FINANCIAL SERVICES RISK AND COMPLIANCE TRENDS IN THE POST- PANDEMIC WORLD 2 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited Contents Foreword 4 Build operational resilience, and keep pace with evolving risks 5 Trend 1: Strengthen operational resilience with technology 5 Trend 2: The FCRM space is evolving dynamically 7 Trend 3: Mitigating financial risks of climate change 8 Digital to transform the risk and compliance function 11 Trend 4: Rising digital adoption in GRC 11 Trend 5: Uptake in integrated digital credit risk management solution is rising 12 Trend 6: Increasing adoption of AI capabilities to fight financial crime 14 Trend 7: Leverage cloud-based managed service offerings to combat financial crime risk 17 Continued focus on regulatory compliance 19 Trend 8: LIBOR transition remains a key priority 19 Trend 9: Continued focus on FRTB implementation 21 Trend 10: Regulatory reporting solution market is growing rapidly 23 Acronyms 26 References 29 Infosys contributors 32 External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 3 Rajneesh Malviya Ashok Hegde Amit Khullar Senior Vice President, Vice President, Head, Risk and Compliance, Financial Services, Infosys Financial Services, Infosys Financial Services, Infosys Foreword Risk and compliance within The COVID-19 outbreak has firms’ operational resilience to financial services have been compounded the operational intensify. Financial institutions will undergoing transition. After the challenges to financial institutions have to conduct comprehensive 2008 global financial crisis, and is testing their operational stress tests to demonstrate their supervisors and regulators across resilience. Many other facets of preparedness for managing the world were focused on risk and compliance, including any operational disruptions. ensuring the financial resilience credit risk management, financial Maintaining business continuity, of firms. However, the spotlight crime risk management, and mitigating cyber risks, preventing is now shifting towards the firms’ regulatory compliance and IT outages, ensuring system non-financial risks. reporting, have been impacted and data access and availability, as well. The outbreak has elevated managing IT obsolescence, Several developments are shaping the risks to banks’ loan portfolios. and strengthening third-party this shift in focus. The uptake of There has also been a spurt in risk management (TPRM) are emerging technologies such as digital financial crime including amongst the key areas that will be AI/ML and cloud is growing as phishing emails linked to the scrutinized. these bring in substantial business epidemic. The pandemic has benefits. Yet, they also create new It is highly unlikely that any new forced regulators to postpone risks and vulnerabilities. The rise in regulations will be introduced the implementation dates of key cybersecurity incidents and data over the next few months by mandates such as Basel III. breaches, the onslaught of novel global governing bodies such and sophisticated financial crimes, Climate change related risks as the BCBS or FSB. However, the rising obsolescence of legacy are a growing concern for ongoing regulatory initiatives, IT, and the growing dependence financial institutions. The year such as FRTB implementation or on third-party service providers 2019 witnessed multiple storms LIBOR transition, would continue have increased operational risks and wildfires across the globe to be on the regulators’ radar. for financial institutions. As per including the Australian bushfire, In this 2020 edition of our report, a LexisNexis study, for every and Typhoon Hagibis in Japan. we have covered some of the key dollar of fraud loss, financial Apart from their economic impact, trends in the financial services risk institutions now incur US$3.25 such events raise the financial and compliance domain that we in costs. These charges include risks for banks. believe will play out in the next investigation cost, fines and Over the next few years, we few quarters. legal fees, transaction face value, expect regulatory scrutiny of and interest. 4 | Financial Services Risk and Compliance Trends in the Post-pandemic World External Document © 2020 Infosys Limited BUILD OPERATIONAL RESILIENCE, AND KEEP PACE WITH EVOLVING RISKS Financial institutions have intensified their focus on building operational resilience. Firms are bolstering their capabilities to effectively manage newer risks such as those related to digital technologies, cyber and data security, third-party risks, pandemics and climate change. On their part, regulators too are increasing their scrutiny of financial institutions’ operational resilience. They are broadening their earlier BCP/DR focus to include all aspects of firms’ operational and cyber resilience. Regulators are also evolving the regulations to keep up with digital crime. Further, they are encouraging firms to leverage digitization and automation to fight financial crime and strengthen their operational resilience. Trend 1: Strengthen operational resilience with technology Operational resilience helps resilience. Institutions are also has published its guidance financial institutions better being closely scrutinized on these on security, information and respond to and recover fronts. The agencies are also communications technology risk from disruptions of business concentrating on the operational management for banks. Despite operations, customer segments robustness of institutions and the a rise in incidents, digital is a or even the industry at large. technology they use. In the U.S., must as customer expectations Regulators and supervisory the FRB is conducting horizontal have increased. Customers now agencies, historically focused examinations to gauge financial expect “anytime-anywhere” on building financial resiliency, institutions’ operational resilience. banking, real-time processing, and now have dived their attention to omnichannel experiences without Rapid technology evolution building operational resiliency as technical glitches. and digital disruption have well. A regulatory push, increased increased the need for building Unforeseeable events such as digitization, and a need to plan for operationally robust systems. COVID-19 and natural disasters uncertain events have contributed Increased digital adoption has including climate change to institutions increasing focus on also paved the way for a rise in demand novel strategies that operational resilience. cybercrime and cybersecurity ensure operational resilience. Regulators such as the EBA, incidents. Interconnected These include strategies for BOE, FCA, PRA and FRB, are interfaces that collaborate remote workforce management, focused on building financial with third party platforms have data security assurance, managing institutions’ operational resilience, created new vulnerabilities in supply chain disruptions and in addition to their financial systems. For example, the EBA business continuity. In the External Document © 2020 Infosys Limited Financial Services Risk and Compliance Trends in the Post-pandemic World | 5 wake of the COVID-19 crisis, providers and cloud solution enhance business agility, and financial sector authorities have vendors. Financial institutions offer on-demand scalability across recommended that international are also strengthening their the group. It is offering several actions to define the operational vendors’ due diligence processes. productivity tools within Office resiliency standards should take Institutions are identifying 365 to all its employees. The group into account (a) employee safety; opportunities to collaborate is also rolling out Microsoft (b) infrastructural needs of the with providers to strengthen Managed Desktop across its critical employees to support key the providers’ risk management business — making it the world’s business services; (c) IT capacity, practices and information biggest FI to do so. scalability and flexibility; (d) sharing mechanisms. In 2019, the Bank of Canada information security and cyber launched the Canadian Financial resilience; and (e) the operational IT systems Sector Resiliency Group (CFRG) continuity of critical third-party To strengthen their IT systems’ to strengthen the operational service providers. resilience, institutions are either and cyber resilience of Canada’s retiring or replacing obsolete financial sector. Amongst other Steps to build operational legacy systems to ensure activities, the CFRG was set resilience minimal operational disruption. up to support the ongoing This involves bolstering data operational resiliency initiatives Financial institutions have been management and cybersecurity. such as benchmarking exercises undertaking the following and regular crisis simulation. Business continuity and disaster actions to strengthen their The central bank has also made recovery (BCDR) operational resilience: significant investments to Institutions are strengthening enhance its own operational Reinforcing strategic thrusts their BCDR plans by better redundancy and resilience to Institutions are revising their understanding their IT systems’ withstand major disruptions, operational resilience program to vulnerabilities and mission-critical including natural disasters and make it comprehensive, adaptable operational processes. cyber-attacks. and forward-looking. They are also strengthening the synergy Stress testing