The Impact of Regulatory Changes in the Financial Services Industry

The financial services industry is the backbone of modern economies. It’s characterised by a complex ecosystem where innovation, risk, and consumer protection must coexist in a delicate balance.

Regulatory frameworks imposed by domestic and international authorities are pivotal in maintaining this equilibrium. As these frameworks evolve, they address emerging challenges, enhance market stability, and protect consumers.

However, regulatory changes introduce significant challenges, reshaping the industry in ways that require financial institutions to adapt or face potential risks.

This article examines the profound impact of regulatory changes on the financial services industry, exploring the challenges and opportunities these changes present. It covers:

• The Evolving Regulatory Landscape
• Factors Governing Applicability of Regulations
• Impacts of Regulatory Change on Financial Institutions
• Navigating the Evolving Regulatory Landscape

The Evolving Regulatory Landscape

The global financial crisis of 2008 exposed the systemic vulnerabilities within the financial system. In response, governments and international bodies introduced a wave of stringent regulations aimed at enhancing financial stability, improving risk management practices, and increasing transparency.

Since 2015, the regulatory landscape has continued to evolve for various reasons. Recent examples include:

1. Consumer Protection Concerns

Driver: The 2008 global financial crisis exposed gaps in the way financial products were marketed and sold to retail consumers.

Examples: The EU Markets in Financial Instruments Directive II (MiFID II) (2018) aimed to increase transparency around investment products and ensure better protection for investors. Similarly, Australia's Comprehensive Credit Reporting (CCR) (2019) reforms were driven by the need to provide more accurate and comprehensive credit information to consumers.

Impact: These measures help consumers make informed decisions, reducing the likelihood of predatory lending, misleading financial products, and unfair credit assessments.

2. Data Privacy and Cybersecurity

Driver: As more financial transactions are conducted online, the risk of cyberattacks and data breaches has increased, prompting regulators to take action.

Examples: The EU General Data Protection Regulation (GDPR) (2018) has become the global standard for data privacy, impacting how financial institutions handle customer data. Similarly, the New York Department of Financial Services Cybersecurity Regulation (2017) imposes stringent cybersecurity requirements on financial institutions.

Impact: These regulations aim to protect consumers' sensitive data and ensure that financial institutions have robust systems in place to prevent cyber threats.

3. Deregulation and Industry Pressure

Driver: In some jurisdictions, financial institutions have pushed for deregulation, arguing that overly strict rules stifle innovation and economic growth.

Example: US Economic Growth Regulatory Relief and Consumer Protection Act (2018).

Impact: While deregulation can provide relief to smaller financial institutions, it also raises concerns about whether it weakens the financial system’s resilience to future crises.

4. Environmental, Social, and Governance (ESG)

Driver: Growing awareness of climate change and the risks it poses to economies, businesses, and communities.

Examples: UK Task Force on Climate-related Financial Disclosures (TCFD) (2021); EU Corporate Sustainability Reporting Directive (CSRD) (2022).

Impact: Enhanced sustainability transparency, increased compliance costs, better risk mitigation.

5. Executive Accountability

Driver: Improve oversight of large financial institutions to mitigate systemic risks.

Examples: UK Senior Managers and Certification Regime (SM&CR) (2016) and Australia Banking Executive Accountability Regime (BEAR) (2018).

Impact: Fostering a culture of responsibility within financial institutions, thus preventing the kind of reckless risk-taking that contributed to the 2008 collapse.

6. Risk Management

Driver: Growing concerns about operational resilience in financial institutions increasingly reliant on digital infrastructure and critical third-party service providers.

Example: EU Digital Operational Resilience Act (DORA) (2022).

Impact: Stricter regulatory scrutiny of outsourcing arrangements with critical third-party service providers requires financial institutions to enhance their cybersecurity measures, continuously monitor operational risks across their digital ecosystem, and adopt new standards for managing third-party risks.

7. Technological Advancements

Driver: Rapid innovation in technology, including digital payments and cryptocurrencies, has significantly impacted how financial services are delivered.

Examples: The UK Fifth Anti-Money Laundering Directive (5AMLD) (2020), and the Canada Retail Payment Activities Act (RPAA) (2024)

Impact: These regulations are designed to safeguard consumers and the financial system from risks related to data security, fraud, and market manipulation in the digital age.

While these regulatory changes aim to create a more resilient and transparent financial system, they also introduce new challenges for financial institutions, which must now navigate an increasingly complex regulatory environment.

Factors Governing Applicability of Regulations

Financial institutions today operate within a labyrinth of often conflicting regulations. This is particularly due to the difficulties of operating consistently across different jurisdictions.

The regulatory landscape for financial institutions is multifaceted, with various factors influencing the applicability of regulations, including:

Complexity of Regulatory Frameworks

Jurisdictional Differences: Regulations vary significantly between countries and regions. For example, a bank operating in both the United States and the European Union must comply with U.S. regulations like Dodd-Frank and EU regulations such as MiFID II or the CRD IV package. These regulations may have overlapping, differing, or even conflicting requirements, making compliance with each a formidable challenge. The need to reconcile these differences can lead to increased operational costs and inefficiencies as institutions must navigate a patchwork of regulatory expectations.

Sector-Specific Regulations: Financial institutions often engage in multiple activities such as retail banking, investment banking, asset management, and insurance. Each sector is subject to distinct regulatory regimes, leading to a complex compliance environment where institutions must navigate a web of sector-specific rules. This fragmentation can result in operational silos within institutions, complicating efforts to maintain a unified approach to compliance and risk management.

Applicability Criteria

Regulators generally recognise that the need for robust oversight must be balanced with the practical realities of compliance.

Regulators aim to make sure that regulations are proportionate. To do this, they may set specific criteria that apply mainly to larger financial institutions. These institutions have the resources and systemic importance needed to meet regulatory standards.

This approach helps avoid burdening smaller businesses or creating barriers to entry in the market. Examples include:

• Employee Count: Workforce size can influence the applicability of some regulations, as well as specific financial regulations that impose different requirements on large versus small firms. For instance, certain reporting obligations may only apply to institutions with some minimum number of employees, reducing the burden on smaller entities.
• Geographic Reach: The geographic scope of a financial institution’s operations, whether domestic or international, affects the regulatory framework it must adhere to. Institutions with cross-border operations must navigate multiple regulatory regimes, which can lead to conflicts or duplications in compliance requirements. This complexity can increase the risk of regulatory breaches, particularly if the institution lacks a robust compliance infrastructure.
• Legal Structure: The legal structure of the institution, such as whether it operates as a bank holding company, a non-bank financial institution, or an international branch or subsidiary, influences the regulatory requirements it must meet.
• Market Capitalisation and Systemic Importance: Large institutions deemed systemically important (often referred to as ‘too big to fail’) are subject to additional regulatory scrutiny and higher capital requirements under frameworks like Basel III. These institutions also face more stringent oversight from national and international regulators, which can limit their operational flexibility but is intended to safeguard the broader financial system.
• Risk Profile: The institution’s risk profile, including its exposure to credit, market, and operational risks, affects the level of oversight and the specific regulations that apply, particularly concerning capital adequacy and liquidity requirements.
• Turnover/Revenue: Some regulations apply differently based on the financial institution’s turnover or revenue. For example, the scope and stringency of certain reporting requirements might increase with the institution’s annual revenue level and market impact.
• Type of Activities: The nature of a financial institution's activities, such as whether it engages in high-frequency trading, holds customer deposits, or provides consumer loans, determines which specific regulations apply. For instance, regulations like the Volcker Rule in the U.S. restrict proprietary trading activities.

By using such applicability criteria, regulators aim to balance the need for robust oversight with the practical realities of compliance. This approach helps to ensure that regulations are effective and fair, enhancing market stability and consumer protection without imposing undue burdens on smaller or less capable financial institutions.

Impacts of Regulatory Change on Financial Institutions

The introduction of completely new regulations or amendments to existing regulations has far-reaching implications for financial institutions, influencing their business models, risk profiles, and strategic direction.

Compliance with new rules often necessitates significant investments, particularly in technology and human resources, to develop robust compliance frameworks and implement effective risk management systems. These impacts include:

• Consolidation and Market Concentration: The increased regulatory burden can drive consolidation within the industry, as smaller institutions may find it challenging to compete. This consolidation often results in a more concentrated market where a few large players dominate, potentially reducing diversity and competition in the financial services sector. Smaller firms may be particularly disadvantaged as they lack the resources to absorb the high costs of compliance, forcing them to merge with larger entities or exit the market altogether.
• Differentiated Compliance Requirements Across Business Units: The different business units in a financial institution may be subject to distinct elements of a particular regulatory framework, each with its own specific requirements. The resulting compliance integration challenge requires the institution to develop tailored compliance strategies for each affected business unit while ensuring overall coherence in risk management and regulatory adherence. This complexity necessitates a robust internal communication framework and centralised oversight to ensure that all parts of the institution remain aligned with regulatory expectations. Failure to do so can lead to regulatory breaches, operational inefficiencies, and increased risk exposure.
• Implications for Vendor Contracts: Regulatory changes can significantly impact a financial institution's contracts with its vendors, particularly those that provide critical services or technological solutions. As regulations evolve, financial institutions may need to assess and revise their vendor contracts to allow the flexibility and adaptability necessary to ensure compliance with new regulatory requirements.
• Increased Compliance Costs: Financial institutions must allocate significant resources to meet regulatory requirements, which can erode profitability and hinder innovation. The cost of compliance extends beyond direct financial outlays, including operational burdens such as increased auditing, reporting, and the continuous monitoring of third-party providers of critical services. For example, the EU's Digital Operational Resilience Act (DORA) requires institutions to implement extensive cybersecurity measures, which can be particularly burdensome for smaller firms with limited budgets.
• Innovation Stifled: Excessive regulation can stifle innovation within the financial services industry. Stringent compliance requirements may discourage the development of new products and services, limiting competition and reducing consumer choice. Smaller institutions, in particular, may struggle to invest in the necessary compliance infrastructure, putting them at a competitive disadvantage compared to larger, well-resourced players. This regulatory environment can lead to a focus on short-term compliance rather than long-term innovation, potentially hindering the industry’s growth and dynamism.
• Operational Burden: Navigating the complex web of regulatory requirements can lead to operational inefficiencies, delays in decision-making, and an increased risk of errors. The overlapping and sometimes conflicting nature of regulations adds to the complexity, making compliance a daunting task for financial institutions of all sizes. This operational burden can also divert resources from core business activities, impacting the institution’s ability to focus on growth and customer service.

Another form of regulatory change is deregulation: the rescinding of specific parts or the entirety of existing regulations.

Deregulation refers to the reduction or elimination of specific regulatory constraints, allowing institutions greater freedom in their operations. This can lead to substantial time and cost savings as compliance requirements are reduced, and it can provide more operational flexibility to innovate and pursue new business opportunities.

However, deregulation also introduces new risks. Without the safety net of regulatory oversight, financial institutions may face greater exposure to market volatility and fast-moving competitors, and the absence of strict consumer protection measures can lead to reputational risks.

Institutions that have built their strategies around compliance may need to reassess their business models in a deregulated environment.

A notable instance of deregulation in the financial services sector is the partial rollback of the Dodd-Frank Wall Street Reform and Consumer Protection Act in the United States in 2018. This rollback eased the regulatory burden on smaller banks by raising the asset threshold for heightened regulatory scrutiny, thus allowing these institutions more freedom while potentially increasing systemic risk.

Navigating the Evolving Regulatory Landscape

The regulatory landscape for the financial services industry is likely to remain dynamic, shaped by emerging risks, technological advancements, and shifting economic conditions. Financial institutions must be prepared to navigate this evolving environment by adopting a proactive approach to regulatory compliance. Here are some strategies:

• Building a Strong Compliance Culture: A strong compliance culture is essential for ensuring that regulatory requirements are met consistently and effectively. This involves fostering an organisational mindset that prioritises compliance, clear communication of regulatory expectations, and ongoing training for employees. Institutions that cultivate a robust compliance culture are better positioned to adapt to regulatory changes and minimise the risk of non-compliance.
• Collaboration with Regulators: Engaging with regulators and participating in industry consultations can help financial institutions stay informed about upcoming regulatory changes and provide valuable insights into how these changes may impact their operations. By collaborating with regulators, institutions can also help shape the development of new regulations in ways that balance risk management with the need for innovation. Proactive engagement can lead to more favourable regulatory outcomes and a better understanding of the regulatory environment.
• Fostering a Culture of Continuous Improvement: Financial institutions should view regulatory compliance as an opportunity for continuous improvement in risk management rather than a mere obligation. By integrating compliance into their strategic planning and operational processes, institutions can enhance their overall efficiency, reduce risk, and position themselves for long-term success. A culture of continuous improvement can help institutions stay ahead of regulatory changes and adapt quickly to new challenges in the financial services industry.
• Investment in Compliance Infrastructure: To effectively manage the increasing complexity of regulations, financial institutions should invest in advanced compliance technologies and build robust compliance frameworks. This includes regular audits, risk assessments, and continuous monitoring of regulatory developments.
• Leveraging Technology for Contract Compliance: Regulatory change can often require a financial institution’s contracts with third parties to be updated to ensure ongoing compliance with applicable regulations. Gatekeeper’s Vendor and Contract Lifecycle Management (VCLM) software is a powerful technology for managing regulatory compliance by centralising contract data, automating the monitoring of regulatory changes, assessing consequent risks, and managing contract updates. It enhances vendor due diligence, supports collaboration, and generates audit trails for compliance reporting. By reducing manual workloads and improving responsiveness to regulatory changes, Gatekeeper helps financial institutions reduce the risk of non-compliance with their third-party contracts and boost their operational efficiency.
• Segmenting Compliance Efforts: Given the varied regulatory obligations across different business units, financial institutions should consider adopting a segmented approach to compliance. This includes creating specialised compliance teams for each business area equipped with the expertise to manage the specific regulations relevant to their operations. Institutions should implement a centralised compliance oversight function to ensure that these differentiated efforts are well-coordinated and aligned with the institution’s overall risk management strategy.