Thank you Sally. It’s great to be here again this year. I appreciate the opportunity to address this group and to continue the dialogue that we’ve been having over the past several years. As always, my remarks reflect my own views and not necessarily those of the Federal Reserve Bank of New York or the Federal Reserve System.
Last year, I spoke to you about how far we had come since the crisis in addressing some of the most pressing issues. I also shared my thoughts on areas that still needed to be addressed and where I thought more concerted effort was needed. There were four areas I focused on:
- Resolution planning;
- Coordinating supervision across global organizations;
- Compliance (specifically AML/BSA); and,
- Culture (of both firms and the system).
In general, the issues that keep me awake at night haven’t changed much—and I’ll touch on a few that remain at the forefront of my insomnia later in my remarks. But, I’d like to start today by delving a little deeper into an overriding theme that heightens my concerns—and that is the challenge of operating in a “global” business and regulatory environment, while at the same time navigating an increasingly “local” business and regulatory environment.
Global vs. Local
The evolution of financial services over the past several decades has resulted in a truly global financial system. Advances in information technology and data management, as well as the development of robust capital markets, greater competition among financial firms and international trade, among other things, have contributed to a faster, more highly interconnected, and more available financial marketplace. The financial crisis confirmed that what was once a fragmented and siloed system was now truly global: failures in one jurisdiction quickly transmitted disruption to other jurisdictions.
During the crisis, we clearly saw the interconnectedness of firms, the complexity of the international financial system, and the global impact of bank failures. Through this experience, we identified gaps and weaknesses, both globally and locally, and supervisors, regulators and lawmakers from around the world all set out to put a system in place to avoid a repeat of one of the most economically devastating periods in our history.
There has been substantial effort on the part of global regulatory and supervisory bodies to address the weaknesses identified in the financial crisis. The work of the Basel Committee on capital and liquidity standards, as well as the work of the Financial Stability Board (FSB) on cross-border resolution, are but a few examples of the hard work that global bodies have been undertaking to address the weaknesses identified through the crisis.
At the same time, national authorities have been working hard both to implement the agreed-upon global fixes, but also to develop and execute appropriate remedies for problems identified at the national (or local) level. Locally, while appreciating the need to address the crisis on a global scale, many countries saw the need to be in a better position to safeguard their own. The bottom line, in fact, was: the crisis was global, but the impact was felt locally. Global in life; local in death, as the saying goes.
So, while authorities have endeavored to develop and implement common global rules across a wide range of issues, many national authorities have simultaneously moved to develop and implement national standards—that may conflict with or appear at odds with a barrier-free and harmonized financial system that allows the free flow of capital and competition across the globe. National rules that require local capital and local liquidity are two examples of standards that may present challenges to the efficient and effective operations of global firms. It will be important for firms to be in a position to meet both sets of requirements.
What I’d like to offer in my remarks today are some steps I see as necessary for institutions navigating in this new environment to begin to address the concerns I’ve outlined above. And, I’ll close with a couple of issues that remain on my “insomnia” list that will continue to warrant increased efforts in the coming year.
What Will it Take for Firms to Navigate in this New Environment?
Addressing the Weaknesses
I’d like to start first with a fundamental observation: we need to focus first on fixing what was so obviously broken. The new sets of rules and regulations, whether global or local, were designed to address the very weaknesses that led to bad outcomes during the financial crisis: low levels and quality of capital; insufficient liquidity; fundamental weaknesses in a range of risk management practices; poor management information and reporting systems; complex structures and systems that couldn’t be quickly taken apart; and the list goes on.
We know we need a more resilient system that is able to withstand a wider range of stresses, as well as provide buffers when firms do falter. And, importantly, we need to do this to restore confidence in the financial system. The new rules and regulations are intended to address the known weaknesses, and before we can talk about whether the global business model is viable or how to operate more efficiently within the constraints imposed, the basic underpinnings of a strong and resilient financial system need to be in place and functioning.
With that said, here in the U.S., the Enhanced Prudential Standards (EPS) are at the core of strengthening both U.S. firms and the U.S. operations of foreign firms and ensure a level playing field for all firms doing business in the U.S. With the final rules published earlier this year, firms have begun the work necessary to implement changes to meet the expectations set out in the new rules.
Not surprisingly, we are seeing a number of challenges faced by FBOs (foreign banking organizations) in meeting the expectations of the EPS, among these challenges are:
- Head Office Engagement: While U.S. management is clearly on the hook to develop and implement necessary changes, some firms are struggling to get the appropriate level of engagement with head office, including getting sufficient recognition of the breadth and scope of the changes necessary to meet the new standards. Importantly, the impact goes both ways: there are also implications for head office in the new standards, including requirements to demonstrate firm-wide capital and liquidity stress testing capabilities. Further, the governance requirements, including for many firms the requirement to form a U.S. risk committee, have implications for firm-wide governance that need to be assessed and understood at the group level. Beyond these requirements, the U.S. operations will—in all cases—require additional budget and resources to meet the expectations, as well as the timeline for implementation. All of the necessary changes for FBOs require close coordination between head office and the U.S. operations.
- Resources: On the resource front, we are seeing firms struggle to secure and retain sufficient expertise in some areas, with firms competing for the talent needed to implement the new standards. Firms need to get better at planning in advance, ensuring their recruiting efforts are providing a steady stream of qualified candidates, and looking for opportunities to move people around within the organization, particularly between the front office and control functions, for more well-rounded professions. This is likely to mean more aggressive, creative and targeted searches and a commitment to ongoing training. As the landscape and regulatory requirements change, firms will need to find the right balance between hiring new talent with specific expertise and training current staff to keep them up to speed and capitalize on institutional knowledge.
- Regional coordination: Cross-functional regional coordination across business areas is necessary, as is coordination across regulatory change programs (EPS, Volcker, Derivatives, RRP, etc.). In addition, FBOs will have to manage several regulatory layers of risk governance including meeting the demands of their home regulator and various host country regulators.
- Capital Planning, Liquidity and Stress Testing: As firms become more accustomed to—and experienced with—the range of stress testing and capital requirements, there should be greater appreciation for the expectations around governance, quality of modelling, quality and granularity of data, and the level of coordination needed with the head office. These tests are designed to assess the adequacy of internal analyses and ensure firms have forward-looking, institution-specific, risk-tailored planning processes that provide a level of assurance that you can survive a prolonged period of financial distress.
- Data and Technology: When an industry sees changes of the magnitude experienced in the financial sector over the past seven years, it is inevitable that the data and technology capabilities need to evolve to meet the new environment. With the range of new mandates around capital stress testing and liquidity (to name a few) and the associated reporting requirements, firms will need to ensure that application development and system changes are well controlled and that data quality is paramount. Data will need to be shared across jurisdictions, so firms will need to focus on verifying the consistency, quality and availability of data, regardless of the format requested.
- Project Management: With the range of changes required under the new rule, most firms will need to invest in a strong project management program. Deliberate and robust coordination across a range of issues, including structure, business strategy, booking model, financial reporting, capital and liquidity, and data management, to name a few of the key work streams that must be effectively managed and executed to meet the new standards. And, given the other changes that firms must go through to meet home country rules (or other host jurisdiction requirements), project management needs strong connections across the global organization.
- Structure and Culture: The final area, or challenge, I wanted to touch on is organizational structure and culture. Firms need to ensure their internal structure, strategy and culture are aligned to successfully operate locally, which may require a large investment in infrastructure. Today, many FBOs are structured so that they are aligned to their foreign parent company. However, in the wake of the IHC requirements, firms will need to restructure themselves as stand-alone U.S. regulatory reporting entities in order to provide information that is aligned to the IHC structure.
Once needed structural changes are in place, the internal culture comes into play. Culture can be a complex topic, but we know it is an important one. When we talk about culture, we talk about it from a number of different perspectives. The culture within the organization will guide the behavior of employees. Therefore, if the organizational values conflict with the rules/guidance you are required to follow, the organization is headed for trouble. It’s important for firms to understand “why” certain regulation are in place and appreciate the value of following them, even when the rules may seem to be inconsistent with a home country’s position. If a clear understanding and appreciation of the “why” is lacking, it is more likely that staff may look to loopholes.
As Tom Baxter, our General Counsel says, “This failure to correlate the rule with the value is the root of real mischief.”
As firms continue to work on improving their culture, there are a number of themes that should drive their efforts. First, culture starts at the top of the organization—and when I say top, I mean all the way at the top, not just in a particular jurisdiction. Senior leaders and boards of directors around the world must lead by example and demonstrate to local leadership the firm’s underlying values through their actions, not just their words. (Practice what you preach.)
Incentives within the firm should be designed to set the right expectations for behavior, and recognition programs should clearly reward desired actions, not just financial performance. At the end of the day, culture is fundamentally about people, and we shouldn’t forget that.
Having the right culture in place is not a “nice to have” in a firm, it is a “must have.” Some say that the financial industry is late to recognize the need to address culture—I say we can’t wait any longer.
We are spending a lot of time discussing culture internally at the Fed right now, so expect to hear more about it in the near future.
Adjusting as Necessary and Engaging in Dialogue
As firms are developing and implementing changes, such as the ones I mentioned, to meet the requirements of the Enhanced Prudential Standards, it is important to refine the business strategy of the U.S. operations. We all know that regulation in markets is nothing new and what it requires is a better analysis by firms on the cost of doing business in different markets compared to profitability. For some firms, we see aggressive actions to adjust their geographic footprints to avoid, at least for a time, the impact of the new standards. For other firms, we see productive and realistic discussions about how to address the new standards, including how booking models and other business operations need to change. In addition, we are seeing home country supervisors engaging in discussions with firms, asking important questions about how host country rules and regulations will affect group operations and seeking to understand the knock-on effects of the new rules across the global operations.
As firms are adapting both business strategies and operations to meet home country and host country rules and regulations, we are hearing about the challenges that have been identified. However, there is still a lack of specificity around these challenges, including quantifying the impact—on business, strategy, customers and staff; identifying potential near-term mitigants; and developing proposals on potential longer-term solutions that could be the basis of a productive dialogue. Rhetoric is fine, but it’s not enough. We need to understand on a more concrete level how these changes are going to impact the firm, from your clients to your operations, from your business models to your culture. We have been hearing some of this, but more specific examples and solid data is needed to be in a position to address the issues.
Remaining Issues on My Insomnia List
Turning now to the issues that still keep me awake at night, I will highlight three of these today: (1) AML/BSA (yet again); (2) information technology; and (3) communication and coordination.
The world of AML/BSA keeps growing. What started out decades ago as a US-centric emphasis on hindering drug trafficking has transformed into a global framework that addresses a range of criminal activity, anti-terrorism, arms proliferation, and tax avoidance. As I know you are aware, the bar keeps rising, as well as the stakes. This past year has seen—again—significant public enforcement actions, some together with huge fines.
I think we’ve been clear in our expectations around AML/BSA:
- That AML/BSA needs to be managed on an enterprise-wide basis;
- That AML/BSA needs to be a high priority for the board of directors, senior management and line management;
- That the message on compliance needs to be carried down well into the organization, so that those who are on the front lines making daily decisions understand the importance of compliance and the consequences for failing to meet the requirements; and
- That AML/BSA shouldn’t be treated as a static exercise—standards and best practices evolve and you are required to keep up with and adhere to the latest requirements.
As I know you are also aware, we are seeing keen competition for talent/resources in this area. While we recognize that it may be difficult to identify and retain talent, having a solid recruiting strategy and ongoing training in place, as I mentioned earlier, are important components to addressing the problem.
You might wonder why this topic remains on my list—and it’s because in spite of the heavy public attention on the matter, including a range of public enforcement actions, it remains a work in progress for many firms. And, for firms that haven’t yet been faced with MRAs or a public enforcement action, I worry about complacency. So, I raise it again because it seems that another warning shot is warranted.
2. Information Technology
My second worry is about the broad area of information technology—and this has really a couple of dimensions to it. The first is legacy: that most firms still have so much “clean-up” to do to fix longstanding technology and data issues that have built up over the years: systems don’t talk with one another; data aggregation takes days or weeks, when the needs are really more immediate; and data quality isn’t what it needs to be. So, there is still a significant amount of basic blocking and tackling that needs to be done.
The second dimension that concerns me is the competitive landscape for financial institutions in the digital world. As more and more non-financial entities are entering the financial arena, like Amazon, Apple, peer to peer lenders, and others, I worry that financial firms lack the agility and ability to compete at the level that they need to—particularly with the constraints of regulation. At the end of the day, will financial firms be able to compete in the same way—or will these largely unregulated players be the future of our financial system?
The final dimension I’m certain won’t surprise you—and that’s cybersecurity. I’m sure I don’t have to explain too much why this keeps me awake at night, but suffice it to say that as I think about the kinds of risks that might cause the next crisis, cybersecurity is the one that worries me the most. I think we’ve done a reasonable job in developing rules and regulations to address the causes of the last crisis, and firms are in the process of building the resilience to withstand those types of shocks. But, cyber adds an element to planning for the next crisis that goes beyond what additional capital and liquidity can provide to the system.
I recognize that the topic seems daunting, but it has to be addressed soon, if you want to survive and not just comply with regulations. It is an area that will continue to warrant attention across the industry—and will require a level of coordination and collaboration between the public and private sectors to address in a meaningful way. In many respects, I think we are all in this one together.
3. Enhancing Coordination and Communication
The final area I wanted to highlight is coordination and communication. The theme of enhancing coordination among supervisory and regulatory bodies is an ongoing one that I addressed last year and one that you may hear me speak about again next year. Each year, I do think we make progress, but as increased attention is placed on ensuring the effective implementation of local (or host country) rules and regulations, we need to ensure we don’t lose sight of the need to continue to work effectively across jurisdictions in supervising the largest firms.
There are challenges that still exist in coordinating across multiple agencies—domestically and internationally and, at times, with competing agendas (e.g., prudential vs. conduct). As well, there remain some challenges to effectively sharing information, and while some legal impediments have been resolved, the seamless exchange of information is not yet the norm among key supervisors.
I do believe that the trust level is building among supervisors as a result of the hard work over the past couple of years, but this will be an ongoing effort as players change and circumstances evolve. There have been several opportunities over the past year to test some of the close coordination among supervisors and regulators, and I think they have provided valuable experience—and lessons learned—for those involved. What I think has been clearest in those lessons is the ongoing need to coordinate—to ensure that problems are well understood from each vantage point or jurisdiction, that mitigants are discussed and implemented as necessary, and that all stakeholders are well informed—all of this to ensure that problems don’t become systemic.
A final point on enhancing coordination and communication is ensuring that supervisors continue to develop an understanding of the impact of the new rules and regulations across global organizations.
As I noted earlier, there is recognition that regulatory changes are affecting strategies, business models, and business activities in a meaningful way—and that this is occurring across organizations (not just locally). At the same time, we recognize that it’s not just individual business lines or firms that are affected, but regulatory changes are having an impact on markets as well. We, collectively, need to spend more time identifying and understanding these impacts as well—and we need to work across jurisdictions to do that.
In conclusion—we all have a lot to do!
First, though, firms need to focus on fixing what was so completely broken—firms were too complicated, MIS was weak, risk management was poor, compliance programs were ineffective and governance was questionable.
Once that hard work is on track—and substantially in place—we need to engage in a productive two-way dialogue about the challenges that firms are facing. As I said earlier, rhetoric is fine (and I understand much of this), but without specifics, it’s difficult to know whether the outcomes were intended or not. Yes, we did intend for you to be less complicated and complex; yes, given the weaknesses, we did intend for capital and liquidity to provide assurances to home and host supervisors; and, yes, we do want to know more about your senior management and expect much more interaction with them.
At times, our outcomes may appear to be in conflict: we want smooth efficient markets that support global growth AND we want a strong, resilient, safe financial system. Our challenge is how to balance those. As we strive to find the balance, it is important that we engage with you—the industry. And, it needs to be productive engagement. We need honest, frank and educated discussions, we need concrete examples, we need solid data, and we need to work together to gain a better understanding of a shared goal and how to get there.
Thank you for your attention.