her time of the different potential unintended focused on ensuring that non-financial consequences of the new technology.” risk becomes better integrated into the business. In part, that means creating The list of potential risks that accompany the right tools and processes to drive a large-scale digital transformation is a continuous feedback loop for non- long. Among other things, Santander’s financial risks. “We need the business to Non-Financial Risk unit is looking for constantly be identifying risks, evaluating possible increased risk of fraud through them, measuring them, controlling them digital technologies, as well as the range and then using that knowledge to start of third-party risks that come with the again,” Andrea adds. development of new banking models.

8 | Frontiers in Finance Cover story

It also means making sure that non- offering up smart challenges and really financial risk is factored into the helping the organization think through the organization’s long-term strategic risk implications of our digital agenda,” planning process. Andrea’s focus is on she notes. working with leadership to integrate it even further. “I think we’re just starting to No silver bullet in technology get really good at thinking about the risk- Andrea does see opportunity for new returns of non-financial risk and using that technologies and tools to improve the information to help make decisions and way the bank manages non-financial better inform our future investments,” risk. “We’re working with our internal she adds. analytics teams to see if we can find better ways to proactively identify and A robust yet flexible second line monitor potential signals of future risk. With a strong first line in place, Andrea’s I’m hoping to build towards a form of team is able to form a robust second automation that continuously monitors Contributors line of defense around that. “We really for early warning signs and lets me know focus on helping to define the Group- when certain risks have increased. It’s wide framework, programs, policies and all possible with today’s technology. And procedures that help the lines of business we are working towards that.” in each country mitigate and manage risks,” she noted. “But we also need to However, she also notes that technology recognize that there is no ‘one-size-fits- is just one part of the equation. “We are all’ answer to non-financial risk. So we certainly looking at, and using, digital Andrea Pozzi Andrea is the Global Head of want to create programs that are also processes and tools. But there will never Non-Financial Risk at Grupo Santander flexible enough to meet the unique needs be one tool — digital or otherwise — that where she oversees a unit that includes of the lines of business and countries.” will manage everything for us. And that operational risk, technology risk and means we need to keep thinking about cyber risk for the Group worldwide. Given the complexity of the organization’s how we integrate different tools as we Andrea has extensive risk management risk matrix, one of the key roles for move through our own evolution,” she experience and has worked with leading financial services firms such as Merrill Andrea’s team is in helping the Group notes. Lynch, Munich Re and Citigroup. aggregate, define and measure all of the various non-financial risks in their spheres Never stop evolving of operations (and some that lie well Ultimately, Andrea’s view is that the beyond their current sphere but still pose management of non-financial risk must potential long-term risks). “It’s really the be a continuously evolving practice to only way to maintain a reliable yet holistic deliver the flexibility financial services view of the risks facing the organization,” firms need in the current environment. she admits. “With non-financial risk, you are never Francisco Pérez Bermejo really done. You need to be constantly KPMG in Spain Through my discussion with Andrea, thinking about how to evolve — not Santander Global Lead Partner it is also clear that the organization’s just by looking ahead at things on the E: [email protected] leadership is highly involved and invested horizon — but also by looking behind to A Partner in KPMG in Spain’s financial into the way non-financial risks are being understand how you can do better the services advisory team, Francisco has managed. “Our technology and cyber next time.” extensive experience in providing risk consultancy services to top financial committee is chaired by our Group CEO, institutions. His areas of expertise José Antonio Alvarez. And he’s not just “In this job, you can’t ever allow yourself include risk management, credit risk, a figurehead on the committee — he is to be satisfied,” she reminds me. capital planning, operational and finance actively engaged, asking great questions, transformation.

Frontiers in Finance | 9 Risk proofing the future The banking board of the future: The changing face of risk and governance

Karim Haji, KPMG in the UK Naomi Jackson, KPMG in the UK David Nicolaus, KPMG in Germany Susan Staples, KPMG Australia

hat does the banking board of the future look like? That’s a pressing question W today among banks, their leaders and supervisors, as headwinds of change rewrite the rules for success in the global banking industry.

10 | Frontiers in Finance Risk proofing the future

The rise of data, robotics and artificial The report also stresses the SSM’s “high intelligence (AI). Bold challenges from and specific expectations” regarding fintechs and beyond. Evolving customer banking boards, including their need expectations. Unprecedented cyber to challenge, approve and oversee Banks and their risk and privacy concerns. The digital management’s strategic objectives, era is indeed redefining global banking governance and corporate culture. boards are feeling and challenging the role of boards with bewildering speed and unprecedented The ECB has also reviewed its approach the pressure scope. to its ‘fit and proper’ assessments — used to appraise board members’ experience of increased Banks and their boards are also feeling and overall suitability — and has moved supervisory the pressure of increased supervisory authorizations into a newly created scrutiny and new requirements that Directorate General. scrutiny and new focus on enhanced risk-management and governance skills, board composition Our view is that while economic forces and requirements that and diversity, and clearly defined board disruptive technologies, as noted earlier, are responsibilities in the interconnected exerting their own pressures for boards to focus on digital economy. Supervisors in various evolve, the greater impact in Europe may jurisdictions are prompting banks and come from the supervisory side. enhanced risk- their boards to take a critical look in the mirror — voluntarily or otherwise. This seems clear given banks’ lacking management underinvestment to date in IT and risk and governance Supervisory initiatives in Europe and data systems, low profitability plus Australia, for example, are instructive the fact that banking boards have an skills, board for what they reveal about emerging important role for the establishment concerns for what the banking board of of the EU Banking Union and Capital composition the future should look like. Market Union, two key initiatives to support Europe’s single market. But it and diversity, And we expect banks and supervisors remains to be seen if banks will make and board in other global geographies to maintain a progress in line with the requirements close watch on what’s happening there to establish the EU Banking Union and responsibilities and beyond. Capital Market Union. in the digital High and specific expectations for Supervisors want greater focus on banking boards non-financial risk economy. Europe’s banks are facing an array of Australia’s banks, meanwhile, are supervisory requirements concerning encountering close scrutiny from the skills of board members and their that nation’s Royal Commission responsibilities. The European Central into Misconduct in the Banking, Bank’s (ECB’s) 2016 SSM supervisory Superannuation and Financial Services statement on governance and risk Industry.2 The ongoing inquiry has a appetite1 articulates specific requirements spotlight firmly trained on boards and concerning the expected skills of banking governance practices. The commission is board members. The ECB is also requiring raising questions concerning the need for clearer separation between first and boards to: second line of defense, addressing lending activities and risk control. —— set a highly visible ‘tone from the top’ on culture The ECB’s SSM supervisory statement notes that today’s banks “face economic, —— address board skills, expertise and financial, competitive and regulatory diversity headwinds” demanding heightened focus on “sound governance and risk- —— remain sufficiently engaged on management practices within a clearly dealings with regulators articulated risk-appetite framework.”

1 European Central Bank: SSM supervisory statement on governance and risk appetite, June 2016. https://www.bankingsupervision. europa.eu/ecb/pub/pdf/ssm_supervisory_statement_on_governance_and_risk_appetite_201606.en.pdf 2 Interim Report — Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, 28 Sept. 2018. https://financialservices.royalcommission.gov.au/Pages/default.aspx

Frontiers in Finance | 11 Risk proofing the future

—— determine accountability and expectations on corporate misconduct

The digital —— provide greater oversight of era is indeed operational detail and non-financial risk —— gain insights into ‘knowing what they redefining don’t know’ on non-financial risk for global enhanced governance oversight. banking and The Royal Commission is generating much public dialogue concerning challenging unethical practices, complacency, poor accountability and disregard for regulators the role of within the sector. The inquiry has not boards with concluded but its impact on the industry is bewildering expected to be significant. The Royal Commission comes in speed and the wake of the Australian Prudential Regulation Authority (APRA) inquiry unprecedented into the Commonwealth Bank of scope. Australia (CBA).3 The inquiry highlighted challenges with governance, accountability and culture that had likely contributed to a series of issues and incidents at the bank. Many of the themes identified in the report are not exclusive to CBA, and the rest of the Australian financial services industry has been through a period of introspection to understand where they too may need to raise risk management standards. The increased expectations on the board, recalibration and improvement in the lines of defense, enhancing non- financial risk reporting and the impact of remuneration on risk management are some of the areas that most organizations will need to address in the near future.

Preparing bank boards for 21st-century challenges As supervisory, technological and economic forces combine to exert new pressures on banking boards to evolve, more supervisory directives and initiatives can be expected. It remains to be seen how far — or quickly — banks around the world will move to modernize their boards for the digital economy — or if they will wait until supervisors lead the way on driving change.

3 Final Report of the Prudential Inquiry into the Commonwealth Bank of Australia (CBA), 28 August 2017. https://www.apra.gov. au/media-centre/media-releases/apra-releases-cba-prudential- inquiry-final-report-accepts-eu

12 | Frontiers in Finance Risk proofing the future

Our view is that banks should waste changes to their composition. We have Contributors little time implementing real change already seen examples of this in Spain, in their boardrooms to meet emerging Germany, Italy and Finland. challenges in the fast-evolving and increasingly complex global environment It is increasingly vital for banks to do all in which they operate — as supervisors they can to build boards that will deliver in the EU and Australia are making future success. Doing so will require abundantly clear. Ultimately, boards boards to possess the following key Karim Haji judged to be falling short of supervisory capabilities. They will: KPMG in the UK requirements could face compulsory E: [email protected] Karim is Head of Banking and Capital Markets for KPMG in the UK. Specializing in servicing global investment and Include informed and highly proactive board members who have a clear universal banks and advising clients on understanding of emerging risks and issues that transcend financial factors to risk management and regulations, Karim include the non-financial spectrum. is also an experienced audit partner.

Be equipped to consistently address all of today’s — and tomorrow’s — risks, including: cybersecurity, automation, data privacy, compliance, legal issues, customer service, integrity and reputation, and the quality of new products and services.

Be prepared to address strategy and related risks that come with the Naomi Jackson, FIA FRM interconnected ecosystem of new partnerships and alliances today’s banks KPMG in the UK are forming to deliver innovative services to customers. Board members will E: [email protected] need the acumen to understand these challenges — and to deliver the insights Naomi is a senior manager in KPMG in the and skills needed to effectively manage them. UK’s Financial Risk Management team specializing in banking risk, in particular Enhance board diversity as it relates to gender but also to age, skill set governance arrangements and risk frameworks. She has been at the firm for and digital acumen. Increased diversity can help to challenge traditional over 11 years and is a qualified actuary. assumptions/attitudes, ‘group think’ and any reluctance to deal with difficult or less-understandable issues in the digital economy.

Include board members with non-industry experience who can bring valuable new insights to issues and risks amid the changing operating environment, including the impact of digitization in areas such as data analysis, customer experience, product development and external communications. Non-industry members can contribute to boards’ collective knowledge, competencies and David Nicolaus experience while also challenging traditional approaches. KPMG in Germany E: [email protected] David is a Manager in KPMG’s ECB Office Create and sustain modern cultures and values for their organizations. specializing in financial risk management Tomorrow’s boards will ideally promote a healthy ‘decision culture’ within the and regulatory risk management. In his organization, one that provides opportunities to challenge risk decisions from role, David supports banks’ management diverse management perspectives. to shape their organization, governance and risk control functions according to business and regulatory requirements. Amid the headwinds of change, some management, ethics, culture and beyond. innovative new initiatives are already More change initiatives are sure to follow. emerging. We are seeing more multiday While the watchword for boards has training sessions and ‘boot camps’ traditionally been oversight, the future of aimed at heightening the acumen board boards will inevitably require an informed members possess on technology, new focus on oversight and insight. governance and regulation, risk Susan Staples KPMG Australia E: [email protected] Susan is an Associate Director in KPMG Australia’s Risk Strategy and Technology team. With over 18 years of experience in the industry, Susan works closely with boards and senior management to design and implement effective governance structures.

Frontiers in Finance | 13 Risk proofing the future The future of tax: The impact on new business models

Robin Walduck, KPMG in the UK Tal Kaissar, KPMG in the US David Neuenhaus, KPMG in the US

ompetitive pressure, digital progress, and the ever-growing C regulatory demands on organizations have driven an evolution of traditional financial services models in ways that are changing the landscape of the industry. We now see an industry where the lines are constantly blurred: the physical and digital overlaps, organizations are connected in new ways, and activity constantly transcends borders.

14 | Frontiers in Finance Risk proofing the future

As business models evolve, pressure on the international tax system grows. Asset Management: Legislative action to deal with the Distributed inadequacies of the tax system takes Ledger technology Tax professionals time, yet the complexity of the business models expand with increasing speed. Distributed Ledger Technology (DLT) will need to think enables the fund management industry New business models to meet the growing demands of investor differently about Let’s look at some of the emerging needs, digital operational processes and new models. new regulations. The service provides what drives value scalable solutions for back and middle compared to the offices, enabling automation of manual and Banking: repetitive tasks through the use of smart traditional business Markets as a contracts. This includes the processing of Service platforms fund orders, corporate actions, account models. management (fund registers), and a drastic Markets as a Service (or MaaS) is a new decrease in the need for reconciliations, as operating model for the banking industry trades are shared among interested parties whereby one bank, with sufficient instantly. DLT also gives asset managers access to infrastructure expenditure, greater visibility on their value chain, back-office capability and existing large enabling them to develop new products volume of transactions, provides a that respond more accurately to the needs platform-based service across the trade of their final customers. lifecycle to other banks and financial institutions. The service would provide How to tax these new models? other banks, that do not possess the Tax departments in financial services necessary expenditure, back-office organizations will need to spend capability or scale, the opportunity to time understanding the detail of new operate efficiently with their client base, business models; the tax issues paying the MaaS service provider a fee to requiring consideration are complex use the platform. The platform provider and the related regulation and practice has a responsibility to ensure the MaaS is emerging. Some key areas for platform is operational on an ongoing consideration are set out below. basis, including from a technical and regulatory standpoint. What drives value? Tax professionals will need to think differently about what drives value compared to the traditional business Insurance: Open- models; transfer pricing and profit source language coding allocation principles will need to evolve to of actuarial models deal with the new business models. For example, in a MaaS model, is the value Evolving regulatory demands are putting in the operation (e.g. speed, security) of pressure on actuarial activities — whether the platform being offered, the technical/ reduced reporting timelines, more regulatory sanctity of the platform, or efficient coding of models or the quantity the infrastructure backbone (and its of actuarial processes required. This associated capital expenditure) that pressure is driving new activities, such supports the platform? as cloud-based actuarial models, and the emergence of actuarial model coding The development (and protection) of using open-source languages such as intellectual property in these new models ‘Python’ and ‘R’, enabling better data is critical to preserving the relevance analysis and visualization. ‘Open-source’ of organizations. Tax professionals will means the code is freely available, can need to assess whether new intellectual be modified, enhanced and reviewed, property is being developed, or whether inevitably driving more collaboration, but the new activity is simply a digitalization also standardization, across organizations. or re-packaging of an existing activity.

Frontiers in Finance | 15 Risk proofing the future

The challenge of the existing tax system in taxing new business models The international tax system does not cope with these new models particularly well. In most established jurisdictions, the tax system is characterized by a number of common issues.

Taxation generally operates by reference to single legal entities, leading to quite rudimentary aggregation of 1 taxation across international groups.

There are often specific tax rules that tax overseas profits, but these usually look at passive income, or income derived 2 from avoidance activity.

There is no universally accepted definition of what drives value, leading to disputes across borders and, sometimes, 3 domestic legislative protectionism.

Tax on activity flow is in its infancy, particularly in financial services, and is usually limited to value-added tax on 4 specific items.

Taxation of activities underpinned by digitalization is something that tax authorities, and other bodies such as the OECD, are keen to deal with, but limited progress has been 5 made, leading to the introduction of unilateral measures (e.g. the recent UK Digital Services Tax proposal released on 29 October 2018).

16 | Frontiers in Finance Risk proofing the future

Due to open-source coding in actuarial dependency on the platform, particularly Contributors models, tax professionals will need where the integration of the platform to re-evaluate whether, and to what creates a relationship with the service extent, value exists in the model, provider that is difficult to switch without particularly where there is a convergence operational disruption. The platform is to standardization. Given that there is backed by infrastructure and operations potentially a shift in the way actuaries that may potentially sit across multiple operate, is there value in the actuarial legal entities in multiple locations. Robin Walduck model itself, or does value shift to the KPMG in the UK analysis and insights actuaries now focus Taxation of ‘flow’ E: [email protected] their time on? The discussions regarding a financial The Global Head of Banking and Capital Markets Tax, Robin has over 20 years of transactions tax in the EU, and the experience advising some of the largest Where is the income generated? evolving OECD/EU proposals in relation financial institutions globally. Robin has DLT provides a new set of challenges in to digital taxation, have not yet impacted deep knowledge of international tax relation to the taxation of income. Where financial services, but there is growing and treasury tax matters, together with a ledger is distributed, ownership of the concern that new rules could hit financial considerable experience in executing ledger necessarily sits with multiple services organizations, many of whom cross-border financing and M&A parties in potentially multiple locations; operate on very thin margins; similarly, transactions. identifying where value in relation to the there is concern that digital taxation ledger is generated can be a considerable could have collateral impact on financial task, in particular, given how rapidly the services business models, in particular DLT platform expands as new parties and where those rules are not tightly transactions join the ledger. defined — to date, the financial services industry has relied upon exemptions Similar challenges exist in the cloud-based relating to regulated activity (e.g. model where multiple actuaries access under MiFID II), but these come under Tal Kaissar KPMG in the US the model from potentially different pressure with new business models, E: [email protected] locations. Identifying who has created whether this be service provision Tal is the Head of KPMG’s Global value in relation to a sequential exercise is between banks, or the use of DLT to Insurance Tax team. He has more than clear; identifying value in a shared model facilitate transaction flows. 20 years of tax experience in both where activities interact and overlap is public accounting and leading financial likely to be more challenging. Reflections services firms. Prior to joining KPMG, Tal was Global Head of Tax at AIG. This article provides the briefest of Whose income is it? snapshots into an industry that is Allocation of income across legal entities evolving at an unprecedented pace. will become far more complicated. For The challenge of tax professionals is to example, in the MaaS model, the trade ensure they can balance the requirement lifecycle is adapted to introduce a service to fully understand the models that are provision from one bank to another. emerging, while dealing practically with The recipient of the platform service the challenges of an international tax David Neuenhaus utilizes the platform in order to continue system that must adapt to the evolution KPMG in the US serving its own clients, creating a certain that is taking place. E: [email protected] David is Head of KPMG’s Global Institutional Investors Group and has more than 20 years of experience providing tax planning and structuring services to sovereign wealth and pension funds. David specializes in structuring cross-border investments and acquisitions and compliance with US withholding documentation and reporting regimes.

Frontiers in Finance | 17 Risk proofing the future Bye-bye IBOR: The transition to alternative benchmarks

James Lewis, KPMG in the UK Christopher Dias, KPMG in the US Tom Jenkins, KPMG China

enchmark rates are changing and this is having a massive impact on financial markets and market B participants around the world. Yet, with little clarity on the plan for transitioning away from the established Interbank Offered Rates (IBORs), many financial services organizations are struggling to manage the risks and develop their transition strategy.

18 | Frontiers in Finance Risk proofing the future

The end of an era agreements. And they are embedded Concerns about benchmark rates have in a range of finance processes such as been swirling for years. Indeed, even renumeration plans and budgeting tools. before the LIBOR scandal hit in 2012,1 Central banks unsecured wholesale borrowing activity Not surprisingly, the volumes that will be had been in decline. And that meant that impacted by this change are enormous. have encouraged the rates were becoming increasingly According to the Financial Stability Board, subject to ‘expert judgment’. As the there were more than US$370 trillion industry working LIBOR scandal made immensely clear, the worth of notional contracts that — in groups to form to potential for manipulation was high. some way or other — were tied to LIBOR, EURIBOR or TIBOR in 2014.3 And that help solve issues When, in July 2017, the UK’s Financial number has grown since then. Conduct Authority (FCA) announced it arising from would no longer compel panel banks to The impact will also be felt far and wide. make LIBOR submissions after 2021,2 the The challenge will be particularly acute establishing and writing was on the wall: the IBORs’ days for central counterparties, exchanges, then transitioning were numbered. investment banks, retail banks, insurers, broker-dealers, hedge funds, pension to a new more Over the past year, it has become funds and asset managers. But the ripple increasingly clear that global regulatory effects will also be felt by corporations trustworthy preference was a benchmark and consumers as the shift changes replacement favoring risk-free rate valuations on everything from derivatives benchmark (RFR) based on transactional data. and corporate bonds through to business rate ... In the Central banks have encouraged industry and consumer loans. working groups to form to help solve run-up to 2021. issues arising from establishing and then New challenges emerge transitioning to a new more trustworthy There is still significant uncertainty about benchmark rate. In the run-up to 2021, how the transition to RFRs will pan out. working groups and several industry There are currently Working Groups advocates have been working diligently for each of the five LIBOR currencies4 to ensure that the new rates have (representing the US dollar, the UK pound established robust underlying cash sterling, the Japanese yen, the Swiss markets, sufficient liquidity in hedging franc and the Euro) with responsibility for instruments, broad acceptance from developing alternative RFRs to LIBOR market participants and are devoid of within their home jurisdictions. past issues. The market challenges that this is No small feat creating seem daunting. Working Group While on the surface this may seem members, key end users and other like a ‘find and replace’ exercise, the market participants are working hard to reality is that the shift from IBORs to create markets for new instruments that RFRs will be significant. IBORs currently are underpinned by the RFRs. Liquidity underpin a huge range of financial in these rates need to build to ensure products and valuations, from loans and a successful transition. This ultimately mortgages through to securitizations and requires impetus from end users to derivatives across multiple jurisdictions. transition away from IBORs, which They are used in determining all sorts have been embedded in systems and of tax, pension, insurance and leasing processes for over 3 decades.

1 The Financial Times, My thwarted attempt to tell of Libor shenanigans, 27 July 2012 2 The Financial Stability Board, The future of Libor, 27 July 2017 3 The Financial Stability Board, Market Participants Group on Reforming Interest Rate Benchmarks Final Report, July 2014 4 https://www.boj.or.jp/en/paym/market/jpy_cmte/cmt180801c.pdf

Frontiers in Finance | 19 Risk proofing the future

For multinational and global financial Planning for the transition will require firms institutions, the task will be exponentially to take on a series of key activities such as: more complex. In part, this is because Liquidity in these there will likely be significant regional —— Identifying exposures and differences, timelines and approaches to developing a transition strategy: rates need to the transition. In the US, for example, the Firms will need to identify all of the Alternative Reference Rates Committee products that will likely be in scope build to ensure (ARRC) is tracking against a ‘paced and start analyzing the legal language a successful transition plan’ for moving USD LIBOR in order to both assess the scale exposures to SOFR (the alternative of the challenge and to determine transition. This RFR proposed for the US)5; in the UK, the most appropriate strategy for urgency has been heightened by a Dear achieving contractual changes and ultimately requires CEO letter circulated by the PRA and the mitigating franchise and client risks FCA6; for the Euro area, the ECB Working through the transition. impetus from end Group is currently looking to mitigate the users to transition potential of a ‘cliff edge event’ for EONIA —— Assessing the initial impact: All and EURIBOR when the EU Benchmark business units will need to assess away from IBORs, Regulation transition period finishes on their models and systems to analyze 1 January 2020.7 the areas currently impacted by which have been IBORs. Firms will need to consider Most financial institutions will also need how best to alleviate potential embedded in to grapple with some of the ‘knock-on’ operational, legal and conduct risks systems and impacts of the shift away from IBORs. involved in changing a complex Consider, for example, how the new rates infrastructure that is currently heavily processes for over may influence hedge accounting practices reliant on LIBOR. at many financial institutions. In the US, 3 decades. the FASB has already proposed adding —— Setting up the RFR program: This SOFR to the list of interest rates that may will require the development and be eligible for hedging. How the other new management of an organizational, RFRs will influence hedge accounting cross-functional RFR program remains to be seen. that handles all business lines and jurisdictional differences while also No regrets ensuring alignment and coordination Yet, while the timing and transition across critical issues. to RFRs may seem uncertain, our experience suggests that there is much —— Creating the right governance that firms can be doing to prepare. The and awareness: Organizations will key is to position the organization through need to develop internal governance dynamic and early-stage planning while processes that allow them to still maintaining the agility required properly oversee changes to policies, to pivot against a range of potential systems, processes and controls transition options. This is about taking the while also ensuring employees are ‘no regret’ actions that will support the educated on the implications of the transition regardless of the final timing transition. and approach.

5 https://www.newyorkfed.org/arrc/index.html 6 https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-transition-from-libor-banks.pdf 7 https://www.ecb.europa.eu/paym/initiatives/interest_rate_benchmarks/WG_euro_risk-free_rates/html/index.en.html

20 | Frontiers in Finance Risk proofing the future

—— Communicating with clients: Firms For smaller firms, however, the greatest Contributors will need to conduct clear and early challenge will likely come down to communication with their clients resources and skills. The planning and in order to educate, inform and — transition process will require a significant eventually — renegotiate contracts. investment of time and manpower. Managing the conduct risk with clients Running it in parallel to ‘business as through the transition will be key, usual’ will be a challenge for resource- particularly given the potential for value light firms. Some global financial James Lewis transfer as existing positions are re- institutions are estimating transition costs KPMG in the UK referenced to RFRs. at between US$400 million to US$500 E: [email protected] million; smaller institutions should not James is a Director of risk in KPMG in the UK and leads KPMG’s EMEA Regulatory Getting ready underestimate the magnitude of this Insight Centre. James has led a number While the task at hand may seem transition. of global IBOR benchmark engagements overwhelming, it is clear that those who as the industry has been developing can use their data effectively and develop Make the most of the time towards the new Risk Free Rates. a flexible strategy will ensure a more Clearly, there is still much uncertainty efficient transition plan. The uncertainty of surrounding the discontinuation of the timing and the complexity of the change IBORs. But, even so, we believe it is will require continual re-evaluation of the possible for firms to move forward by sequencing and prioritization of activities creating a plan that includes flexibilities over the next 2 to 3 years. to accommodate the transition to RFRs as the approach and timelines become Many firms may also want to consider how better established. Christopher Dias they might leverage newer technologies KPMG in the US to help drive their transition program. Those that move quickly, smartly and E: [email protected] Christopher has over 30 years of For example, some firms are already flexibly today will have the opportunity international experience in financial incorporating smart technologies to help to make the transition efficiently and markets as a risk practitioner and them identify where changes might need minimize potential downside risks. Those strategic advisor. He has helped several to be made across their various systems, that wait for full clarity before taking steps financial institutions successfully models and databases. Where firms have will almost certainly struggle to meet the prepare and adapt to changing large volumes of unstructured contracts, deadline before the IBORs potentially regulations and market challenges and AI tools are being piloted. In particular, the disappear at the end of 2021. has represented client interests to global regulators, communicated strategy to digitalization of contracts will have benefits senior management, and presented to firms beyond the IBOR transition. complex issues to company boards.

KPMG member firms are producing regular content — the Evolving LIBOR series — to help firms easily digest the complex changes Tom Jenkins transitioning from LIBOR to Risk Free Rates may KPMG China generate. Please visit kpmg.com/evolvinglibor. E: [email protected] A partner in KPMG China’s Hong Kong office, Tom has over 14 years’ experience serving the securities, investment banking and investment management sectors. His areas of focus include audit and a variety of regulatory and compliance topics.

Frontiers in Finance | 21 Risk proofing the future IFRS 17: Making the most of the extra year

Mary Trussell, KPMG in Germany Frank Dubois, KPMG in Singapore Bryce Ehrhardt, KPMG in the US

nsurers now have an extra year to implement IFRS 17. Naturally they want to use the time I wisely. But what exactly does that entail? And is the answer the same for all?

When the IASB tentatively agreed to a 1-year deferral of the IFRS 17 effective date in November 2018, we saw as many insurers shedding tears of frustration as those that let out a sigh of relief.

22 | Frontiers in Finance Risk proofing the future

Of course, an additional year is a bonus. Scenario plan: Identify But many insurers — both large and 2 uncertainties and then conduct What is IFRS 17? small — had been hoping for a longer robust scenario planning extension. Some face the challenge of exercises and test your assumptions to IFRS 17 is a new financial applying a complex standard to a myriad ensure you are prepared for a variety of reporting standard for of different products. Many have found outcomes and situations. Focus on ‘no insurance contracts. It was the new standard’s data requirements a regrets’ activities that deliver immediate issued by the International tall order. Most recognize they need more value while recognizing any potential time with their software vendors to test, uncertainties in the environment or in the Accounting Standards validate and configure their solutions to standard (for example, until the proposed Board (IASB) in May 2017 fit their particular business needs. Taken amendments are finalized). and marks the biggest together, almost all are finding the practical single change to insurance steps needed to implement the standard Practice, practice, practice: The accounting — bigger time-consuming and complex. 3 additional time means more time than the introduction of for test runs and parallel runs. IFRS itself. The IASB has The 1-year deferral does more than Recognize that delivering IFRS 17 results simply push the reset button on the will require multiple iterations, challenge recently voted to defer the implementation countdown clock. The and oversight before sharing with the mandatory effective date of goalposts are also being realigned to outside world. Particularly for the more IFRS 17 and the fixed expiry reflect proposed amendments to the advanced organizations, this additional date for the temporary standard — albeit in ways that most year offers valuable time to ensure tools, exemption in IFRS 4 from insurers will welcome — and insurers processes and people are ready for applying IFRS 9 to 1 January will need to analyze and assess the implementation. Also, don’t forget to 2022. changes, update their implementation allow ample time to design, test, and plans and then execute on them. When implement new controls around the the standard was initially issued, insurers revised and new processes. had approximately 3.5 years before the effective date. With the 1-year deferral, Talk to stakeholders: Use the the clock now shows less than 3 years to 4 extra year to strengthen go. We all have to raise our game to hit the communication with the new target. business, subsidiaries and stakeholders. It will be critical to build into your Time well spent by all implementation program time to help What can insurers do to ensure they are stakeholders understand what your making the most of the time they have IFRS 17 financial results will look like and been given? In our discussions with how to interpret those results. Review insurers around the world, we often focus current performance metrics and identify on five key areas. the drivers of IFRS 17 results. Work with the business to consider what metrics Strengthen your road map: If can be continued, which need refreshing Most recognize 1 you have not already developed and what needs to be replaced. Consider an implementation road map, do briefing investors and analysts early and they need more so immediately. If you already have an throughout your journey on the approach existing road map, now is the time to take and progress. time with their a step back and ask whether it is practical software vendors and achievable given your resources, the Look for opportunities: Don’t additional year and proposed 5 overlook the potential for to test, validate amendments. Cross-check progress related opportunities on the road against plans. Don’t forget to consider to implementation. Consider using and configure any areas that have been on hold in the IFRS 17 as the catalyst to upgrade your hope of further amendments. Ensure you finance and actuarial capabilities. their solutions to have the right tools and capabilities to Spending the time to understand your fit their particular achieve all objectives by 2022. data architecture, i.e. the data flows and interfaces throughout your end-to-end business needs.

Frontiers in Finance | 23 Risk proofing the future

processes, can help you understand what So how might some of these can be done to simplify, standardize and different groups of entities react automate financial and actuarial to the changes? We find that processes. Find opportunities to streamline. And look for commercial Welcome relief for breaking the opportunities to optimize reinsurance ‘front-runners’ arrangements, product design and pricing program down and asset liability management. Consider For the fortunate few who started work strengthening the links between the two ahead of the standard being issued, and into more by enhancing planning and performance have the discipline to regularly update manageable management. their work plan to accommodate change, one option might be to press ahead, sprints and New year, new challenges? using the additional time for further dry But the extra year also brings challenges. runs and to learn to steer their business rotating people Besides the obvious concern about on the new basis. Others will use whether the IASB’s proposed changes the time to upgrade their finance and onto and off will make the standard more meaningful actuarial capabilities, automating where the program and less complex to implement, many possible and rethinking processes to will likely face challenges ensuring improve agility. throughout that employees and top management its life are continue to prioritize the project. For A wake-up call for ‘late those that already started their IFRS 17 adopters’ journey, what was already a long-haul techniques that just got longer — and typically more But what about any late adopters?1 can help the costly. The problem facing the unprepared is not just one of increased risk of non- program stay on Keeping everyone motivated and aligned compliance. It’s also that they will likely to overcome project fatigue (particularly face much higher operating costs in the track. given all of the other disruptions that may future as they work to catch up with occur over the next 3 years) is priceless. those that took the time to investigate We find that breaking the program the challenges thoroughly and invest in down into more manageable sprints and automation, and have put themselves rotating people onto and off the program at the back of the line to access a fast- throughout its life are techniques that draining talent pool. We urge these can help the program stay on track. Staff insurers not to hit the snooze button and rotations to the program help people to use the new timeline and proposed to acquire new skills and experience to amendments as a wake-up call to get meet their personal goals, inject new started. life and energy into the team and spread knowledge as they graduate from the A reality check for program into new roles. perfectionists But is the answer the same for all? In an attempt to reach the perfect answer, One size doesn’t fit all and entities need some insurers find it difficult to land to find the right pace of change to fit their accounting and actuarial judgments or culture and ambition — after all, some identify their target architecture and select entities are tackling this solely to achieve a software solution provider. If that sounds compliance for local reporting. For others, like you, we would strongly recommend it represents a whole new language to using the deferral as a shot in the arm to explain their business. re-invigorate your program, with a focus

1 At KPMG we regularly survey insurers on their readiness for IFRS 17 and IFRS 9 and our most recent temperature check tells us that fully forty eight per cent of smaller insurers have yet to meaningfully start on their implementation program. KPMG International, In It To Win It.

24 | Frontiers in Finance Risk proofing the future

on right to left thinking that compares evolution in insurance reporting — Contributors where you need to get to with where you certainly bigger than the implementation are now. Perhaps you’ve held off from a of IFRS and even bigger than Solvency II. detailed evaluation of the impact of IFRS 17 While the extra year will provide some on reinsurance ceded, in the hope that the welcome wiggle-room for many standard would be updated. That hope has insurers, the reality is that it will take hard been addressed (at least in part) and so the work and tight timelines to ensure you time to start the analysis is now. are fully prepared. Mary Trussell KPMG in Germany Making the most of the extra year Insurers need to make the most of E: [email protected] Mary is KPMG’s Global Insurance Ever since the new standard was the extra year. With the proposed Accounting & Regulatory Change Leader announced, we’ve been advising IFRS amendments, it’s a bigger window of and Global IFRS Insurance Co-deputy filers to prepare for the single biggest opportunity than many dared hope for. Leader. With over 30 years’ experience, Mary brings deep experience covering the entire range of insurance markets, from life and health and personal lines to specialty risks and reinsurance, across Asia Pacific, Europe and North America. Mary advises clients on successfully navigating change to enhance their finance capability and One size doesn’t fit all and entities need business performance. to find the right pace of change to fit their culture and ambition — after all, some entities are tackling this solely to achieve compliance for local reporting. Frank Dubois KPMG in Singapore E: [email protected] Frank is a Partner with KPMG in Singapore leading the local insurance practice since 2010. As one of the representatives from the ASPAC region at the IFRS 17 KPMG Global Topic Team, he currently works with (re)insurance (Life and GI) companies on IFRS 17/9 projects in the ASEAN region. Prior to moving to Singapore, Frank contributed to the setup and development of the Insurance & Actuarial practice in KPMG in France.

Bryce Ehrhardt KPMG in the US E: [email protected] Bryce is a director with KPMG in the US’ Accounting Advisory Services Group, part of the Deal Advisory & Strategy practice. He has 10 years of experience in the insurance industry, including extensive experience with international insurance accounting. Most recently, Bryce worked in KPMG’s International Financial Reporting Group in London, UK. Before that, he served as an auditor to public and private US insurance companies.

Frontiers in Finance | 25 Risk proofing the future

Risk proofing the future The move to multiparty investing

Marco Müth, KPMG in Germany David Neuenhaus, KPMG in the US

ast summer, a consortium led by Deutsche Finance Group and including Turkish private L equity real estate firm BLG, Germany’s biggest pension fund (BVK) and a large public insurer, and New York developer Shvo joined forces to acquire the ‘Gucci Building’ in Manhattan. Over in the UK, a consortium of UK and Canadian pension plans, led by the West Midlands Pension Fund, purchased Red Funnel, the original Isle of Wight ferry company.

26 | Frontiers in Finance Risk proofing the future

These are among several high-profile strong track record locally and has access consortium transactions that have to deals and transactions the European taken place within the last 2 years investor does not. and are indicative of a growing trend: Around the globe, institutional investors turning to In the case of indirect investments via multiparty investing to gain access to funds, the investor gains the experience from country to the competitive global real estate and of the fund manager in the form of infrastructure markets. access to the market, the ability to get country, there are deals done and working within the limitations as to Multiparty investing regulatory requirements. One of the key Multiparty investing takes many forms benefits of investing indirectly in a fund what the investor including consortiums involving several is risk diversification. Instead of only parties, simple joint ventures and fund buying one asset, the investor is buying can do both at the investing where the investor typically into a number of assets where the risk is takes a more passive role leaving economically diversified across a larger investor or investee the active management to the fund number of assets, different regions and location. manager, who takes a fee for their currencies. services. In some scenarios, an investor may be investing in a fund established What’s driving multiparty specifically for them or in a pooled investing fund with other investors. Each form of Three interconnected key factors are multiparty investing gives rise to its own behind the rise in multiparty investing: set of challenges. Risks are as unique as each partnership and can include —— the low interest rate environment managing different investor profiles, around the world, which has led to an issues in relation to substance and increase in pricing deemed agency liquidity risks, general partner and limited partner expectations, —— the boom of alternative investments, and specific regional challenges. such as investments into real estate and infrastructure, which has created Benefits run deep a sellers’ market Scale, knowledge and a sharing of risk. These are among the obvious benefits —— with the sellers in the driver’s seat, of multiparty investing. For example, they can easily choose to whom they over the past several years, pension want to sell because of the excess funds and institutional investors have capital in the market that needs to be developed significant interest in investing deployed. in infrastructure assets, which offer attractive long-term characteristics, In this environment, joint ventures, such as protection against inflation. consortiums and investments with fund The challenge is the size of the required managers facilitate access to deals. capital. Pooling resources is the only way to build the capacity to invest in these Another factor increasingly leading larger investments. institutional and sovereign wealth fund investors to seek out partners is the Building a knowledge base and gaining growing complexity of the regulatory access to experience is another key environment, specifically with respect benefit of multiparty investing. For to finance and tax. By investing with example, an investor from Europe looking others who have experience navigating to make their first direct investment the regulatory environment of a given in the US may seek out a joint venture jurisdiction, it becomes easier to find the with someone in the US who has built a right structure and the right transaction.

Frontiers in Finance | 27 Risk proofing the future

For example, institutional investors looking to make direct investment, origination, execution and asset management capabilities are critical. But not all institutional investors have the same level of sophistication.

The complex regulatory environment Around the globe, from country to country, there are limitations as to what the investor can do both at the investor or investee location. For its own public pension funds, Canada has what’s called the 30 percent rule, which limits these institutional funds from owning more than 30 percent in any deal. This ensures the funds remain passive and do not own or manage companies outright.

Addressing the challenges of multiparty investing Often the reason for partnering in an investment also presents challenges to making the deal happen. For example, a joint venture partner may have the experience and access to get a deal done, but they may not align in other respects. The task is to find a partner or partners that fit the requirements, and align with the values and interests, of the investor.

Scale, knowledge and a sharing of risk. These are among the obvious benefits of multiparty investing.

28 | Frontiers in Finance Risk proofing the future

For institutional investors looking to enter a multiparty investing relationship, we recommend:

Choosing the right people. Controlling and managing an investment is important over the lifetime of the investment. It becomes even more Contributors 1 important when investing indirectly via a third- party asset manager or partner if the fund already exists. Conduct due diligence at the fund level and at the portfolio level. In a consortium, it is critical that investors are like-minded, able to collaborate and have a clear understanding of each other’s investment philosophy. David Neuenhaus KPMG in the US E: [email protected] David is Head of KPMG’s Global Institutional Investors Group and has Understanding the differences in the jurisdictions of more than 20 years of experience providing tax planning and structuring each partner as well as those of the jurisdiction where services to sovereign wealth and the investment resides. From a tax perspective, the pension funds. David specializes in 2 relative position of the investors will vary as different structuring cross-border investments and acquisitions and compliance with countries may have more favored status, or better US withholding documentation and treaties. Some countries are more scrutinized than reporting regimes. others because they have not provided the same level of disclosure. When the investors come together, some may be better off in one structure over another. From the outset, be clear on the relative sensitivities and what’s important in a preferred structure from one group of investors versus another. Marco Müth KPMG in Germany E: [email protected] Having a risk management plan. While the potential Marco is a Tax Partner in KPMG for better governance is a key benefit of partnering Germany leading the FS Tax Real in large-scale investments, it is important to put Estate Group. He focuses on M&A tax advice as well as tax compliance 3 in place processes to address future regulatory for institutional investors in alternative changes or changes in the funds involved. assets worldwide.

Frontiers in Finance | 29 Non-financial and emerging technology risks

Non-financial and emerging technology risks A better view: Getting on top of your non-financial risks

Markus Quick, KPMG in Germany Craig Davis, KPMG in Canada John-Paul (JP) Monck, KPMG Australia

on-financial risks are creating big challenges for financial N services organizations. There are two reasons that executives and decision-makers may not be seeing the full picture.

30 | Frontiers in Finance Non-financial and emerging technology risks

Your non-financial risks may be the The value of integration biggest threats to the future success of The other big challenge facing financial your organization. And the list of potential services firms comes down to a lack hazards is long and varied: cyberattacks, of integration across their various risk The problem isn’t emerging technologies, reputational activities. The reality is that most — if not issues, climate change, mis-selling, all — financial services firms currently that managers misconduct, a return to territorialism, assess and manage their non-financial geopolitics, human rights (see article on risks in silos. Business continuity aren’t aware of page 60)… the scope for issues seems to management is managed in one silo; the risks. Nor is it be growing every day. third-party risk in another; IT security in yet another. But the three can often be a lack of effort or Yet, while most financial institutions very interlinked: a third-party system have done a fairly good job shoring up could lead to an IT security issue that desire to address their financial risk capabilities (particularly could impact business continuity. since the global financial crisis), our these risks. More experience working with leading banks, Yet, more often than not, risk management often, the problem asset managers and insurers suggests requirements are covered by separate that few organizations enjoy the same functions; communication between comes down to level of sophistication when it comes to functions is limited; oversight is fractured; their non-financial risks. and the number of reports being generated poor visibility. becomes overwhelming. Decision-makers The problem isn’t that managers aren’t and managers are only able to see pieces aware of the risks. Nor is it a lack of effort or of the puzzle rather than the whole picture. desire to address these risks. More often, the problem comes down to poor visibility. Getting to the full picture KPMG firms have worked with a number Seeing all the dimensions of large banks, insurers and asset There are two reasons that executives managers around the world. And our and decision-makers may not be seeing experience suggests there are seven key the full picture. The first is that most areas where all financial services firms executives are only looking at one should be focusing on in order to create a dimension of the risk. KPMG member more holistic and integrated non-financial firms’ work with financial services firms risk management approach. around the world suggests that most continue to rely primarily on quantitative Taxonomy: Making sure that measures when identifying, measuring 1 everyone in the organization is and ranking non-financial risks. Far too speaking the same language is key few also incorporate qualitative measures to creating better integration across risk to get a better view of the risks they face. functions. Indeed, a common understanding of the taxonomy, definitions Rather than just measuring the quantity and delimitations of terms are a key of infractions that occur or the number prerequisite for an integrated approach. of training sessions conducted, for While complete standardization may not example, financial services firms could always be possible, key terms (such as also be tracking situations where risks, impacts, causes and occurrence infractions almost occurred. They could be probabilities) should be clearly defined. conducting root cause analysis. And they could be overlaying media information Governance: Where possible, and other sources to understand where 2 risk functions should be other institutions may be experiencing integrated into fewer units. increased risks. This will encourage improved interaction

Frontiers in Finance | 31 Non-financial and emerging technology risks

between responsibilities (by optimizing critical first step. Finding ways to integrate tools, IT and reporting, for example) and quantitative and qualitative data into clear enhance efficiency within the units and actionable reports to management Financial responsible (in both the first and second will also be key. lines of defense). A clear definition of the institutions may role of the Second Line of Defense, People and culture: While IT including independent reporting to the 6 systems are important, it’s the want to consider management board, is critical. people behind the systems and starting with the the culture of the organization that enable Methodologies: Financial successful integration. Creating a culture harmonization 3 institutions should be working to of risk awareness, compliance and improve the efficiency, management across the entire enterprise of their reporting productivity and integration of their risk is key to ensuring that your people not only functions by reducing the number of risk understand the importance of non- layout and identification and assessment tools being financial risks but also how to properly assessment used across the organization’s second line report and manage them. This must start of defense. This will involve increasing the within the risk function but, very quickly, it grids, taking number of synergies within the different must also be embedded across the lines functions and interlinking the tools and of business. great care to methodologies across the functions, thereby creating the basis for an integrated Reporting: Integrating existing subsequently level of control. 7 reports into a single overarching integrate the non-financial risk report will be key IT systems: Similarly, financial to helping senior management focus on results. 4 institutions will want to reduce the the right risks at the right time to support number of IT tools currently being strategic decision-making. Financial utilized across the second line of defense. institutions may want to consider starting This is an opportunity to implement robust with the harmonization of their reporting integrated technical solutions (versus layout and assessment grids, taking great continuing to use generic tools such as care to subsequently integrate the results. Microsoft Office apps). Creating a Ensuring that the right risks are being common technical platform can help to raised and reported in the right way will be simplify the sharing of information and can key to managing the growing scope of enable all data to be pooled together to potential non-financial risks. improve overall reporting. Given the pace of change both inside and Data: Rather than relying solely on outside of the financial services sector, 5 quantitative risk data, risk we believe it is particularly worrying that managers and senior executives and boards are not seeing management should be working to the full non-financial risk picture. The risk enhance their view by identifying, inventory for financial services firms is collecting and then integrating qualitative changing constantly. And that makes it data sources and measures. more critical than ever for managers and Understanding which data sources should boards to be able to see and understand be used (based on value, reliability, ease of the risks they face. access and security, for example) will be a

32 | Frontiers in Finance Non-financial and emerging technology risks

Contributors Key questions for 10 senior management

Does your non-financial risk framework adequately Markus Quick 1 KPMG in Germany cover all the potential risks your firm faces? E: [email protected] Markus is a Partner in Frankfurt, Germany. With more than 20 years’ Do you understand the impact of strategic decisions experience in risk management in the 2 on your risk profile? Financial Services Industry, his projects focus on non-financial risk, internal governance and risk culture. Does your appetite for non-financial risk align with 3 decision-making?

Does your firm’s risk culture influence the way your 4 firm manages non-financial risks? Craig Davis KPMG in Canada Are you overly focused on the financial impacts of E: [email protected] 5 Craig is a Partner in the Financial Risk non-financial risk events? Management (FRM) practice for KPMG in Canada where he leads risk management large-scale engagements, 6 Are you encouraging the business and its support developing and assessing risk units to own their non-financial risks? management frameworks and the implementation of market/credit risk models. 7 Is your reporting across the sub-categories of non-financial risk consistent?

8 Are your risk management silos integrated and coordinated? John-Paul (JP) Monck KPMG Australia Does your entire organization speak the same E: [email protected] 9 JP is a Director with KPMG Australia. language with regards to non-financial risk? As a former bank regulator at the Australian Prudential Regulation Authority (APRA), and having completed 10 Are you confident that you are tracking and a PhD in Risk Governance, JP brings a measuring the right non-financial risks? unique brand of practical experience and theoretical understanding of governance and challenges in managing financial institutions.

Frontiers in Finance | 33 Non-financial and emerging technology risks Keeping the AI in line: Managing risk in an automated world

Edmund Heng, KPMG in Singapore Anu Kukar, KPMG Australia Ankit Kalra, KPMG in the US Douglas Dick, KPMG in the UK

inancial services firms are embracing artificial intelligence and emerging technologies like never F before. But are they ready to manage the risks?

34 | Frontiers in Finance Non-financial and emerging technology risks

Ask any financial services CEO if their All of this would be fine if risk managers organization is using or piloting artificial were positioned to help organizations intelligence (AI) and you’re sure to get identify, control and manage the risks. a positive response. In fact, in a recent But our experience suggests this is rarely By replicating a global survey of financial services CEOs, the case. In part, this is because few risk just 1 percent admitted they had not yet managers have the right capabilities or single mistake at implemented any AI in their organization understanding of the underlying algorithms at all. to properly assess where the risks lie and a massive scale, how they can be managed. But the bigger a ‘rogue’ AI or Not surprisingly, financial services firms problem is that risk management is — all are becoming increasingly aware of the too often — only brought into the equation algorithm has significant benefits that AI can deliver — once the bot has been developed. And that from improving the customer experience is far too late for them to ‘get up to speed’ the potential to and organizational productivity through to on the technologies and provide valuable enhancing data governance and analytics. input that can help implement effective magnify small And they are beginning to realize how AI, controls from the outset. issues very machine learning and cognitive capabilities could enable the development of new It’s not just financial services decision- quickly. products and new demand that would makers and risk managers that are not have been possible using traditional struggling with these challenges. So, too, technologies. Our survey shows that the are regulators, boards and investors. They majority are now implementing AI into a are starting to ask difficult questions of wide range of business processes. the business. And they are not confident about the answers they are receiving. While this is great news for financial services firms and their customers, Getting on the right path the widespread adoption of AI across There are five things that financial services the organization also creates massive organizations could be doing to improve headaches and challenges for those their control and governance over AI. charged with managing risk. Put your arms around your New risk challenges emerge 1 bots. The first step to Part of the problem is the technology understanding and managing AI is itself. By replicating a single mistake at a knowing where it currently resides, what massive scale, a ‘rogue’ AI or algorithm value it currently delivers and how it fits has the potential to magnify small into the corporate strategy. It’s also worth issues very quickly. AI is also capable of taking the time to understand who learning on its own, which means that developed the algorithm (was it an the permutations of individual risks can external vendor?) and who currently owns be hard to predict. Whereas a human the AI. Look at the entire organizational rogue employee is limited by capacity ecosystem — including suppliers, data and access, an AI can feed bad data providers and cloud service providers. or decisions into multiple processes at lightning speed. And that can be hard to Build AI thinking into your risk catch and control. 2 function. We have helped a number of banks and insurers The ‘democratization’ of AI is also creating identify and assess the capabilities and skills challenges for risk managers. The reality needed to create an effective risk function is that, with today’s technologies, almost for an AI-enabled organization. It’s not just anyone can design and deploy a bot. As about risk managers having the right skills. business units start to see the value of AI It’s also about becoming more agile, within their processes, the number of bots technologically savvy and commercially operating in the organization is proliferating focused. Particular attention should be quickly. Few financial services firms truly placed on the development of sustainable know how many bots are operating across learning programs that include the theory, the enterprise and that means they can’t practical and contextual capabilities required fully understand and assess the risks. to encourage continuous learning.

Frontiers in Finance | 35 Non-financial and emerging technology risks

Invest in data: Data is a culture to encourage employees to 3 fundamental building block for properly operate, manage and control the getting value from new and AI they work with. More than just new More than emerging technologies like AI. And our technology skills, organizations will need experience suggests that most financial to consider how they transform the just new institutions will need to continue to invest organizational mind-set to apply a risk lens heavily into ensuring their data is reliable, to AI development and management. technology skills, accessible and secure. This is not just organizations will about feeding the right data into the Looking ahead machine; it is also about helping to While there are still significant unknowns need to consider mitigate operational risks and potential about the future evolution of AI and its biases by verifying the quality and integrity associated risks, there are a few things how they of the data the organization is using. that we know for sure: financial services firms will continue to develop and deploy transform the Develop an AI-ready risk and AI across the organization; new risks organizational 4 control framework: While some and compliance issues will continue internal audit functions and risk to emerge; and risk management and mind-set to managers are using existing frameworks business functions will face continued such as SR 11-7 and the OCCs Risk pressure to ensure that the AI and apply a risk Management Principles as a starting associated risks are being properly point, we believe that AI professionals, risk managed. lens to AI managers and boards will need to develop development and a purpose-built risk and control framework The reality is that — given the rapid pace (figure 1) that can help mitigate data of change in the markets — financial management. privacy, security and regulatory risks institutions will need to be able to across the entire life cycle of the model. make faster decisions that enable the For more details on KPMG’s Risk and organizations to move from ideation to Controls framework click here.1 revenue with speed. And that means they will need to greatly improve the Go beyond the technology: The processes they use to evaluate, select, 5 reality is that AI — once fully invest and deploy emerging technologies. realized — will likely extend across Those that get it right can look forward the entire culture of a financial services to competitive differentiation, market firm. And that will require decision-makers growth and increased brand value. Those to think critically about how they ensure that delay or take the wrong path may they have the right skills, capabilities and find themselves left behind.

Figure 1: Risk and Controls Framework

Strategy Governance

Human Risk Data and Supplier Enterprise resource management model management architecture management and compliance governance

Business process controls Program governance and management Logging and monitoring

Identity and access Security management management wledge management Solution development IT change Business Kno IT operations management continuity

Source: AI Risk and Controls Matrix, KPMG 2018

1 https://assets.kpmg/content/dam/kpmg/uk/pdf/2018/09/artificial-intelligence-risk-and-controls-matrix.pdf

36 | Frontiers in Finance Non-financial and emerging technology risks

Contributors Questions financial services Boards and lines of business 5 should be asking about AI

Edmund Heng KPMG in Singapore How does the organization’s use of AI align E: [email protected] to the organizational strategy and how does it Edmund leads the project assurance and emerging 1 technology risk initiatives for KPMG in Singapore, maximize value impact of strategic outcomes? including cloud computing, AI, data and blockchain. He has over 13 years of experience providing IT audit, risk and governance services, specializing in digital and cyber risks.

What new risk and compliance issues is AI 2 introducing into the organization and how does that impact our organizational risk profile?

Anu Kukar How are we leveraging external experts and KPMG Australia E: [email protected] encouraging our existing workforce to learn the A Director in KPMG Australia’s Risk, Strategy 3 AI and technology skills that the organization and Technology practice, Anu helps businesses requires to properly manage new technologies? undertake transformation leveraging emerging technologies with a risk lens for better risk, customer, employee and financial outcomes.

Do the organization’s risk professionals understand the emerging technologies and 4 their associated operational, compliance and regulatory risks?

Ankit Kalra KPMG in the US E: [email protected] Is risk management properly embedded into Ankit is a Director in Emerging Technology Risk the AI design and development process to practice at KPMG in the US. He helps banks take a 5 structured approach to technology and cybersecurity ensure risks are identified and managed early? risk management and is co-leading the development of KPMG’s intelligent automation risk management frameworks.

Douglas Dick KPMG in the UK E: [email protected] Douglas is the UK Head of the Emerging Technology Risk practice within KPMG, encompassing leadership of the AI risk management service line. He has worked extensively within technology audit, assurance and advisory services in banking and the wider financial services market in the UK and internationally.

Frontiers in Finance | 37 Uncover the full potential of artificial intelligence

KPMG Artificial Intelligence in Control helps you bring AI to production — As we enter without sacrificing innovation an age of governance oday’s organizations rely heavily your algorithms, our AI solutions — by algorithms, on algorithm-based applications Artificial Intelligence Governance and organizations Tto make critical business Artificial Intelligence Assessment — must think about decisions. While this unlocks can help you establish greater opportunities, it also raises questions confidence in your technology the governance of about trustworthiness. That’s where performance. They help you algorithms to build KPMG Artificial Intelligence in transparently and effectively govern Control comes into play. algorithms, as well as assessing and trust in outcomes KPMG member firms believe that enabling higher quality output. and achieve the the governance of AI is just as Our member firms work to provide full potential important as the governance of a holistic, broad-ranging approach to of artificial people. Whether you’re introducing help you along your AI journey and advanced robotics to your business to achieve your business objectives, intelligence (AI). or want to address the integrity of now and in the future.

KPMG Lighthouse Data Driven Technologies

kpmg.com/datadriven Non-financial and emerging technology risks Fintech regulation: Balancing risk and innovation

Julie Patterson, KPMG in the UK Shahid Zaheer, KPMG in Singapore Jim Suglia, KPMG in the US

intech is a priority for today’s asset management firms, many of which see such technologies as F the key to maintaining a competitive edge. It is easy to see why. Fintech innovations promise a myriad of opportunities, from greater efficiency in financial transactions through to the transformation of the business.

40 | Frontiers in Finance Non-financial and emerging technology risks

In recent months and years, we have in 2019 and beyond we see increasing seen regulatory bodies worldwide divergence in worldwide regulatory attempt a careful balancing act. On standards in asset management, the one hand, regulators recognize the when it comes to facilitating fintech There are need for innovation, and are working to development, regulators appear to support and encourage fintech activity be of similar mind. Technologies significant through actions such as framework such as robo-advice, blockchain and changes and the creation of regulatory cryptocurrencies, and ‘big data’ are all on concerns that sandboxes. On the other hand, there are the regulatory radar, but addressing the existing risks, significant concerns that existing risks, heightened cybersecurity risks is clearly especially surrounding cybersecurity a top priority. especially and fraud, are becoming heightened by fintech’s growth. Cybersecurity an area of surrounding significant concern Are financial regulations still fit Incidents drive greater scrutiny, so it cybersecurity for purpose? is no wonder that the cyberattacks in and fraud, The digital age has brought significant 2018 have led to increased regulatory shifts in every jurisdiction around the attention to digital safety and security. are becoming world, and financial regulations have The European Securities and Markets not kept pace. The rules as originally Authority (ESMA), Germany’s Federal heightened written assumed a world in which Financial Supervisory Authority (BaFin) by fintech’s people conducted business face-to- and more have all created forums, face, with physical signatures on paper. cybersecurity panels and other methods growth. While regulators have updated rules over to help develop appropriate approaches past decades, the accelerated pace of to the increasingly common problem change means that regulators are now of cybersecurity vulnerabilities. In constantly playing catch-up with the addition to these steps, the Monetary implications of the newest innovations. Authority of Singapore (MAS) has also recently launched a US$30 Current wisdom holds that fintech million Cybersecurity Capabilities technologies do not pose significant Grant to co-fund financial institutions’ financial stability risks in their own right. establishment of global or regional However, innovations already on the cybersecurity centers of excellence in horizon could carry with them increased Singapore,1 as well as issuing a recent systemic risks through growing consultation paper on cyber hygiene that complexity and interconnectedness, includes essential cybersecurity practices greater operational risk, increased for financial institutions.2 liquidity risk, and more. There is also uncertainty around where and how Given that high-level rules regarding future operational and security risks operational effectiveness and protecting might arise, meaning that regulators clients’ assets are already in force, in have the unenviable task of fighting fires most global jurisdictions, regulators have before they are lit. yet to start changing rules — though change may be on the horizon. In many In watching recent regulatory changes jurisdictions, the regulatory focus is and related discussions, it is clear currently on supervisory activity rather that regulators are beginning to than rule changes. Many regulators fundamentally rethink what ‘good are now also looking at fine-tuning the conduct’ looks like in an age when regulations surrounding security tests, contact is entirely digital — and may not checks and controls to keep pace with involve human actors at any point. While the accelerating pace of change.

1 https://www.businesstimes.com.sg/banking-finance/mas-unveils-s30m-grant-to-boost-singapore-financial-sectors-cybersecurity 2 http://www.mas.gov.sg/News-and-Publications/Consultation-Paper/2018/Consultation-Paper-on-Notice-on-Cyber-Hygiene.aspx

Frontiers in Finance | 41 Non-financial and emerging technology risks

Regulators are also increasingly Other evolving risk areas Other areas of growing regulatory interested in operational resilience. While cybersecurity may be regulators’ concern include: robo-advice; Trends show that regulators want to see top concern, other fintech areas are also crowdfunding, with some regulators that individual asset management firms making waves. Distributed leger technology proposing simplified rules for securities- have not only the necessary financial (DLT), such as blockchain, is one area under based crowdfunding platforms; and capability, but also the technological particular scrutiny. ESMA, for example, continued interest in the implications of capability to operate in the current and indicated that “its legal certainty and AI and big data. evolving digital climate. Many fintech broader legal issues — such as corporate, innovations connect asset managers to contract, solvency and competition laws — Fintech innovations continue to shape outside organizations, such as through need to be considered and clarified” before the financial sector around the globe. the use of Application Programming DLT can be used for larger-scale financial Asset managers, like regulators, need Interfaces (APIs), creating the risk that purposes, while the FCA raised concerns to strike the right balance between the the corporation does not possess the that DLT could lead to a “lack of individual competitive advantages that fintech capability or capacity to effectively accountability at firms”.3 Bitcoin and other can provide and the risks inherent in respond to a cyberattack, or that a cryptocurrencies have also received a the integration of these technologies response could come too slowly to be skeptical reception from regulators around with current business models. effective. the globe, with incidents such as the Coincheck hack from early 2018 receiving particular regulatory scrutiny.

3 https://assets.kpmg.com/content/dam/kpmg/xx/pdf/2018/05/innovative-competitive-environments.pdf

42 | Frontiers in Finance Non-financial and emerging technology risks

Contributors Responding to the regulatory climate In talking with our firms’ clients, many are asking: how should asset managers respond to the current regulatory uncertainty and changes surrounding fintech innovation? We generally provide two core recommendations. Julie Patterson KPMG in the UK E: [email protected] Julie has specialized in the asset Understand that no action is not an option. management and funds sector for nearly 20 years, having previously worked at Fintech innovations can provide important the UK Investment Association and as a 1 competitive advantages, including benefits to the regulator. She has extensive knowledge top line, bottom line and overall client experience. of EU regulation and national market structures, produces thought leadership Yet even for asset managers that do not wish to on the evolving regulatory context, engage heavily with fintech or are not looking to and is KPMG’s global lead on Brexit for be a leader in innovation, the increasing regulatory the sector. pressure around organizational resilience demands a response. Understand, too, that it is not only regulators who will be looking to see that asset managers keep valuable data safe from cyber- attacks. Malicious actors are actively pursuing vulnerabilities, and attacks will only increase. Shahid Zaheer KPMG in Singapore Know what is happening at every touch E: [email protected] point. Asset managers need to be fully informed Shahid is a Principle with KPMG in 2 about fintech innovations and regulators’ current Singapore and has over 20 years of experience in the capital markets thinking in order to make fundamental decisions space. Shahid has carried out regulatory about systems and processes throughout the compliance and risk management business model, including across geographies. reviews for various entities involved in This includes investigating the technological asset management, securities brokering, financial advisory and banking services. capabilities, security policies and governance of not only outsourced service providers but also the suppliers’ suppliers, as any cyber risks that affect these downstream providers can ultimately impact the fund manager.

Jim Suglia KPMG in the US E: [email protected] Jim is the National Segment Leader for Alternative Investments at KPMG in the US and also serves some of the largest global asset management clients.

Frontiers in Finance | 43 Non-financial and emerging technology risks Get serious about cyber: Protecting the crown jewels

Matthew Martindale, KPMG in the UK James Arnold, KPMG in the US

he cyber risk facing insurers is constantly changing. Are you T ready for the next attack?

44 | Frontiers in Finance Non-financial and emerging technology risks

Like it or not, insurance organizations are The moving target moving into the cross-hairs of hackers. If the cyber risk would remain static, They know what insurance decision- most insurers would have no problem makers and regulators have understood shutting the door on the hackers and With every for years: that insurance organizations hold ensuring compliance. But the reality some of the world’s most valuable data. is that the cyber risk is continuously large-scale and changing and evolving. Try as we might Depending on the line of business, to eliminate new vulnerabilities, the public cyber insurers tend to possess not just hackers are always one step ahead. breach, customer personally identifiable information, they Some may simply be bored teenagers also have access to deeply personal looking for some excitement. But, more expectations for customer information such as health often than not, the hackers are very records, financial histories, driving sophisticated, dedicated and (often) well- cybersecurity records, family histories and credit funded criminals. There is no ‘getting information. Cyber thieves want it all. ahead’ of the threat. evolve. What was considered A risk not worth taking The types of risks being faced are also At the same time, the risks associated rapidly changing. In the past, the majority a ‘good enough’ with a cyber breach are also rising of attacks tended to focus on exploiting for insurers. It’s not just the costs — vulnerabilities to either access and steal response last everything from conducting the cyber confidential information, or to cause investigation through to preparing the some type of business disruption. In the year is likely to legal defense — it’s also the disruption future, we expect to see attackers start be lambasted that a cyberattack can cause as systems to also attack the integrity of insurers’ are shut down, investigations are business — changing data and editing for being ‘not conducted and processes are updated. rules in a way that erodes business confidence and creates unexpected enough’ today. The reputational impacts of a cyberattack customer challenges. can also be significant. Customers expect their insurers to not only protect It’s not just the risks that keep changing. their insured assets but also their data. It’s also the expectations. Indeed, Any erosion of this trust can quickly with every large-scale and public lead customers to change insurance cyber breach, customer expectations providers. And the chances of them for cybersecurity evolve. What was coming back are slim. considered a ‘good enough’ response last year is likely to be lambasted for Regulators around the world recognize being ‘not enough’ today. Companies are the heightened risks and implications. expected to learn from the last attack, And that has led many regulators to regardless of whether their organization promulgate strict cybersecurity and or industry was involved. privacy laws that require insurers to demonstrate a much higher level of Taking off the blinders cyber preparedness than they had in Our experience and our data suggest that the past. Whether it’s Europe’s General some insurance decision-makers may Data Protection Regulation (GDPR), not be fully aware of the risks that their California’s State Privacy Act, New York’s organizations face. According to a recent Cyber Security Laws or new legislation survey of insurance CEOs conducted in the UK, regulators increasingly expect by KPMG International last year, just their insurers to demonstrate a strong 49 percent of respondents believe that understanding and level of preparedness their organization may be vulnerable to a for cyber breaches. cyberattack. This is dangerous thinking;

Frontiers in Finance | 45 Non-financial and emerging technology risks

every organization — no matter the lines of business, offer too limited a size or the scope — is vulnerable to view of the risks or ignore the potential cyberattack. interdependent risks that cyberattacks could create. Ensuring that the first and Just 54 percent What is perhaps more worrying is that second lines of defense have a realistic of insurance just 54 percent of insurance CEOs view of the cyber risks and controls is believe their organization is ‘fully critical to managing the risks. CEOs believe prepared’ for a future cyberattack. Even assuming that CEOs are fully aware of Embedding cyber risk their organization the risks they face (and our conversations While these actions may help eliminate is ‘fully prepared’ suggest that they are not), this data the vast majority of the cyber risks insinuates that many insurers recognize now facing insurers, our view suggests for a future they are woefully behind in their cyber that more must be done to ensure that planning and preparation. organizations are fully prepared for the cyberattack. next attack. Filling the biggest holes The good news is that there are a For example, insurers should be focusing number of actions that insurers can take on embedding a level of cyber awareness to dramatically reduce their cyber risk and into their risk and organizational culture. enhance their overall preparedness. Every employee must understand the risks and buy into the need for greater One obvious action is to improve vigilance. In part, this is about moving access controls across the enterprise. from a ‘penalize’ approach to employee Indeed, a significant number of the awareness towards a ‘promote’ approach cyberattacks we have witnessed over where employees are rewarded for the past decade have largely focused on demonstrating compliance and initiative. stealing (or phishing) employees’ access credentials and using them to gain entry Risk managers, executives and boards into various systems (with the ultimate could also be working to ensure that the goal of achieving a level of administrative organization enjoys a much more robust or ‘super user’ status that would awareness of the overall cyber risks, the enable them to loot data and change available controls and current ‘leading permissions at will). Strengthening practices’. Participating in industry and access controls both inside the enterprise cross-industry forums and task forces and across relevant third parties would is a good first step. Improving internal help eliminate a significant percentage of governance processes and enhancing potential attack vectors. cyber education will also be key.

The other obvious action tends to center Get serious about cyber around poor systems and software That insurance CEOs and decision- management. In fact, many of the makers may be becoming fatigued by more virulent attacks take advantage the continuously evolving cyber risk of ‘known vulnerabilities’ — identified is understandable. But it is no excuse. gaps in software security that (for Given the regulatory direction of travel the most part) could be eradicated by over the past few years, it is becoming simply downloading the latest security increasingly clear that it will be the and software patches. The WannaCry organization’s executives that will be held ransomware attacks of 2017 were to account if customer data is stolen or successful against those organizations if systems are rendered inoperable by a that had failed to ensure their security cyberattacker. The onus is on the board was up-to-date. and the executive team to ensure that preparedness is high. Insurers could also be working to improve their cyber risk reporting. The reality is So if you’re not fully prepared for a that most risk managers and decision- cyberattack — and 46 percent of those makers only achieve a very limited view reading this article know that they are of the actual risks that their organization not — it’s time to get serious about faces on any given day or month. Far too cybersecurity. often, reports are fragmented across

46 | Frontiers in Finance Non-financial and emerging technology risks

Risk managers, executives and boards could also be working to ensure that the organization enjoys a much more robust awareness of the overall cyber risks, the available controls and current ‘leading practices’.

Contributors

Matthew Martindale KPMG in the UK E: [email protected] Matthew leads KPMG’s cybersecurity service offering for Insurance and Investment Management markets within the UK. He joined KPMG in 2000 and has been principally involved in delivering cybersecurity advisory and assurance engagements to clients in financial services, oil and gas, telecommunications, government, manufacturing and consumer goods.

James Arnold KPMG in the US E: [email protected] Jim is a principal with KPMG in the US Cyber Services group. He helps lead KPMG’s Cyber Response practice and is a national Insurance sector leader. His legal and business skills bring effective results in matters relating to forensic and cybersecurity investigations, cyber insurance, data privacy, data mapping, data identification and remediation, cyber regulations, and digital evidence recovery.

Frontiers in Finance | 47 Non-financial and emerging technology risks Beyond compliance: Regtech and the transformation agenda

Ian Pollari, KPMG Australia David Milligan, KPMG in South Africa Chris Steele, KPMG in the UK

hile many sound regulations have been implemented since the global financial crisis, the W pace of regulatory change continues to increase. For today’s financial institutions, regulatory technology (regtech) has never been more critical. Even with a stabilized regulatory landscape, changes implemented since the financial crisis continue to have costly impacts on banks, asset managers, and insurers worldwide. Up to 15 percent of financial institutions’ staff now work on governance, risk management, and compliance1 — yet even with this investment, regulatory compliance is by no means assured. Financial institutions have paid well over US$340 billion in fines in the 10 years since the financial crisis, and one report estimates that the total is likely to top US$400 billion by 2020.2

1 https://www.ft.com/content/3da058a0-e268-11e6-8405-9e5580d6e5fb 2 https://www.reuters.com/article/us-banks-regulator-fines/u-s-eu-fines-on-banks-misconduct-to-top-400-billion-by- 2020-report-idUSKCN1C210B

48 | Frontiers in Finance Non-financial and emerging technology risks

In the coming months and years, regtech as part of a wider technology regulators around the world are expected transformation initiative designed to help the to turn their focus to investigating how organization weather increasing complexity. well financial institutions have integrated Financial institutions are facing pressures Financial regulatory change into their businesses. on multiple fronts, from political shifts and Identification of breaches of anti-money global financial changes, to the impacts institutions laundering (AML) regulations and know- of new market entrants, new products, your-customer (KYC) non-compliance are and compressed margins. In order to will need to also expected to grow. Nor is there any seek solutions to these complex issues, take a broader expectation that this level of regulatory some global investment banks are already rigor will be relaxed within the foreseeable pursuing a ‘reinvention’ strategy using approach, using future. This means that, in order for technology to enable the transition into a financial institutions to adapt to and excel data company. This type of transformation regtech as in this new normal, regtech must be a is the future, and financial institutions should critical part of the transformation agenda. look to take the early steps today. part of a wider technology The rising need for regtech Supervisory technology to To date, many institutions have been exceed regtech? transformation focused on using technology to help While financial institutions grapple with achieve compliance, while minimizing where, when, and how to best use initiative risk from misconduct and regulatory technology in their risk and compliance designed investigations. Now that focus is shifting processes, many regulators are already towards a greater focus on cost, especially pushing full steam ahead. Supervisory to help the as institutions look for ways to reduce technology, or SupTech, is being used by the cost base and achieve meaningful more regulators to allow them to deliver organization profit growth in the face of increased faster and more effectively on their core demands from regulators and customers mandate. For example, one growing weather alike. However, regulators will want to see area of SupTech is in the use of machine increasing financial institutions continue to strengthen learning and AI to examine vast data sets their core risk management governance, to predict and identify breaches or cases complexity. controls, practices, and reporting. In of misconduct. Here, the potential risk to addition to cost savings and efficiency, financial institutions is that if the regulator the coming increase in both supervisory has access to technological capacity far activity and associated expectations should in advance of the organization itself, the push financial institutions to consider more regulator could predict risk areas that the robust regtech solutions. institution does not see coming.

In previous years, a primary consideration Regulators are also starting to push for when pursuing innovation was whether the ability to gain direct access to financial to build, partner, or buy a regtech institutions’ data, rather than relying only solution. As the quality and diversity of on data provided to them from reporting. regtech offerings continue to rise, the For example, the UK’s Financial Conduct conversation has changed, with a growing Authority has been working with the Bank number of entities actively looking for of England and various other organizations alternative solution providers. A fourth to pilot a program to make regulatory option is also becoming far more viable, reporting “machine readable and especially for smaller players challenged executable … creating the potential for by lack of capability and capacity: that of a automated, straight-through-processing third-party managed regtech solution. of regulatory returns”.3 With the right technologies, regulators would not only These models are excellent for managing be able to oversee a broad set of regulated current uncertainties and addressing entities and market activity as a whole, but immediate regulatory issues. However, also use analytics capabilities to identify over the long term, financial institutions systemic weaknesses and pinpoint areas will need to take a broader approach, using for future focus.

3 https://www.fca.org.uk/firms/our-work-programme/digital-regulatory-reporting

Frontiers in Finance | 49 Non-financial and emerging technology risks

Addressing complex needs market-leading access to the latest Contributors For banks, asset managers and insurers analysis and data about local and global trying to determine the right regtech trends, developments and providers. options for their needs, we recommend a few critical early steps. Accelerate remediation 3 efforts. When issues arise — Assess the organization’s especially when it comes to a 1 needs. Too often organizations breach, vulnerability, or problem with Ian Pollari pursue specific technologies non-compliance — the impulse can be to KPMG Australia rather than addressing defined pain buckle down rather than seek help or E: [email protected] Ian leads Banking for KPMG Australia and points or process gaps. In order to new solutions. Yet speed and accuracy is Global Fintech Co-lead. He has over achieve the desired returns, you should are critical when dealing with regulators, 16 years’ experience in financial services approach regtech investment with both a and third-party support can be the most and works with local and international clear understanding of the organization’s effective route forward. For example, banks, payment providers and fintechs in needs and a strategic view of the issues new remediation-related regtech strategy development, market entry and that you are trying to solve. As a first step solutions use optical scanning, OCR digital innovation. in this process, we recommend capabilities, and AI to extract data points completing a full assessment of the to identify customer files for remediation. organization’s regulatory and risk Such solutions can transform a difficult, management requirements. Next, create time-consuming, and labor-intensive a heat map of the organization’s ability to remediation process, and enable the deliver against those requirements. organization to move forward swiftly. Consider not only whether the organization has the necessary capability Design and implement an David Milligan and capacity, but also how effective, 4 effective operating model for KPMG in South Africa E: [email protected] efficient and timely that delivery will be. regtech. Ensure your organization David is the CEO of KPMG Matchi, a has clear and well-defined governance leading global fintech/regtech innovation Understand your solution structures and operating models for matchmaking platform and service, 2 options. Once you are clear on engaging with, implementing, and within KPMG’s global fintech area. the organization’s needs and have managing regtech initiatives. This should KPMG Matchi helps financial institutions, discerned the pain points in your include assigned ownership for each area. regulators and others to engage regulatory compliance or reporting Also look to create a group that includes productively with emerging technology providers. process, the next step is to fully explore both domain (e.g. Financial Crime) and potential solutions. The regtech landscape functional specialists (e.g. Data Analytics) has evolved considerably over the past to help identify and assess potential few years, and there might be more regtech solutions, as well as support the options — and newer solutions — than implementation process. you first realize. Some regtech solution options also create valuable customer Many financial institutions are still benefits, such as removing friction in reeling from the costs and other Chris Steele the customer onboarding process. implications stemming from the massive KPMG in the UK For organizations that have not kept up regulatory changes implemented over E: [email protected] with the latest regtech trends, the past 10 years. Regtech is the key Chris has over 15 years of experience technologies, and third-party companies, to addressing these challenges. With at KPMG in the UK advising financial seeking help with this process or getting the right automation and technology institutions on their governance, advice on the best fit can be a good solutions, financial institutions can regulatory, conduct and customer agendas. His main focus is large-scale option. For example, KPMG Australia, achieve sustainable change and programs driven by regulatory change. through the KPMG Matchi Regtech portal, meaningful cost savings while currently supports a regulator client with a responding effectively to regulators’ research subscription and reporting demands and the imperative to prudently service for fintech and regtech innovation, manage the evolving risk landscape for providing an online portal that delivers the benefit of all stakeholders.

50 | Frontiers in Finance One to

Trunomi

By David Milligan, KPMG Matchi

n each edition of Frontiers in Finance, we spotlight a new idea, solution or technology that — we believe — has the potential to transform the financial Iservices industry. For this ‘risk and regulation’ edition, we selected Trunomi, a UK-based data rights platform that is helping financial services firms deal with the growing body of data rights regulation around the world.

David Milligan (DM): What does Trunomi’s DM: How do you ensure security of the Contributors platform do? data you receive? Julian Johns Julian Johns (JJ): Simply put, we turn data JJ: That’s the beauty. We don’t have access Julian is the VP of Sales at regulation into a competitive advantage by to any customer data at all. What we focus Trunomi where he leads the enabling financial services firms to use data on are the data rights capture processes. And organization’s global Partner, rights to empower their customer relationships that means that banks can avoid some of the Direct and Customer Success and drive trust. We do this by enabling data more worrying third-party risks that come channels. rights capture across a wide range of customer from sharing data. Our solution is also based touchpoints and then distributing that, very on a distributed ledger technology, which simply, within the business. means that our records are always secure David Milligan and are quickly accessible if companies need KPMG in South Africa DM: How does the solution help build trust? to respond to a specific event or reporting E: [email protected] JJ: Our solution lets financial services firms requirement. David is the CEO of KPMG provide their customers with a personal data Matchi, a leading global rights portal where they can control what DM: How has your solution been received fintech/regtech innovation information is stored, why it is stored, how by financial services firms? matchmaking platform and long it is stored and all of the various rights JJ: Extraordinarily well. We’re working with service, within KPMG’s global that come with that. And that demonstrates leading banks and insurers in a number of fintech area. KPMG Matchi to customers that you are serious about markets. And we’ve seen significant interest helps financial institutions, protecting their rights which, in turn, from fintechs. In part, I think that is because regulators and others to engage builds trust. we are helping solve a very immediate and productively with emerging difficult challenge that most financial services technology providers. DM: What specific ‘pain point’ does firms now recognize has become rather Trunomi solve for financial services firms? urgent. But it’s also because we focus on both JJ: With the introduction of various data the front end and the back end of data rights privacy rights regulations — like GDPR — capture. And that makes us very different financial services firms really need to know from other solutions or work-arounds that exactly what consumer data they have, where these firms had been trying in the past. they are storing it and why. DM: How do you see data rights changing For larger banks and insurers, for example, over the next few years? it’s a massive struggle to manage this type JJ: We’re already seeing a shift towards ‘one- of data rights capture at scale, particularly to-many’ type relationships where customers using legacy infrastructure. At the same provide their banks and insurers with permission time, challenger banks and fintechs are to share data with third parties in order to secure looking to quickly stand up new data rights better rates or deals. I think the next big shift infrastructure and want a fast and easy will be around data rights portability — allowing customer-facing solution. consumers to move or alter their permissions at the end of the customer relationship. Both Our platform solves these challenges — of these trends will require financial services and many others such as reporting and firms to become much better at managing their integration — securely, at speed and at scale. customer data rights. Frontiers in Finance | 51 Environmental, social and governance The rise of responsible investment

David Dietz, KPMG in the UAE Minh Dao, KPMG Australia

nvironmental, Social and Governance (ESG) investing began with a letter and call to action. E In January 2004, then UN Secretary-General Kofi Annan wrote to the CEOs of significant financial institutions to take part in an initiative to integrate ESG into capital markets. Where are we today?

52 | Frontiers in Finance Environmental, social and governance

Since then, ESG has evolved and moved what-if scenarios and relies less on past from the sidelines to the forefront of performance and historical data as a decision-making for asset managers predictor of future performance. and institutional investors. Increasingly, In a recent ESG considerations are being integrated ESG in practice into the charters of a growing number Creating ESG guidelines is a growing study by KPMG of entities, included in their practice and priority for asset managers around applied to the due diligence process when the world and across the financial International, more assessing assets to be acquired. services sector. This is particularly than one-third true of institutional investors, such as Consider the numbers: In 2017, ESG sovereign investment funds and pension of C-suite and investments grew 25 percent from 2015 funds. This group is acutely aware to US$23 trillion, accounting for about of the negative impact to reputation board members one-quarter of all professionally managed investments that are not viewed as investments globally.1 socially responsible can have. As a surveyed indicated result, they are rigorous in ensuring the that investor This growth was fueled in part by the rise assets they acquire are compliant with in the Socially Responsible Investment human rights, labor rights, corruption pressure had Movement more broadly, which is and environmental laws, and more than also impacting company behavior with this, that they are compliant with their increased their respect to ESG. In a recent study by own internal benchmarks for what is KPMG International, more than one- responsible investing. company’s focus third (36 percent) of C-suite and board on ESG. members surveyed indicated that While the ESG movement is global, investor pressure had increased their some regions are further along the ESG company’s focus on ESG.2 continuum than others. For example, Europe, Australia, New Zealand Understanding the rise in ESG and and Canada are leaders in terms of the Social Investing Movements prioritizing ESG considerations, which World economies are facing growing can vary from jurisdiction to jurisdiction indebtedness and unsustainable and from entity to entity. asset prices as we enter an unsettling geopolitical reality, where nationalism In December 2017, six sovereign wealth and populism are creating go-it-alone funds came together to create the state mentalities leading to rising military, One Planet Sovereign Wealth Fund economic and commercial tensions. At Working Group. Its objective: to develop the same time, failure to mitigate climate an ESG framework to address climate change and growing cybersecurity change and encourage sustainable breaches continue to grow as threats to growth and market outcomes. The global stability. framework is based on three principles: to align climate change awareness and In this environment, it’s clear ESG criteria influence investment decision-making; to 80% are best suited to effectively assess an promote value creation by encouraging of the world’s largest organization’s resilience, adaptability, businesses to address the impact of corporations use long-term sustainability and capacity climate change; and to integrate the risks global reporting for growth. This requires a forward- and opportunities of climate change in looking, qualitative and expansive the management of investments.3 initiative standards. approach to investing, one that examines

1 https://www.bloomberg.com/professional/blog/global-sustainable-investments-grow-25-23-trillion/ 2 https://assets.kpmg/content/dam/kpmg/be/pdf/2018/05/esg-risk-and-return.pdf 3 https://oneplanetswfs.org/

Frontiers in Finance | 53 Environmental, social and governance

More and more, investment managers Moving beyond the regulatory are creating ESG charters and requirements frameworks that require looking The rise in ESG considerations on the In a recent at a company’s environment and part of businesses and investors is contamination policies, at the governance happening in tandem with a heightened study of 1,000 structures it has put in place to avoid regulatory environment that has also corruption, at the diversity of its board increased ESG requirements and individual and whether or not it is taking aggressive accounting standards demanding investors ... tax positions. transparency around disclosures in financial statements. 71 percent Doing the right thing pays dividends Increasingly, institutional and individual Leading organizations understand believe equity investors have made the link that regulatory requirements are just a between ESG information, a company’s starting point. In order to deliver strong companies that purpose, values and strategy and its returns over the long term, it is necessary focus on the performance. Studies confirm that having to be proactive and to go beyond being appropriate ESG policies in place is not compliant in creating a robust ESG environment just about doing the right thing and being framework. That’s why they are joining compliant with laws and regulations, forces and forming organizations such and social it’s financially beneficial. Companies the One Planet Sovereign Wealth Fund with sustainable practices outperform and creating their own, more far-reaching goals will earn companies that have not integrated ESG ESG requirements. better returns. considerations into operations. In today’s environment where change In a recent survey of 1,000 individual and uncertainty seem to be the only investors, 75 percent said they are constants, more and more investors are interested in sustainable investing taking a long-term view and choosing and adopting its principles as part of to put their money into companies that their strategy and 71 percent believe act responsibly. ESG investing is already companies that focus on the environment reshaping global markets. This trend is and social goals will earn better returns.4 poised to continue making ESG analysis a critical part of the investment process. A poll of 900 board members and business leaders from 41 countries by the Audit Committee Institute reveals that 47 percent of respondents believe ESG-focused companies outperform competitors.5

4 https://www.morganstanley.com/ideas/sustainable-socially-responsible-investing-millennials-drive-growth 5 https://assets.kpmg.com/content/dam/kpmg/be/pdf/2018/05/esg-risk-and-return.pdf

54 | Frontiers in Finance Environmental, social and governance

Driving ESG success For institutional investors and companies looking to implement and improve ESG considerations, we recommend:

Developing a formal ESG charter that reflects the values of your organization and its stakeholders. ESG 1 can encompass broad concepts but they must be of Contributors value to your stakeholders.

Making ESG a business priority. This starts at the top but it goes beyond creating a policy and principles. 2 Your leadership team has to make the societal and economic case for ESG and gain buy-in from David Dietz KPMG in the UAE across the organization and the people who will be E: [email protected] implementing it. Understand that ESG criteria are David is a US Tax Managing Director and evolving and broadening in meaning. For example, part of KPMG’s Institutional Investor Group, primarily focusing on sovereign for some organizations, ESG includes board diversity wealth funds and pensions in the Middle and equal employment of women. Stay on top of East. He specializes in international new developments and adapt. Track ESG issues and tax issues and prior to his current role, communicate them to the board and shareholders. worked in both tax and non-tax roles at a globally active bank.

Actively taking ESG criteria into consideration when assessing new investment and review and align legacy 3 investments with ESG principles. Be prepared to navigate a challenging transition period. Throughout this time, communicate why the changes are being made. Minh Dao Involving your board of directors. Given the increasing KPMG Australia importance stakeholders assign to the management E: [email protected] Minh is an Australian Deals Tax Partner 4 of ESG, boards can play a key role in identifying and and the Asia Pacific Tax Lead for managing ESG risks and opportunities, determining sovereign wealth funds and pension which ESG issues are of strategic significance, and funds at KPMG. She specializes in infrastructure transactions, including embedding ESG into your strategy and culture to drive privatizations, M&A, public private long-term performance.6 partnerships (PPPs) and renewables.

6 https://assets.kpmg.com/content/dam/kpmg/be/pdf/2018/05/esg-risk-and-return.pdf

Frontiers in Finance | 55 Environmental, social and governance Combating climate risks: The future of insurance

Serena Brown, KPMG International Chris Nyce, KPMG in the US

atural disasters killed more than 10,000 people in 2018. They left N millions more homeless. In the same year, natural catastrophe-related economic losses reached US$160 billion. The vast majority — 95 percent — of the registered events were weather related.1

1 https://www.munichre.com/topics-online/en/climate-change-and-natural-disasters/natural-disasters/the-natural- disasters-of-2018-in-figures.html

56 | Frontiers in Finance Environmental, social and governance

Adding further urgency to the issue, the world will evolve towards a low-carbon a recent report2 by the International economy in terms of public policy, Panel on Climate Changes spoke of regulation, actual temperature change, the dire consequences for people, social expectations and technological Yet, while economies and ecosystems which would developments. That’s even more difficult result from global warming exceeding to measure or price. And, given the slow industry and 1.5 °C above pre-industrial levels. The progress on transition, the potential for World Economic Forum’s Global Risks a panicked, forceful policy response in a government Perceptions Survey 2018–193 revealed few years’ time — sparking a disorderly extreme weather events, failure on transition — is increasing. efforts seem climate change mitigation and adaptation, to be moving and natural disasters as the three most The third class of risk is the liability risk. likely risks of significant concern. No Recent estimates suggest that there ahead, our view wonder climate change is rapidly rising have been close to 1,000 climate change- up the public agenda. related class action lawsuits filed in of the market 25 countries. Rhode Island, for example, It is also rocketing up the insurance filed a suit that alleges 21 companies suggests that agenda. Not just because natural- knowingly contributed to climate change most individual disaster insurance claims are rising, but and failed to adequately warn citizens also because insurers are increasingly about the risks posed by their products.5 insurers still have recognizing that the mid- to long-term Law suits are creating concerns for outlook on climate change carries some companies’ insurers. a long way to massive risks. It is not inconceivable that some insurers go before they Understanding the risks could suffer a triple loss: a large increase can confidently Back in 2015, Mark Carney, Governor of in director and officer liability insurance the Bank of England, delivered a speech4 policy claims arising from failure to claim to be in which he warned insurers that ‘the mitigate, adapt or disclose climate risks; catastrophic impacts of climate change a drop in asset value if they also invest understanding, will be felt beyond the traditional horizons in these companies; and litigation from of most actors (including business, policyholders who believe their insurers mitigating and political, and technocratic authorities) — failed to fulfil their fiduciary duty to managing their imposing a cost on future generations construct climate-resilient asset portfolios. that the current generation has no direct climate risks. incentive to fix’. The industry takes the lead The good news is that there are a number There are three channels through of initiatives to improve awareness and which climate risks could crystallize. catalyze a response to climate-related risks. For example: The first is the physical risks from extreme climate events, which include —— The Insurance Development storms, heavy rain, flooding, drought and Forum6 — an industry-led public/ associated wildfires, and heat waves. It private partnership — is making great is hard to predict the changing intensity, strides towards the more effective frequency and concentration of these use of insurance and its related events such as clusters of typhoons. risk management capabilities to Insurers also struggle to foresee the build greater climate resilience and indirect risks such as disruption to protection for people, communities, economic value chains. businesses, and public institutions that are vulnerable to climate-related The second class of risk is the transition disasters and their associated risk; basically, the ‘unknowns’ about how economic shocks.

2 https://www.ipcc.ch/sr15/chapter/summary-for-policy-makers/ 3 http://www3.weforum.org/docs/WEF_Global_Risks_Report_2019.pdf 4 https://www.bankofengland.co.uk/-/media/boe/files/speech/2015/breaking-the-tragedy-of-the-horizon-climate-change-and- financial-stability.pdf?la=en&hash=7C67E785651862457D99511147C7424FF5EA0C1A 5 https://www.climateliabilitynews.org/2018/07/02/rhode-island-climate-liability-suit/ 6 https://www.insdevforum.org/about

Frontiers in Finance | 57 Environmental, social and governance

—— The UN Environment Programme’s properly diversified to avoid excessive Principles for Sustainable Insurance risk concentration. That may include Initiative has been steadily increasing tilting portfolios towards companies and its focus on climate resilience, with industries which are relatively climate leading insurers currently developing a resilient and best positioned for the low new generation of forward-looking risk carbon transition, and spreading regional assessment tools to better understand exposure. the impacts of climate change on their business. Insurers could also be taking action to drive greater awareness and response to —— The multi-stakeholder InsuResilience climate change within their customer base Global Partnership for Climate and and their markets. Just like some insurers Disaster Risk Finance and Insurance offer lower home insurance premiums Solutions aims to strengthen the for home owners that install strong locks resilience of developing countries and and robust alarm systems so, too, could protect the lives and livelihoods of businesses be offered lower premiums poor and vulnerable people against the if they have taken the steps necessary to impacts of disasters. reduce their vulnerability and increase their Contributors preparedness for extreme climatic events. Yet, while industry and government efforts seem to be moving ahead, our There is also the opportunity for insurers to view of the market suggests that most be more proactive in helping governments individual insurers still have a long way to and municipalities improve resilience by go before they can confidently claim to be using their experience, data and models Serena Brown understanding, mitigating and managing to help enhance building codes and land KPMG International their climate risks. zoning regulation. And they could be more E: [email protected] forceful in encouraging their corporate and Serena is Director of Sustainable Start from within government policy holders to voluntarily Development with KPMG International. There are a number of actions that adopt standardized climate-related Having over 20 years of experience insurers could take to improve the way financial disclosures. spanning financial services, climate resilience and community development they assess and manage the near and across Europe, Africa and Asia Pacific, longer-term impacts of climate change. Your future success depends on it Serena helps identify opportunities for To be clear, the response to climate business to create shared value. She One of the most important things insurers change is not only about moral and ethical leads KPMG’s collaboration with the can do is to fully embed climate-related responsibility for an existential threat Insurance Development Forum and the risks into their overall governance and to life. Insurers also have a business City of London’s Green Finance Initiative. risk management frameworks. This imperative to preserve their existing includes sharpening quantitative risk markets, policies and investments, and modeling (including scenario analysis) also to create new markets and green around perils impacted by climate change investments. Further, as insurers look to and measuring the potential for liability developing markets for the next round of claims against high carbon emitter. The growth, those countries’ greater exposure recommendations of the Financial Stability to climate-related risks will require Chris Nyce Board (FSB) Taskforce on Climate-related insurers to better understand, quantify, KPMG in the US Financial Disclosures provide a helpful and rigorously combat the impacts of E: [email protected] road map in this regard — spanning climate change. Chris is a Principal in KPMG in the US’ Actuarial Services practice with governance, strategy, risk management, over 25 years of senior management as well as metrics and targets. The reality is that there will likely be more experience in the industry, working with climate-related regulation and legislation in large national insurance carriers, including Insurers will want to consider whether the very near future. Insurers will have no some of the largest automobile insurers in their liabilities and investments are choice but to act. the US, and consulting organizations.

58 | Frontiers in Finance In the eye of the storm

A Q&A with Karina Whalley, Public Sector Business Development Manager at AXA Global Parametrics

How worried should insurers be about time, they also force corporates to assess Contributor climate change? their own risks and that, in turn, should drive Very. Back in 2015, our CEO shook up the significant demand for solutions like weather sector by suggesting that a 2-degree Celsius risk-transfer structures. increase in temperature might be insurable but a 4-degree Celsius increase globally Besides writing policies, are there other certainly would not be. A 4-degree ways insurers could help? temperature rise would likely increase Certainly. I think we are in a great position Karina Whalley volatility in weather risks that, in turn, to help our clients — individuals, corporates Public Sector Business would raise uncertainty for insurers in their and governments alike — understand and Development Manager risk pricing which could lead to increased reduce their climate-related risks. In some AXA Global Parametrics Karina leads the development pricing buffers. This could make insurance cases, that might be through working directly of new public sector business prohibitively expensive for certain risks. From with governments to improve risk analysis. globally for AXA Global that angle alone, it’s critical that insurers take In others, it might be rewarding clients who Parametrics, based out of climate change seriously. demonstrate risk-reduction behavior. I think Paris. She was previously at insurers could also be better at using the the African Risk Capacity, a How is AXA Global Parametrics asset side of their balance sheet to influence catastrophe risk pool for African assessing and measuring the impacts of how development is achieved especially governments. climate change? through climate-resilient infrastructure We recognize that climate change is investment in emerging countries. modifying the patterns of risk. You can’t simply rely on backward-looking historic data What advice would you offer other and statistics anymore. We are incorporating insurers today? physical models to assess shifts in climate I think the most important action insurers and we also use detrending methods as can do is to start engaging in existing well as emphasising more recent historic development and climate-focused initiatives. data. These techniques help give us a better I am very supportive of the projects currently understanding of the risk and how it is evolving underway within organizations such as the and therefore allow for more accurate pricing Insurance Development Forum which is of the risk. It requires looking at a range of actively plugging climate risk model gaps, perspectives, models and data to understand launching sovereign climate insurance how a portfolio will be impacted. programmes and driving climate-focused investment. I also think insurers should be How is regulation influencing the debate? putting a lot more time towards educating I think some of the more recent regulatory themselves, their clients and their potential changes have been incredible. On the clients about the risks associated with one hand, they force the industry to think climate change. It’s not about scaring people, seriously about the volatility of the risks but it is about providing a reality check. inherent in climate change. At the same

Frontiers in Finance | 59 Environmental, social and governance The risk of human rights violations

Richard Boele, KPMG Australia Dr. Meg Brodie, KPMG Australia Jerwin Tholen, KPMG in the Netherlands

inancial services organizations are being challenged as never before to recognize and F respond to the serious risk of human rights violations within their operations and across their global networks of suppliers and partners.

60 | Frontiers in Finance Environmental, social and governance

Today’s trend of emerging legislation — While the UNGPs are considered the as witnessed in the US, the UK, the internationally accepted framework for Netherlands, France, Australia and business practices regarding human beyond — is intensifying finance-sector rights today, financial-sector compliance The trend scrutiny concerning human rights issues remains limited. Today’s typical executive that include: response on the issue? “What does towards human rights have to do with us?” —— forced labor, child labor and other enhanced slavery-like practices Preventing harm and protecting the bottom line human rights —— unsafe or unhealthy working Failure to identify and respond to issues awareness and conditions can lead to costly and disruptive legal action, investor divestment, negative performance —— displacement of local communities publicity, reputation damage and significant financial loss. Managing human among —— discrimination by race, age, gender, rights is not only about doing the right financial firms sexuality and other protected thing to prevent harm — it’s also about attributes protecting the bottom line. also includes

—— underpayment for labor or services Several widely reported human rights the need for provided. cases involving banks have served as instructive examples of what type of grievance Respect for human rights is considered a risks emerge in the financial sector. For mechanisms. fundamental business responsibility today example, several Dutch banks provided under the UN 2011 Guiding Principles on more than US$5 billion in financing or Business and Human Rights (UNGPs). investments to palm oil producers who In addition to the UNGPs — under which were found to be involved in human global financial firms must possess a clear rights cases that included environmental policy on human rights management — issues and disruption of local the OECD’s Guidelines for Multinational communities in several countries.1 Enterprises provides financial institutions with best practices for responsible global Some global financial institutions are conduct. This includes a focus on due making progress in the wake of such diligence and the requirement to assess revelations. Major initiatives include real and potential human rights issues, the Dutch Banking Sector Agreement act on findings, track responses, and on International Responsible Business communicate how issues are being Conduct, created to ensure that, in the managed. case of corporate lending and project financing, human rights are respected The trend towards enhanced human rights as set out under both the OECD awareness and performance among Guidelines and UNGPs. The agreement financial firms also includes the need for requires banks to be transparent about grievance mechanisms. As specified investment portfolios, client screening under both the OECD Guidelines for and their response to clients involved in Multinational Enterprises and the UNGPs, human rights cases. Dutch banks will banking clients receiving project financing also maintain a grievance mechanism for must have a grievance mechanism to human rights cases. address and resolve issues or violations.

1 https://nltimes.nl/2018/07/02/dutch-banks-structurally-involved-abuses-palm-oil-sector-report

Frontiers in Finance | 61 Environmental, social and governance

In addition, 73 Dutch pension funds Every customer, supplier or with EUR1,179 billion in invested assets partnership can pose an unseen risk in December 2018 signed a covenant As expectations and requirements to Expansion into with the Dutch Government, NGOs and improve human rights risk management unions to map, predict and prevent or grow, all financial institutions should new global address human rights violations within explore new ways to identify, manage their global portfolios.2 and report on potential issues that can markets — emerge that involve: both by In Australia, banks and other financial institutions are beginning to respond —— working conditions among financial firms to new modern-slavery legislation employees or operations requiring large businesses to publicly and their report on how they manage the risk of —— partners in the global value chain, modern slavery within operations and including suppliers and beyond business across supply chains. One leading firm customers, we worked with is deepening supplier —— customers acquiring project relationships in high-risk geographies financing, loans, asset-management partners and as part of a suite of measures to better services and more manage the risk of negative human suppliers — rights impacts. —— acquired businesses or activities in new global markets and regions. is an activity In addition to responding to media where coverage, voluntary agreements and Financial institutions must acknowledge covenants, the financial sector is also that every business, partnership or business pushed to act upon human rights as an sourcing decision entails significant outcome of the National Action Plans questions about potential human rights should look for (NAPs) for Human Rights. NAPs are issues. This reality demands a shift in policy documents in which a government thinking — away from traditional risk- red flags. articulates priorities and actions that it to-business concerns and towards will adopt to support the implementation non-financialrisk-to-people concerns. of international, regional, or national Legislation requiring transparent obligations and commitments with reporting over human rights risk — such regard to a given policy area or topic.3 as modern slavery laws in the UK and Australia — is compelling boards to take More than 20 countries explicitly mention on accountability for such non-financial finance and the banking sector in their issues and risks. NAPs. The French NAP, for instance, states: “Given the financial sector’s Expansion into new global markets — importance in providing loans, managing both by financial firms and their business assets and financing projects, it has a duty customers, partners and suppliers — is to promote the adoption of responsible an activity where business should look management practices by the companies for red flags. A bank or client business it finances or invests in, especially in the acquiring a company or operation in a human rights field”. Moreover, France new region, for example, is also acquiring has implemented a regulatory framework any potential human rights issues and that is relatively unique in that some of its legislative requirements related to that provisions specifically target the finance company or new geography. Gaining a and banking sector (the Grenelle II Act of comprehensive view of risk across their 12 July 2010). France is also examining global supply chains should also be a top whether to extend environmental, social priority for financial firms. and governance reporting requirements for institutional investors in Europe to cover human rights.

2 https://www.imvoconvenanten.nl/pensioenfondsen/news/2018/12/convenant-pensioenfondsen?sc_lang=en 3 https://globalnaps.org/issue/finance-and-banking

62 | Frontiers in Finance Environmental, social and governance

A step-by-step approach for granular analysis

Identify relevant (clusters of) human Financial rights risks based on the international institutions must 01 Bill of Human Identify human Rights and IFC acknowledge that rights risks Guide to Human Rights Impact every business, Assessment and partnership Identify sub-sectors Management to enable in-depth 02 or sourcing analysis of the Map value human rights risk chain per sector decision entails profile of the sectors significant questions about 03 Identify potential potential human Determine scenarios/events human rights that could take rights issues. risk per (sub-) place within the sector (sub)sectors

Assess likelihood of identified human 04 rights risk Assess scenario/events to likelihood per take place in country/region sector

Evaluate impact of identified human 05 rights risk Assess impact scenario/events in per sector terms of business risks and reversibility

Build a tool summarizing the outcomes of the 06 human rights risk Develop assessment per dynamic IT tool (sub)sectors

Identify orange/red 07 flags within global Prioritize loan portfolio (from human rights a human rights, sector, country risks perspective)

Source: KPMG International 2018

Frontiers in Finance | 63 Environmental, social and governance

Taking a strategic approach to risk Key considerations to enhance analysis human rights risk management KPMG is taking a strategic and proven Financial services leaders and boards Develop a seven-step approach to analyzing human should consider the following steps to rights risks for global finance-sector enhance and prioritize management of dynamic IT businesses that are dedicating the time and human rights risk: resources needed for a proactive stance tool designed on today’s reality. This is crucial to these —— set the tone at the top by appointing specifically to businesses as the number of human rights a board member or board committee risks is almost endless and can materialize with responsibility for human rights comprehensively in nearly all sectors of, for instance, a loan portfolio. Awareness of human rights —— ensure boards and leaders are summarize, across the organization and prioritization of committed to respecting human them is therefore only the beginning in a rights and to challenging traditional sector-by-sector, process to address these risks to people. assumptions about corporate the outcomes As the chart on the previous page shows, responsibility we begin by identifying relevant human of the risk rights risks based on global standards and —— set up a cross-functional working map the value chain per sector. The more group that includes the sales, assessment. In detailed assessment process follows, in procurement, operations, legal, ethics, which we: safety and HR functions to implement the final step, a a human rights policy firm can prioritize —— map the value chain by sector to identify each sector’s risk profile —— build human rights actions into annual the human rights business-unit plans and ensure that —— identify potential scenarios or events accountability sits with business-unit risks within the in each sector leaders financial firm’s —— assess the potential for each human —— integrate human rights risks into global loan rights risk scenario to emerge risk management across different business functions portfolio. —— evaluate the business impact — and the reversibility — of identified risk —— monitor the effectiveness of systems scenarios. to manage and respond to human rights risk and establish appropriate With the assessment process grievance and remediation processes complete, the business is positioned to develop a dynamic IT tool designed —— ensure a clear line of reporting to the specifically to comprehensively board and leaders on human rights summarize, sector-by-sector, the risks and impacts so serious cases are outcomes of the risk assessment. In escalated rapidly. the final step, a firm can prioritize the human rights risks within the financial firm’s global loan portfolio.

64 | Frontiers in Finance Environmental, social and governance

Where to begin on the human rights journey? Today’s financial services organizations should be asking themselves these important questions. Contributors

1 Do we fully understand how human rights issues can impact our company — today and in the future? Richard Boele KPMG Australia What will be the impact to our brand of a future E: [email protected] 2 Richard leads KPMG International’s media or NGO human rights campaign if we fail to global Human Rights and Business manage our human rights risk? Network specializing in human rights and social impact advisory. His particular strengths are the social and governance dimensions of sustainability and Who in our company is leading large consultancy assignments accountable for human 3 in socially and politically complex rights issues? environments.

Are we compliant with all national/international human rights 4 regulations and guidelines? 5

Do we have adequate human rights policies, due diligence Dr. Meg Brodie KPMG Australia processes and systems in place — including grievance and E: [email protected] whistle-blowing mechanisms? Meg leads KPMG Australia’s human rights service line working with Are we confident that there are no unfair or unsafe working corporate clients to translate human 6 rights commitments into practical practices at our own operations and among our contractors, commercial solutions. She specializes suppliers or franchisees? in modern slavery responses, as well as transformative human rights change processes and complex stakeholder 7 dynamics. How does our business growth strategy take account of potential 8 Are our mergers and human rights risks? acquisitions or joint-venture activities exposing us to new human rights risks? Jerwin Tholen KPMG in the Netherlands E: [email protected] 9 Do we have the appropriate internal capability and Director of Business and Human Rights expertise to identify and address human rights issues? Services with KPMG in the Netherlands, Jerwin works with organizations and governments to improve the visibility of supply chain structures and to identify What opportunities are there for our business to contribute and address human rights and other sustainability risks. to improving human rights and support the UN’s sustainable 10 development goals?

Frontiers in Finance | 65 Environmental, social and governance Combating financial crime

Rupert Chamberlain, KPMG China Jim McAveeney, KPMG in the US Chetan Nair, KPMG in the US Andrew Husband, KPMG in the UK Michael Robinson, KPMG in the UK

anks around the world are spending billions to improve their financial crime B management. Yet the number of fines and sanctions being imposed on banks is still increasing. What will it take to achieve efficient and effective customer due diligence?

66 | Frontiers in Finance Environmental, social and governance

One would be hard-pressed to suggest Some of the more advanced banks have that banks are ignoring the need for achieved an ‘evolving’ level of maturity. better customer due diligence. Indeed, They also have a defined and aligned according to a Forbes article, some banks policy. But their policy is supported Some banks spend up to US$500 million each year by effectively managed processes in an effort to improve and manage their and procedures. Organizational spend up to Know-Your-Customer (KYC) and Anti- structure is well established. Roles and Money Laundering (AML) processes. responsibilities are clear and technology US$500 million The average bank spends around US$48 is being applied to improve KYC each year in million per year.1 In the US alone, banks are operational management. spending more than US$25 billion a year an effort to on AML compliance.2 However, our experience suggests that most banks are looking for ways to be improve and With this much investment going into ‘transformational’ in their approach to customer due diligence processes, one customer due diligence. They want to manage their would think that the number of fines and make their policies actionable and embed Know-Your- sanctions imposed on banks would drop. But them in the culture by creating a set quite the opposite; our research suggests of business rules with traceability that Customer and that the number of fines and sanctions has allows them to easily identify the impact actually increased over the past 3 years. In that any changes to the policy may have Anti-Money the US, where regulators are among the on operations. They want processes and world’s most aggressive in imposing fines procedures that are well defined across Laundering and sanctions, banks have been hit with customer onboarding, client refresh processes. nearly US$24 billion in non-compliance fines and screening. They want self-service since 2008.3 capabilities that allow customers to easily update their KYC and AML data through It’s not just big fines and the possibility multiple channels. of sanctions that worry bank CEOs and boards; most also now recognize that Getting better inefficient AML and KYC processes When we work with financial also lead to lower productivity (due to institutions to help achieve this type of significant re-work requirements), greater transformational maturity, we often start government scrutiny (in cases where by helping decision-makers think about problems persist) and the potential for the four key components of customer decreased customer satisfaction. due diligence.

Building maturity Policy and risk management: Our recent surveys and experience 1 Every good AML or KYC process working with leading banks around the is underpinned by relevant laws, world suggests that many banks currently regulations and company policies. The display a ‘fundamental’ level of maturity more mature organizations, however, are when it comes to customer due diligence: able to identify the linkage between AML they have a defined policy that is aligned and KYC policies, data requirements, to regulation and is well communicated underlying processes and technology. within the business. But the policy is often And that allows them to quickly identify poorly executed operationally. Banks with how any changes in their policies will a fundamental level of maturity often find influence the wider AML and KYC themselves doing significant re-work and ecosystem. manual data entry.

1 Know Your Customer Will Be A Great Thing When It Works.’’ Forbes, July 10, 2018 2 “Anti-money laundering compliance costs US financial services firms $25.3 billion per year,’’ LexisNexis Risk Solutions, October 11, 2018 3 “Europe Goes Harder on Money Laundering With Record ING Fine,’’ The Wall Street Journal, September 4, 2018

Frontiers in Finance | 67 Environmental, social and governance

Processes and services: Most Three focus areas for transformational 2 banks now continuously monitor their customers throughout the customer due diligence life cycle with event-driven reviews and specific actions triggered at specific 1. Optimize KYC business operations to reduce the total times. The more mature organizations are cost of KYC compliance also working to reduce unnecessary customer outreach by creating bespoke —— Implement a data model/data dictionary to capture all customer due diligence portals that allow required data elements, requirements and business customers to perform their own profile rules based on entity type. maintenance. Some are also now using ‘search before’ contact models that —— Define data lineage between policy, business rules harvest publicly available data from and technology to ensure alignment with policy and to third-party sources. easily understand the impacts of policy changes.

People and organization: —— Leverage technology solutions (e.g. workflow/case 3 Relationship managers are too management) and client channels to automate the valuable to have their time soaked processing of KYC cases, thereby reducing time and up collecting customer data and improving operations efficiencies. conducting manual reviews. That’s why the more mature organizations are now —— Ensure the right skilled people are undertaking the right starting to create specialized delivery activities in the right way (e.g. sourcing options). centers that allow 24/7 access to deep pools of talent at an optimized cost. This —— Know your customer better through relevant data allows them to bridge existing gaps in the collection. end-to-end process, centralize resources 2. Enhance the customer experience for onboarding and and focus employee skill sets. refresh Data, technology and analytics: —— Improve the customer experience and enhance the KYC 4 Many banks are struggling with data collection processes by leveraging clearly defined siloed, duplicative and inconsistent data requirements and business rules. data, which means their ability to search and access sources is limited. The more —— Minimize customer outreach by aggregating publicly mature organizations are creating data available customer data. models and dictionaries that can serve as the master source of requirements and —— Provide a true omni-channel experience by enabling business rules. Some of the more self-service capabilities (e.g. portal, mobile). advanced organizations are now exploring how they can leverage their AML and KYC 3. Improve risk management/financial crimes data to unlock new customer insights that compliance by assessing and monitoring KYC client can help influence both product offerings information for critical insights and risk decisions. —— Use evidence-based, robust and auditable processes. The path to efficient and robust customer —— Conduct early risk-based assessment through due diligence is never-ending. Banks will customer segmentation. need to continue to invest into newer technologies and processes if they hope —— Achieve quality financial crime judgment rather than to remain ahead of regulator and customer simply conducting a data collection exercise. expectations.

68 | Frontiers in Finance Environmental, social and governance

Contributors

Rupert Chamberlain Case study KPMG China E: [email protected] Rupert is the CEO of KPMG’s Managed Services business in Improving compliance and efficiency China, delivering large-scale, technology-enabled solutions. When a large global financial institution wanted to develop a solution to enable them to review tens of thousands of customer records against their financial crime policy standards and within a tight deadline, they knew they needed to move away from their existing approach and develop a holistic process that would not only have a minimal impact on customers but also provide a clear audit Jim McAveeney trail and deliver at the scale required. KPMG in the US E: [email protected] Working with the institution and the local regulator, KPMG’s Jim leads KPMG’s Managed Services practice for Financial financial services and regulatory advisory teams designed Services Advisory in the US. Prior to assuming this role, Jim lead and implemented an end-to-end solution comprising new KPMG’s Management Consulting Banking practice for the US firm. technology tools, hosted in a secure cloud environment and an off-shore delivery center for customer outreach and case reviews. The solution improved the efficiency of customer data collection through a new customer portal; codified regulatory and policy rules into an operational workflow minimizing manual effort and provided detailed management information on progress as well as insights Chetan Nair into customer behavior enabling continuous improvement KPMG in the US throughout the project. E: [email protected] Chetan is a director in KPMG’s Financial Services practice with Not only can the institution now make more holistic over 20 years of experience in banking and technology, and has led large business transformations, regulatory change initiatives, decisions supported by a fully auditable process, they have and system implementations for Fortune 500 companies. also cut the compliance process time in half, unlocking significant operational efficiencies and savings.

Andrew Husband KPMG in the UK E: [email protected] A Partner with KPMG in the UK, Andrew has particular experience leading regulatory change and financial crime programs for Investment Banking and Market Infrastructure clients.

Michael Robinson KPMG in the UK E: [email protected] Michael specializes in the operational performance improvement in banks. His areas of focus include advice on replacement of core banking and finance systems, enterprise-wide cost reduction and driving revenue growth.

Frontiers in Finance | 69 Environmental, social and governance Closer scrutiny of costs versus performance

Julie Patterson, KPMG in the UK Peter Hayes, KPMG in Canada

egulators around the world are still trying to deliver on a long-standing target — simple and meaningful disclosure about costs and performance. RSome have now trained their sights on the level of costs and charges in funds, and determining whether those costs are justified. It’s not surprising given the longest bull market in recent history appears to be coming to an end, growth is slowing and budget-constrained governments are concerned about providing retirement pensions for their growing aging populations.

70 | Frontiers in Finance Environmental, social and governance

Taking their cue from investor protection The focus on the actual amount of fees agencies, media and bloggers — who is new territory for European regulators write consistently about the too-high because it falls under competition law, price of investing and the rise in lower- which is not part of their mandate. That The message cost exchange traded funds — regulators said, they continue to push forward. For are turning their attention to the amount example, the European Securities and is clear: there’s of fees that investors are paying for Markets Authority (ESMA) has received a investment advice, and specifically the mandate from the European Commission no place to fees being charged by investment funds. to issue reports on the cost and past hide on costs performance of the main categories of The message is clear: there’s no place retail investment, insurance and pension and charges. to hide on costs and charges. The products. In effect, regulators are beginning spotlight on the industry is simply too to link performance to cost and asking The spotlight intense to ignore. All fund management whether the level of costs and charges is companies have to disclose fully all reasonable based on performance.2 on the industry costs and charges in a way that is clear is simply too to investors. This will require firms to UK regulators have gone a step further, review their fee structure processes and requiring non-executive board directors intense to demonstrate that they’re putting the of fund management companies to be investor front and center. held directly responsible for the value ignore. assessment of each of the funds. From disclosure to cost According to KPMG International’s In Canada, the Mutual Fund Dealers Evolving Asset Management Regulation Association of Canada (MFDA), the 2018 report: “Product governance and national regulatory body, is pushing disclosures remain firmly in regulators’ to expand further the way investment sights, as do fund distributors in general fees are reported to investors to include and financial advisers in particular.”1 ongoing costs, such as management expense ratios. Nearly 10 years on from For example, on 1 January 2018 the the introduction of the first phase of European Commission’s Packaged the Client Relationship Model (CRM), Retail Investment and Insurance- and over 3 years since the introduction based Products (PRIIPs) regulations of CRM2, such disclosures are not yet came into effect. The regulations set required under these rules.3 out new calculation methodologies and transparency requirements for In April 2018, the MFDA issued a these investments. Among the key discussion paper asking for industry requirements: fund managers must feedback on four areas not covered provide Key Information Documents by CRM2: continuing costs of owning (KIDs) for their non-UCITS (Undertakings investment funds; transactional costs for Collective Investments in of owning investment funds, such as Transferable Securities) products that redemption fees and short-term trading include an explanation of the main fees; third-party custodial and intermediary factors that impact the investment’s fees to administer the fund but not charged return, the level of risk, and a table by or paid to the registered firm; and costs explaining the impact of costs on an of other investment products not currently investor’s investment over time. The included in the annual charges and regulation is expected to be extended to compensation report. UCITS at some point.

1 https://home.kpmg.com/content/dam/kpmg/xx/pdf/2018/05/a-parting-of-the-ways-executive-summary.pdf 2 https://www.esma.europa.eu/press-news/esma-news/esma-receives-mandate-fund-performance-european-commission 3 https://www.theglobeandmail.com/investing/education/article-mutual-fund-regulators-push-for-more-fee-transparency/

Frontiers in Finance | 71 Environmental, social and governance

Canadian regulators have also been passive products. A UK FCA report found active. In September 2018, the Canadian that active funds provide poor value for Securities Administrators (CSA), the money — a view shared by the European umbrella group made up of provincial and Commission. Based on the FCA report, in territorial regulators, issued a proposal March 2018, the UK regulator demanded prohibiting investment fund managers from that asset managers compensate investors paying so-called ‘up-front’ commissions to who were overcharged for closet tracking the dealers, which can be covered by the funds and that 64 closet tracker funds management fees charged to a fund. of 84 suspect funds investigated must Contributors change how they market the funds.5 “The up-front sales commission payable by fund organizations to dealers for mutual What fund managers need to do fund sales made under the (deferred sales Understand the regulations are not charge) option is a key feature of that sales 1 just about disclosure. Increasingly, charge option that gives rise to a conflict jurisdictions are asking for clarity of interest that can incentivize dealers around exactly what the fund does and Julie Patterson and their representatives to make self- how that translates into costs. This will KPMG in the UK E: [email protected] interested investment recommendations require a mind shift and new approach on Julie has specialized in the asset to the detriment of investor interests,” said the part of investment managers and fund management and funds sector for nearly the notice published by the CSA.4 companies, and to apply this approach to 20 years, having previously worked at existing funds as well as new product the UK Investment Association and as a Canadian regulators are also looking to launches. regulator. She has extensive knowledge eliminate a commission paid to dealers of EU regulation and national market who don’t do a ‘suitability determination’, Regularly review existing funds. structures, produces thought leadership 2 on the evolving regulatory context, on behalf of clients. This goes beyond assessing and is KPMG’s global lead on Brexit for performance and includes the sector. Closet tracking ensuring the description of the product Increasingly under the microscope and the fees and costs are understood by of EU regulators are closet tracking investors, distributors and brokers. funds — funds that mirror their underlying indices, despite being marketed as Establish processes to ensure you actively managed and charging an active 3 are listening to investors and management fee. understanding their needs. Collect feedback on fees, advice, value and act on it. Peter Hayes In Sweden, a public inquiry published in KPMG in Canada 2017 urged greater transparency with Boards must demonstrate they E: [email protected] regard to how active a fund is and its 4 have made disclosure and Peter is a Partner and the National tracking error. A study that same year by transparency a priority. While it Leader for KPMG in Canada’s Alternative ESMA compared active and passive funds. remains the responsibility of fund Investments practice with over 15 years of professional services experience. The goal was twofold: to determine the managers to accurately and clearly He has industry experience developing extent to which actively managed funds describe the fund and the costs associated and managing alternative investment beat their benchmarks and to compare with it, the scrutiny on fund management products and is a frequent commentator the performance of active funds against companies has never been greater. on emerging industry issues.

4 https://business.financialpost.com/investing/ontario-comes-out-against-csa-proposal-to-ban-certain-embedded-mutfund- commissions 5 https://home.kpmg.com/content/dam/kpmg/xx/pdf/2018/05/no-let-up-on-costs-and-charges.pdf

72 | Frontiers in Finance Need to learn more about Brexit?

Brexit is not just an issue for UK companies. If you have any exposure — direct or indirect — to the UK, then your supply chain, your customer demand, your taxes, tariffs or financing may be affected. Don’t be caught off guard. You can now access IFRS Today on iTunes and Spotify — so please subscribe!

Or download the podcasts below...

Brexit and financial reporting | Questions for audit committees Podcast | 28 February 2019

During our first podcast, Tim Copnell, Pamela Taylor and Irina Ipatova from KPMG in the UK discuss what Brexit means or could mean for the annual report.

Brexit and financial reporting | Reflecting uncertainty in accounts Podcast | 11 March 2019

In our latest podcast, Tim Copnell, Pamela Taylor and Irina Ipatova return to discuss the potential implications for the numbers companies report in their financial statements, and therefore, those all-important KPIs.

What are the key forward-looking assessments that companies might need to make? The accounting hasn’t changed but the uncertainty makes it trickier; what can companies do now?

Stay informed, subscribe to IFRS Today on iTunes and Spotify.

Frontiers in Finance | 73 Publications KPMG member firms provide a wide-ranging offering of studies, analysis and insights on the financial services industry. For more information, please go to kpmg.com/financialservices

Insurtech 10: Trends for 2019 Four forces impacting financial March 2019 institutions in 2019 (Video) Insurtech continues to gather momentum December, 2018 as proof-of-concepts are scaled to Jim Liddy, KPMG’s Global Chairman of production. Here we outline the key trends Financial Services, highlights four factors for digital insurance around customer, digital influencing global financial institutions’ ecosystems, data & analytics, AI, workforce of approach to strategy and growth moving the future and claims. forward.

Pulse of Fintech H2 2018 Is Open Banking open for business? February 2019 November 2018 The Pulse of Fintech analyzes the latest KPMG survey reveals what small and global trends in venture capital, M&A and medium-sized businesses really think about PE investment activity in the fintech sector. Open Banking and the strategies needed to In this edition, we also make 10 predictions make it work. we think financial institutions should watch for in 2019.

Women in alternatives The trajectory of transactions February 2019 November 2018 The sixth annual Women in Alternative In this report, we highlight corporate Investments report has now launched. Our development trends within the banking goal with this year’s report was to elevate industry and offer ways corporate the conversation. Rather than focusing development teams can innovate their on what the issues are, we focused on strategies to embrace disruptive change. what firms, investors and individuals are doing to help bridge the gap for women in alternatives.

Integrating ESG into asset management In it to win it: Feedback from insurers on January 2019 the journey to IFRS 17 and IFRS 9 With the rising prominence of responsible September 2018 investing, and the impact of Environmental, The second global report on IFRS 17 and 9 Social and Governance (ESG) factors, implementation efforts. Includes highlights KPMG’s Asset Management practice is on where insurers are on their journey, committed to raising understanding of some of the key challenges they continue to these important investment considerations experience and what they need to do now to and supporting member firm clients in ensure successful implementation for 2021. incorporating ESG into their activities.

Can you see clearly now? Analysts’ views on IFRS 17 and the insurance reporting landscape December 2018 Within this report we have captured the thoughts of insurance analysts from around the world to gauge their views on insurance accounting currently, and what new insights they expect IFRS 17 to deliver.

74 | Frontiers in Finance Missed an issue of Frontiers in Finance?

Frontiers Frontiers in Finance in Finance Issue #59 For decision-makers in financial services Issue #56 Workforce shaping

On the cover Shenaz Khan, Westpac, page 8

Featured interviews Aileen Tan, AIA Singapore, page 28 Katie Casey, Charles Schwab, page 40 Sam White and Will McDonald, Aviva, page 50

kpmg.com/frontiersinfinance kpmg.com/frontiersinfinance

Back issues are available to download from kpmg.com/frontiersinfinance

Frontiers in Finance is a forward-looking collection of market insights, thought- provoking perspectives and sector-specific issues that impact key decision- makers of financial services organizations around the world. All articles are written by industry-leading and experienced professionals from across our Global 154 Financial Services practice. member firms and KPMG’s Global Financial Services practice has more than 34,000 partners and professionals across our global network of 154 member firms, providing audit, tax and advisory services to the retail banking, corporate and investment banking, 34,000 investment management, and insurance sectors. Each one of our professionals global financial brings ideas, innovation and experience from across this vast network, to the services benefit of each of our financial services clients around the world. We serve leading practitioners financial institutions with practical advice and strategies backed by world-class implementation. We believe our commitment to the industry, our sector-specific insights and our passion for serving our member firms’ clients to the very best of our abilities help us stand out. We welcome the opportunity to discuss how KPMG member firms can help you achieve your business objectives.

Frontiers in Finance | 75 Contact

Omar Mahmood Partner KPMG in Qatar Head of Financial Services KPMG Middle East and South Asia T: +974 4457 6444 E: [email protected]

kpmg.com/socialmedia

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date, it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. ©2019 KPMG, Qatar Branch is registered with the Ministry of Economy and Commerce, State of Qatar as a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. ©2019 KPMG LLC, a limited liability company registered with Qatar Financial Centre Authority (QFCA) and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Designed by Evalueserve. Publication name: Frontiers in Finance — Qatar Publication number: 136193-G (Qatar) Publication date: March 2019