Our annual horizon scanning documents provide a point-in-time view of the risks facing the financial services sector over the next 12-18 months. These documents are highly useful to internal audit functions in developing audit universe, risk assessment and 2021 audit plans, as well as for the C-suite, executive directors and non-executive directors responsible for the governance and control of financial services institutions.
Disruptive forces such as the coronavirus (COVID-19) pandemic, the geopolitical environment and social- and climate-related concerns are driving a change in how internal audit (IA) and other assurance functions act. There is a conflicting demand on IA functions to continue to demonstrate adequate assurance coverage, while delivering insight and value, in an increasingly “real-time” manner. At the same time, audit committees are increasingly interested in the complete view of risk coverage by their assurance functions, and to see coordination between these functions.
This year’s documents seek to provide you with our view on the market issues impacting the financial services sector in 2021 and beyond, collated through our own experiences and insights from our subject matter experts. We have split these issues into micro risks, presented alongside the key IA focus areas relating to each risk, and macro risks, which illustrate the wider risk landscape in which financial services firms are operating.
When planning for rapid change, organisations have to consider not just technological disruption, but societal change. Regulatory changes and technological advancements have made it easier for consumers to switch service providers, and they’re increasingly choosing those which align with their political and social beliefs, and are willing to engage with them via their preferred social media platform. Organisations have to keep pace with what is important to their customers or they’ll be replaced by more agile competitors.
So what issues are front and centre for customers?
Last year we highlighted a significant number of micro risks to be considered for the audit plan. This year we have refined this to focus on a few key thematic risks that have been at the forefront of the minds of the regulators, C-suite and Boards. Click on each thematic micro risk for further information.
Operational resilience and financial resilience were at the front of the regulators mind last year, and the COVID-19 pandemic provided a practical test for many organisations of their business resilience capabilities. In this section we bring together the key areas of consideration to ensure your organisation is resilient, not just for the current crisis, but for the potential second wave of COVID-19, and any other future crises, be it climate change, geo-political instability or technological disruption.
Financial Crime is an increasing concern for all financial institutions. Preventing and detecting financial crime is rapidly evolving to be one of the biggest challenges for financial institutions, the impact of which extends well beyond monetary losses to reputation and brand, employee morale, business relations and regulatory censure.
Across the financial services sector, organisations are undertaking increasing volume and complexity of change, delivered as part of projects and programmes that make up large change “portfolios”. This is set to increase in light of the recent pandemic and changes to the future economic outlook.
Cyber security continues to be a top priority for regulators, with increased expectations on firms to produce detailed real-time IT risk reporting. AI and robotics are driving innovation across the industry, and the increased move to cloud-native technologies represents a significant change to organisations’ technological footprint and expertise requirements of employees. Customers increasingly expect to be able to access their information and manage their accounts at all times and from a range of devices, all of which need to run smoothly and be secure.
Conduct risk has been dominated in 2020 by COVID-19. As the seriousness of the situation became clear towards the end of Q1, the FCA moved quickly to announce a series of measures for firms to try and help ease the financial burden on customers who may have been affected, furloughed or even lost their job. The measures were set out in various papers in a very short period of time, as the FCA along with other regulators moved to try and protect the economy, customers and financial services firms themselves.
Now more than ever, it is imperative that organisations proactively manage their workforce risk. They need to combine strong governance and leadership, a clear diversity and inclusion strategy underpinned by data analytics, a cohesive culture with supporting behavioural frameworks, and flexibility which empowers the workforce and encourages a strong focus on wellbeing. These four factors, when combined with a clear organisational strategy and supported by strong people processes, will allow organisations to continually adapt and improve to effectively manage workforce risk.