2021 Financial Services Horizon Scanning for Assurance Functions

Our annual horizon scanning documents provide a point-in-time view of the risks facing the financial services sector over the next 12-18 months. These documents are highly useful to internal audit functions in developing audit universe, risk assessment and 2021 audit plans, as well as for the C-suite, executive directors and non-executive directors responsible for the governance and control of financial services institutions.

Disruptive forces such as the coronavirus (COVID-19) pandemic, the geopolitical environment and social- and climate-related concerns are driving a change in how internal audit (IA) and other assurance functions act. There is a conflicting demand on IA functions to continue to demonstrate adequate assurance coverage, while delivering insight and value, in an increasingly “real-time” manner. At the same time, audit committees are increasingly interested in the complete view of risk coverage by their assurance functions, and to see coordination between these functions.

This year’s documents seek to provide you with our view on the market issues impacting the financial services sector in 2021 and beyond, collated through our own experiences and insights from our subject matter experts. We have split these issues into micro risks, presented alongside the key IA focus areas relating to each risk, and macro risks, which illustrate the wider risk landscape in which financial services firms are operating.

Macro risks

When planning for rapid change, organisations have to consider not just technological disruption, but societal change. Regulatory changes and technological advancements have made it easier for consumers to switch service providers, and they’re increasingly choosing those which align with their political and social beliefs, and are willing to engage with them via their preferred social media platform. Organisations have to keep pace with what is important to their customers or they’ll be replaced by more agile competitors.

So what issues are front and centre for customers?

Reputation and purpose are increasingly important for customers in every industry

  • The Black Lives Matter (BLM) movement has re-emphasised the lack of significant movement on the D&I agenda. Although there has been a growing effort from organisations, there has been little material change in the diversity of firms, and pay gaps remain. Whilst organisations talk about diversity, there is continued agreement that opportunities are still not equal for all.
  • Response to climate risk is becoming a critical factor, impacting how customers spend and save their money, how stakeholders invest and, increasingly, attracting regulatory scrutiny. Green credentials are fast becoming not just an opportunity for organisations to differentiate themselves but an expectation.

Digitalisation has changed behaviours and is now changing how we work

  • Changes in customer behaviour, that might otherwise have taken years, have occurred in a matter of weeks as a result of COVID-19. Even customers who had previously resisted change have adjusted their habits. Organisations that deliver the most complete and effective digital experience, and support their customers through this transition, will be the biggest winners.
  • Through the pandemic, staff will have become accustomed to working from home, and performing unfamiliar tasks, such as supplementing contact centre staff, to cope with spikes in demand. Organisations must assess the advantage of formalising this arrangement on a permanent basis, whilst considering how to manage the increase in risks such as fraud and customer confidentiality. A more decentralised workforce is likely to reduce the cost of providing central premises, whilst increased flexibility and remote working opportunities can help attract potential employees for hard-to-fill vacancies. It may also become more economical to return back-office functions to the UK.

Micro risks

Last year we highlighted a significant number of micro risks to be considered for the audit plan. This year we have refined this to focus on a few key thematic risks that have been at the forefront of the minds of the regulators, C-suite and Boards. Click on each thematic micro risk for further information.

Business resilience

Operational resilience and financial resilience were at the front of the regulators mind last year, and the COVID-19 pandemic provided a practical test for many organisations of their business resilience capabilities. In this section we bring together the key areas of consideration to ensure your organisation is resilient, not just for the current crisis, but for the potential second wave of COVID-19, and any other future crises, be it climate change, geo-political instability or technological disruption.

  • Operational resilience
  • Cyber resilience
  • Outsourcing and third party risk management
  • Recovery resolution planning
  • Liquidity
  • Capital
  • Prudential regime for investment firms
  • Collections and recoveries
  • Climate risk
  • Environment, social and governance risks

Financial crime

Financial Crime is an increasing concern for all financial institutions. Preventing and detecting financial crime is rapidly evolving to be one of the biggest challenges for financial institutions, the impact of which extends well beyond monetary losses to reputation and brand, employee morale, business relations and regulatory censure.

  • AML/KYC
  • Market abuse and surveillance

Change risk

Across the financial services sector, organisations are undertaking increasing volume and complexity of change, delivered as part of projects and programmes that make up large change “portfolios”. This is set to increase in light of the recent pandemic and changes to the future economic outlook.

  • Programme assurance
  • Portfolio assurance
  • Post-COVID-19 transition
  • Strategy
  • Authorisation activity
  • Cost management
  • LIBOR
  • IFRS 17

Technology risk

Cyber security continues to be a top priority for regulators, with increased expectations on firms to produce detailed real-time IT risk reporting. AI and robotics are driving innovation across the industry, and the increased move to cloud-native technologies represents a significant change to organisations’ technological footprint and expertise requirements of employees. Customers increasingly expect to be able to access their information and manage their accounts at all times and from a range of devices, all of which need to run smoothly and be secure.

  • Technology architecture and IT risk reporting
  • Cloud migration
  • IT development and operations

Conduct risk

Conduct risk has been dominated in 2020 by COVID-19. As the seriousness of the situation became clear towards the end of Q1, the FCA moved quickly to announce a series of measures for firms to try and help ease the financial burden on customers who may have been affected, furloughed or even lost their job. The measures were set out in various papers in a very short period of time, as the FCA along with other regulators moved to try and protect the economy, customers and financial services firms themselves.

  • Affordability
  • Treatment of vulnerable customers
  • Customer journey
  • Insurance pricing and product value
  • Policy coverage
  • Suitability of advice
  • Trade and transaction reporting & algorithmic governance and control

Workforce risk

Now more than ever, it is imperative that organisations proactively manage their workforce risk. They need to combine strong governance and leadership, a clear diversity and inclusion strategy underpinned by data analytics, a cohesive culture with supporting behavioural frameworks, and flexibility which empowers the workforce and encourages a strong focus on wellbeing. These four factors, when combined with a clear organisational strategy and supported by strong people processes, will allow organisations to continually adapt and improve to effectively manage workforce risk.

  • Governance and leadership
  • Diversity and inclusion
  • Flexibility and wellbeing
  • Culture and behaviours
  • Workforce planning
  • Remuneration
  • Tax

Download

Contact us

Steve Frizzell

Steve Frizzell

Internal Audit Partner, PwC United Kingdom

Tel: +44 (0)7802 659053

Follow us