Ten regulatory risks facing the financial services industry in 2018

Published 17 January 2018 , Stacey English, Non-executive director at Corlytics

Regulatory risk is an issue that financial services firms can’t avoid and its impact will continue to dominate boardroom agendas throughout 2018. The volume, pace and complexity of regulatory change is a fundamental practical challenge that firms face every day.   From the continued implementation of major regulatory reforms designed to bring stability and transparency to the industry, through to new emerging risks from technological developments, there is no shortage of issues occupying the regulatory agenda over the coming year.

Here are 10 of the key regulatory risks firms globally should have on the radar in 2018:

  1. Data protection and privacy  The new General Data Protection Regulation comes into effect on 25 May 2018 bringing a complete overhaul of existing data protection laws across Europe. Its increased territorial scope means companies outside of the EU who target customers in the EU will be subject to GDPR. Severe violations can result in huge fines of 20 million Euros or 4% of a firm’s annual worldwide turnover, whichever is higher.
  2.  Senior manager accountability – Accountability regimes are being implemented around the world designed to ensure staff take personal responsibility and can be held accountable for their actions.   These range from the extension of the Senior Managers and Certification Regime to all firms authorised by the UK FCA, to the recent implementation of the Manager in Charge regime in Hong Kong and the forthcoming Banking Executive Accountability Regime in Australia.
  3. Financial crime – Preventing and detecting financial crime continues to be one of the biggest challenges and priorities. Breaches have attracted the biggest headlines and led to the highest penalties, bringing damage to reputation and brand and significant monetary losses. In response to terrorist events, a draft directive (MLD5) has been proposed to amend the Fourth Money Laundering Directive which came into effect in June last year.
  4. Cyber Resilience – Technological change and increasingly digital business models and interconnectedness between firms makes cyber risk a growing threat to all financial services firms. Global regulators are likely to follow the lead of the New York Department of Financial Services which launched cyber security rules last year, and set out clearer requirements and expectations to mitigate the potential impact on customers, financial infrastructure and stability.
  5. Fintech – Global regulatory attention around the world is set to increase on not only the potential benefits and efficiencies of fintech, but the risks it poses and how developments fit with existing regulation. Global regulatory collaboration and sandbox initiatives continue to encourage innovation in the sector. Whilst in parallel urgent issues relating to financial stability, money laundering and customer detriment are high on regulators’ radars, already evident through bans on Initial Coin Offerings and warnings about cryptocurrencies.
  6. Vulnerable customers – A shifting regulatory focus means firms not only have to treat all customers fairly, but will need to focus on customers at the greatest risk of detriment.   From product design to communications, firms will be expected to mitigate the risk of financial exclusion, inappropriate advice and poor customer outcomes for the most vulnerable groups who are less able to look after their own interests.
  7. Conduct and Culture – In response to widespread global recognition that culture is the root cause of misconduct in financial services, firms are making progress in defining what good culture means to their business and implementing cultural changes programmes. They face the practical challenge of measuring, monitoring and demonstrating good conduct as well as meeting new requirements including individual conduct rules for the majority of financial services employees in the UK.
  8. MiFID II – following years of preparation the EU’s most ambitious and extensive regulatory reform MiFID II finally went live on 3 January. The legislation has global impact and there is recognition from the industry and regulators that there is still much to do and implement including an additional six months to comply with rules requiring a Legal Entity Identifier for trading.
  9. Political Uncertainty – From the Trump administration’s deregulation agenda to the impact of Brexit, the only certainty is more change and complexity.   Until the final Brexit deal is known, firms are progressing contingency plans to ensure they have operating models and authorizations to meet the most adverse potential outcome.
  10. Benchmarks – The new EU Benchmarks Regulation is effective from January bringing new internal and external governance and assurance requirements to ensure the accuracy and integrity of benchmark setting. This follows high profile investigations and fines in recent years for attempted manipulation of key financial benchmarks including LIBOR.

More than ever financial institutions have to prioritize valuable and limited resources across every line of defense from risk, compliance, legal and audit through to front line controls, in order to protect their business and ensure the best outcomes for customers.


Corlytics’ sophisticated global intelligence powered by deep metadata and advanced artificial intelligence and analytics can help assess and determine the areas of greatest regulatory risk to a business. You can get in touch with the team here: info@corlytics.com


Stacey English is a Non-Executive Director at Corlytics.