Michael Leibrock, DTCC’s Chief Systemic Risk Officer, sat down with DTCC Connection recently to discuss the emerging risks facing the financial services industry in 2017.
What are the top emerging risks to the global financial services industry for 2017?
2016 was dominated by geopolitical risks, starting with the volatility across markets in China, the UK Referendum Vote “Brexit” and concluding with the U.S. election. I would expect to see a continuation of these broader geopolitical and cross-border concerns going forward in 2017.
The 2016 U.S. election results have provided an opportunity for the Republican Party to pursue legislation through their majority positions within both houses of Congress. The Trump administration has started to outline its priorities (over both the first 100 days and duration of its term), as it transitions into a governing role.
The Trump administration has expressed a desire to reduce some of the regulatory requirements impacting financial services firms, including portions of the Dodd-Frank Act and the DOL Fiduciary Rule, among others. Financial services firms have made significant investments and changes to their operating models to comply with these requirements over the past several years and efforts to roll them back introduces some uncertainty to market participants.
Additionally, the Trump administration has shown a willingness to utilize evolving and non-traditional communication techniques (i.e., President Trump’s use of Twitter). In response, financial services firms have been forced to recalibrate some of their market monitoring practices and risk management techniques.
Brexit and its overall impact on the construction of the EU continue to be a focus area for financial services. The triggering of Article 50 will open the two-year negotiating window for the UK to exit the EU. The UK has outlined its initial negotiating positions, whereas a decision on “passporting” may require firms across the financial services industry and all industries to reevaluate their operating models and location strategies.
Elections scheduled across Europe (i.e., France, Netherlands, Germany) in 2017 have the potential to shape the overall construction of the EU going forward, should trends towards populism and nationalism continue.
What are your thoughts on cyber risk moving forward into 2017?
While I wouldn’t classify cyber risk as an emerging risk, it was identified by market participants as the top risk in our most recent DTCC Systemic Risk Barometer Survey, and has been the top risk for each survey since the Barometer Survey was launched in 2013. That being said, I do expect cyber risk be a continued focus and investment area for financial services firms (and all companies) in 2017.
The financial services industry represents the largest (non-government) concentration of investment and spending in the area of cyber security. As such, the cyber defense capabilities across financial services firms continue to improve with this investment.
However, the complexity, sophistication and persistence of cyber attacks continue to increase at a faster rate than defense capabilities. Financial services institutions continue to be the targets of cyber attacks, with successful attacks occurring at the Bank of Bangladesh, SWIFT, and Bitfinex, to name a few in 2016.
A number of regulators have provided guidance for financial services firms in order to baseline standards and develop cyber security requirements – but this has created difficulties for firms to harmonize and map their cyber security requirements across the guidance outlined by the various regulatory agencies.
What do you view as the most important lesson of 2016?
2016 highlighted that there are limitations in the ability to forecast and predict both the outcome of events, as well as their impact on markets. During 2016, the financial services industry grew increasingly aware of the need to prepare for the unexpected and the importance of implementing robust risk management practices to increase resiliency.
This discipline proved especially critical during the swift decline in the price of oil and volatility that rippled across Chinese markets in early January, the Bank of Bangladesh cyber theft and the sterling (GBP) Flash Crash in October. Of course, the unexpected results of the Brexit vote and the U.S. election also tested the ability of financial markets to function effectively during times of stress and high volatility.
While market participants and policymakers have made good progress advancing their risk management practices, the ongoing evolution of market structures and industry-wide transformation require that risk programs be flexible in order to adapt to changing circumstances. Risk management must remain a priority for the financial services industry to ensure that the collective industry is adequately prepared to protect against existing and emerging threats.
What steps can the financial services industry take to help mitigate the impact of these emerging risks?
What some of these risks and concerns are telling us is that the financial system is becoming increasingly complicated and interconnected. In conjunction, the remit of risk management for financial services firms needs to expand and evolve as well – the traditional risk management framework may no longer be enough. For example, models may need to be reviewed with assumptions, inputs and outputs subject to thorough challenges, risk tolerance levels and acceptable risks may need to be revised, stress testing and simulations may need to increase in both frequency and sophistication, etc.
As such, the skill sets and capabilities of risk management professionals also need to keep pace with this expanded remit of risk management. Traditional skills alone may not be sufficient moving forward for risk managers. Creative thinking, intellectual curiosity, and flexibility are going to be core competencies for all risk management professionals to complement some of the more traditional requirements, such as intellectual capacity, discipline, rigor, and an analytical mindset.
What are some of the practices or techniques that DTCC has instituted within its broader risk management framework to address these emerging risks?
Based on the emergence of some of these broad geopolitical risks, DTCC has enhanced its risk management capabilities to formalize its internal process for geopolitical risk tracking and monitoring.
DTCC has instituted a dedicated process for mapping, identifying, and monitoring upcoming geopolitical events, such as future elections, central bank monetary policy meetings, and key global milestones. This inventory of upcoming geopolitical events is defined and prioritized with potential and expected outcomes detailed.
For geopolitical events that may have potential systemic or market moving implications, DTCC will continue to utilize pre-mortem meetings as a component of its planning efforts. These pre-mortems will focus on the preparation and readiness efforts (from an operational and technological perspective) ahead of the geopolitical event date. These pre-mortems will also incorporate a “designated skeptic” to challenge the status quo and ensure that all possible outcomes are represented in an effort to counter group think and confirmation bias.
We utilized our Systemic Risk Office (SRO) and the Systemic Risk Council (SRC) to mobilize key stakeholders and senior leadership across DTCC to drive our readiness efforts, ahead of the UK Referendum Vote and U.S. Elections in 2016. As a result of these readiness efforts, DTCC was optimally prepared to manage the market’s reaction to these events in 2016.
Additionally, DTCC continues to make investments to expand and strengthen its Regulatory Relations and Government Relations practices on a global scale. These increased capabilities allow DTCC to maintain a proactive dialogue and ensure both transparency and visibility into regulatory and policy developments.