Top 10 op risks 2021: regulatory risk

Big dip in fines belies lingering fears over Covid loan mis-selling and sanctions risk

When supervisors intervened in markets over the past 12 months, it was more often to protect lenders than slap firms with fines: with a couple of notable exceptions, regulatory penalties in 2020 plummeted as Covid-19 spread across the globe.

Still, regulatory risk – the fear that changes to rulesets and supervisory expectations create openings for operational mis-steps, disclosure challenges, restrictions on activity or straightforward financial penalties – is never far from thought for banks, stung by fines and penalties totalling almost $1 trillion over the last decade.


Those changes do not have to take the form of regulators wielding a big stick, or even be aimed at banks themselves; last year’s huge government intervention programmes are a case in point. Like many official sector initiatives put together in a hurry, lenders fear the government support packages could become a major source of operational risk.

Any rapid deviation from stated regulatory policy carries its own risks, many argued at the time: “We were having to implement new government programmes at lightning speed,” says a senior op risk executive at a large North American bank.

Regulators’ swift attempts during the springtime to help banks free up liquidity to support the economy created difficulties from a nuts-and-bolts modelling perspective – as well as a potential source of reputational risk for those firms that rapidly became seen as outliers. Deutsche Bank, for instance, attracted scrutiny for its decision to extend the economic forecast horizon on its loan-loss provisioning model out to three years – even though it argued its move was designed to free up liquidity provision to the real economy in line with official sector requests – a decision that was subsequently vindicated.

The speed with which emergency loans to stricken businesses were rolled out meant banks were forced to expedite some of the usual key processes that safeguard against accusations of mis-selling by failing to rigorously assess whether new loan products meet client suitability criteria – chiefly, whether a customer actually needs the product, can afford it and that it is offered on a non-discriminatory basis.

In the US, the Paycheck Protection Program, designed to provide financial assistance to small businesses, resulted in allegations that large banks employed deceptive lending practices that favoured large clients by providing forgiveness of loan proceeds for up to two-and-a-half times an owner’s monthly payroll.

As the speed of change accelerates, organisations need to have appropriate processes in place to manage the changes. Covid has clearly pushed the pace of change to the limit.

“As an example, when we implemented the PPP programme, the rules came out on a Friday and we were up and running on a Monday. That doesn’t happen normally,” the senior op risk executive says, grimacing with understatement. “We were never [before] forced to operate at such speed.”

Another senior op risk manager at a large European bank says the dynamic holds true for their country’s Covid loan programme rollout too – and foresees trouble down the line if the political landscape shifts decisively against banks, as it did after the financial crisis.

“I think everybody’s a bit nervous. We were asked to essentially execute against a government mandate at a speed that wasn’t consistent with normal processes. We weren’t asked to do much about checking affordability, and those sort of elements. You’re taking a leap of faith you got things right, and that the regulators and politicians won’t change [their attitude]. Because in five years’ time, if we have a government that says ‘no, we won’t [honour] any of the loan guarantees – the whole thing was your fault’ – then everyone is sitting on billions in unprotected credit risk. I don’t think that’ll happen – but there’s bound to be some ugly things that crawl out from under the woodwork, because it was so hard to do,” he says.


While 2020 brought fewer losses overall from fines and penalties, there were notable exceptions: Goldman Sachs’ mega $5 billion in penalties, settlements and disgorgements for its role in the 1MDB fraud being by far the largest of these. Citi was also fined over control failures that led to the bank inadvertently wiring more than $900 million to a group of hedge funds it was involved in a lending dispute with. The bank’s chief risk officer, Brad Hu, subsequently departed.

Sea-changes in the political landscape can also lead to shifting supervisory attitudes to areas of emerging risk too – and plenty of opportunities for compliance mis-steps. In the US, for instance, regulators have thus far moved with far less speed on climate change. But recent signals suggest that this could change in the near term. In an interview in February, acting Commodity Futures Trading Commission chair Rostin Behnam indicated a more interventionist attitude to climate-financial risk within the Biden administration.

Though government policy can be slow moving, professionals in the financial sector know where their industry is heading. One country-level chief risk officer says that the “most impactful” impetus for regulatory change is increasing awareness among supervisors of environmental risk factors.

“We’re entering a new phase for [the category], which is the quantification of environmental risks,” the CRO says. “Regulators have been kind, in a way, and the market is still being kind” – but the industry knows.

The CRO argues that, in the coming years, financial companies will need to tread cautiously when it comes to investment. “I expect you will have to be very careful [about] which types of exposures you put on; you’ll want to think twice about lending to a client with a negative environmental profile.”

That is certainly true for European asset managers, who will be required to comply with the ‘level one’ requirements of the European Union’s flagship Sustainable Finance Disclosure Regulation (SFDR) from next month, a painstaking new set of disclosure requirements for ESG-labelled investments. Full implementation of the regulatory technical standards will be required in January next year.

Finally, the insidious influence of Brexit continues to pull attention towards diverging regulatory frameworks. Earlier this year reported on swaps trading drifting to the US, as a result of the lack of equivalence arrangements between the UK and EU; more recently, the UK Treasury has suggested it may walk away from the ‘open access’ Mifid II rule, with some commentators asserting that the move will allow exchanges to extract higher profits from customers.

Click here to return to the index


Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here