Risk areas in 2016
Key risks for financial institutions in the Asia Pacific region in the coming year are:
- Targeted senior management – The continuing regulatory trend to ensure that responsibility is placed firmly with senior management of institutions.
- Cross-border – The continuing risk of breaching regulatory requirements for cross-border sales given that the APAC regional rules are fragmented; and the risks inherent in not participating in the emerging passporting and cross-border evolution in APAC – for example, the recently concluded Trans-Pacific Partnership (TPP) (see September/October 2015 Risk Note). Not least, in sheer scale – upon ratification – it will create the largest free trade area in the world, covering 12 economies, including a number of major APAC jurisdictions (Japan, Singapore, Australia, New Zealand, Brunei, Malaysia, Vietnam), as well as the U.S., Chile, Canada, Mexico and Peru) comprising some 40% of global GDP. An important feature will be the inclusion of investor protection provisions aimed, among other things, at reducing political and regulatory risk. There is the need for a delicate balance here between the ability of participating States to pursue domestic regulation and those protections.
- Dark pools – Market manipulation and misconduct represent the main areas of concern for regulators, to avoid this form of trading being profitable for fraudsters.
- Enforcement – Appetite among regulators in the region remains high. In a recent speech in Hong Kong, Ashley Alder, the CEO of the Hong Kong SFC, said: "We will continue to be unrelenting in the pursuit of remedial outcomes in our enforcement work wherever we can. Our track record in isolating and then restoring illicit gains back to investors who have been harmed is now well established and fully supported by the Hong Kong Courts". Regulators regionally looking to clamp down on market abuse, anti-corruption (FCPA) and sanctions-related issues, insider trading, and LIBOR and FX rates abuses, all continue to create legal and regulatory, as well as reputational, risk for firms, particularly as regards risk assessment and management and the operation of proper control systems and procedures.
- Resolution – Bank recovery and resolution plans, and the underpinning international environment to support them, are in progress. In APAC, substantial progress has been made, in particular in Singapore, Hong Kong and Japan, to arrive at what are viewed as workable regimes. Of course, it will only be as and when there is a major problem internationally that the infrastructure and the resolve of affected jurisdictions is duly tested. 2016 will be the year where the international community's efforts to avoid "Too Big To Fail" will come under the spotlight. In the meantime, the structure and operations of systemically important institutions will be under close scrutiny, raising the spectre of seismic changes in their organisations, with the accompanying stresses and costs.
- Central counterparties remain a significant pillar of the international response to the global financial crisis. Reporting is the most developed of the three mandatory requirements (clearing, reporting and trading) and has been implemented in a number of APAC jurisdictions (including Hong Kong and Singapore) on a phased basis. There is general recognition that the rules should firstly apply to the large licensed banks and global/major players in the market who are most likely to be prepared and have the infrastructure in place. Issues relating to confidentiality and bank secrecy continue to be challenging in the context of reporting.
- AML – Unsurprisingly, money laundering and terrorist financing are high on the agenda of regulators regionally. For Hong Kong banks, enhanced regulation has been put in place, not least in the context of Hong Kong preparing for the assessment of its AML measures by the Financial Action Task Force scheduled for 2017. The weight of the compliance requirements is proving extremely testing for institutions, but is in line with international trends and developments, and has led to enforcement action demonstrating the serious view taken of this area and the risks of non-compliance.
- Data privacy – Regionally, the processing and transfer of data within organisations for operational efficiency, including to outsourcees, remains a significant regulatory and operational risk given the different levels of regulation (and their interpretation) and enforcement within APAC (see September/October 2015 Risk Note)
- Cybersecurity – This is a developing area of regulation in APAC. For example, the Hong Kong Monetary Authority's recent circular highlighted their view that this area "warrants special attention" and that "there is a legitimate concern that certain conventional risk management philosophy and controls practised by [banks] might need to be adjusted or enhanced to cope with the risks". The regulators are tending to focus on, among other things, clear ownership of the risks by boards of directors/senior management and periodic selfevaluation and monitoring of controls; business recovery plans need to be tailored to ensure that the cyber-specific issues are properly addressed rather than treated as part of the overall risk landscape of the firm.
- FinTech (how technology is relevant for and can be used as an important part of the financial industry) – is proving to be a crucial area of convergence in the market between the development of financial products and services, and their management and delivery. The sector is evolving quickly and covers applicable tech from software risk management, to cloud technology, to advice and payment systems – more or less endless. The difficulty with this sector will continue to be mapping it out in as precise a manner as possible to ensure that it maintains maximum relevance within the financial industry and allows a proper assessment of the related risks.