The digital revolution is here, but banks are ill-prepared to deal with the many facets of change. Regulators usually do not seem to be the ones driving the change in positive way, but sometimes things are different. A kind of paradigm shift at the German financial regulator might actually help financial institutions and insurers to increase the technological expertise of their boardrooms.
The digital transformation of Finance is in full swing. FinTech innovators continue to nibble from the incumbents’ businesses, RegTech tries to solve the Gordian knot of growing regulatory obligations, cyber threats expand at unprecedented rates, and consumers increasingly use digital channels to do their banking, A report by PWC earlier this year found that “46% of customers skipped bank branches altogether, relying instead on smartphones, tablets, and other online applications”. The Big Four auditor has now published an outlook on top financial services issues in 2018 and one of its key findings, though little surprising, is that “many firms still struggle with making a digital transformation, even as their future growth may depend on it”. The report names legacy systems, processes, and relationships as the factors that make innovation extremely difficult, even as new technology ramps up user expectations and attracts new competitors.
Surprisingly, help may come from the regulator. Admittedly, we’re fairly critical of regulators as they often seem to be late to the party, especially when it comes to innovation and digitalisation. The German financial regulator BaFIN isn’t one either that has a great track record of support and openness on the global comparison chart of accommodating regulatory authorities. When others praise the UK’s FCA or Singapore’s MSA for their work with FinTech startups, the German watchdog seems a little bit old-fashioned and reserved. The latest monthly BaFin bulletin, however, contains an article that hits the nail on the head. There, the regulator advises the financial and insurance industry of changes to its regulatory practice, as it is one of its central concerns that whether banks and insurance companies are in a position master the challenges of digitalisation appropriately. For this reason BaFin adapts its administrative practice with regard to the necessary practical experience of the management of a firm. It will now be sufficient for a new addition to the board to gain experience in different parts of the bank for a shortened period of six months before taking up the position as long as the person also acquires the necessary theoretical knowledge. Naturally, this relaxation of the rules only applies to the addition of directors in charge of IT and it comes without saying that the person in question needs to demonstrate relevant knowledge and experience in that field.
What is a kind of paradigm shift when it comes to the composition of the board. While previously it was somewhat expected that all members had a profound understanding of all aspects of the business, it now points to a concentration of key areas of expertise. BaFin highlights the importance of the collective eligibility of senior management and the regulator will going forward focus as well on the qualification of the board as a whole as opposed to a limited view of the experience of its members.
It also sounds like this should be the rule, but surprisingly it appears to be more of an exception, though the European regulatory authorities, ESMA and EBA, highlighted the importance of sufficient board expertise in respect of information technology in recent guidelines for the assessment of management bodies. In the joint guidelines published on 28 September, the regulators made it clear that IT is one of the areas financial institutions need to cover when assessing the collective suitability of their management body. With new regulations such as CRD and MiFID II including measures to remedy weaknesses identified during the financial crisis regarding the functioning and composition of the management body within credit institutions and investment firms and the qualifications of their members, technology is a cornerstone of the framework to safeguard proper and prudent management of an institution.
Of course, this change does not come from nowhere as the BaFin article points out: the authors on one hand underline the importance of IT in regard to the risk management of credit institutions and insurance firms due the increasing digitalisation; they also stress the existential risks for such institutions that come with weaknesses in their security systems. Lastly, they emphasize how the competitiveness of banks and insurance companies could also seriously is affected by legacy IT structures and systems and the associated inefficiencies. “In the last few years, information technology has therefore increasingly developed from a basic infrastructure for banking and insurance business into the key technology for new value chains,” the two supervisory employees write.
The intention is clear: if financial institutions do not have understood the sign of times, BaFin intends to force them to do so and right they are. With the technology not leaving any stone unturned, financial institutions have an obligations to do all that is necessary to prepare themselves. Not only for the institution itself, but for its employees, shareholders and a society that cannot be afforded again the bill for the shortcomings of their managements.