Insights

for the changing world

KPMG Regulatory Barometer 2022

October 2022
Powered by: KPMG Regulatory Horizon

Quantifying regulatory pressure

Welcome to the KPMG Regulatory Barometer – measuring the impact of regulatory change.

The new KPMG Regulatory Barometer aims to help firms identify the key areas of pressure across the evolving UK and EU regulatory landscape and measure the impact of the likely change.

Financial services firms have to handle frequent regulatory updates from multiple sources and it can be difficult to distil the volume and complexity of regulatory change into a single view. The pandemic brought lasting impacts which provided regulators with new perspectives, and the ongoing conflict in Ukraine has brought further uncertainty. Alongside geopolitical concerns, worsening economic conditions with financial stability and cost of living implications, changing customer demands and behaviours, sustainability concerns, and use of new technologies are all influencing regulatory agendas.

The Barometer aims to:

  • Offer a consolidated source of regulatory intelligence
  • Assess the extent of regulatory pressure across key themes
  • Provide a single metric to represent the size and complexity of the challenge

This edition identifies nine key regulatory themes and assigns them each a regulatory impact score based on attributes such as volume of updates, complexity and time to implementation. The theme scores are aggregated into an additional single metric to represent the level of regulatory pressure – over time, we will track these scores to gauge whether the relative pressure is rising, falling or remains constant.

Regulatory Impact Scores

Based on the volume of regulatory updates, the complexity of underlying rules and the challenges of implementation.

Read more

Maturity Indicators

A sliding scale from Emergent through Developing then Implementing to Mature/BAU.

Read more

EU:UK divergence?

Our view of where key EU:UK regulation is likely to align or diverge.

Read more

We hope you find this edition of the Barometer useful – we welcome your feedback and will be adding new features in future issues.

Key regulatory themes and messages

For this first edition, the aggregate Impact Score is 6.9, with theme-specific scores ranging from 8.9 for ESG and Sustainable Finance to 5.3 for Governance. This aggregate score suggests a significant level of regulatory pressure when considered across of the key themes. The higher the score on the Barometer, the more oversight and resources firms need to devote to regulatory change, although this will depend to some extent on individual business models.

It is unsurprising that ESG and Sustainable Finance top the scores, due to the sheer volume of new and developing initiatives and the challenges of implementing detailed requirements very rapidly to support environmental policy targets. Next is Financial Resilience where there is significant long-term complexity in finalising Basel reforms, reviewing Solvency II and integrating climate risk.

The cross-cutting impacts of regulating Digital Finance across crypto assets, central bank digital currencies, AI and machine learning, platformisation and data all contribute to a relatively high score and reflect the fact that new rules are being debated but are not yet implemented. Some Operational Resilience policy is already in place, but extensive new requirements are either proposed or awaited for digital resilience and critical third party providers. FMIs are under increased scrutiny due their increasing complexity and growing systemic importance. Enhanced Customer Protection is being driven by a conscious shift towards outcomes-based regulation and the introduction of value for money considerations. The scores for developments impacting Capital Markets and the EU: UK Border reflect no new regulation but the review, evolution and divergence of existing rules. And the relatively low score for Governance is not due to the easing of regulatory requirements but to the relative maturity of those requirements.

For more detail on each of the key themes, click on the graphic or scroll down.

01
Developing
8.9

Delivering ESG and
sustainable finance

ESG (environmental, social and governance) concerns are the issues most discussed by regulators, industry and investors around the world. Commitments to reaching net zero, by governments and companies, are driving change across the economy in general and in financial services in particular. Stakeholders and investors are demanding greater transparency. And, in the global pursuit of a “just transition”, focus is expanding to areas such as nature and biodiversity, the circular economy and broader social impacts.

ESG considerations must be embedded across businesses and their value chain, with regulatory requirements a key driver of firms’ ESG strategy. The scope of regulatory rules, frameworks, standards, taxonomies and other guidance is vast and increasing, covering initiatives from corporate reporting to prudential disclosures, transition plans, risk frameworks and stress testing, product labels, ESG data and ratings, the development of carbon markets, stewardship, corporate due diligence and more. In the UK, the PRA led the way on the measurement and management of climate-related financial risk for banks and insurers, with the EU forging ahead on taxonomies, labels and definitions. Both are now gaining pace across the piece, with the UK seeking to position itself as the first net zero economy. In the US, from a slow start, regulatory developments have accelerated significantly under the Biden administration.

Climate-related financial risk

Climate-related risks have the potential to undermine the safety and soundness of both firms and the wider economy. Banks and insurers are required to embed consideration of sustainability factors into their risk frameworks and stress testing. Banks and insurers should understand their own and their clients’ exposures when determining their strategy and business model. Longer term changes to capital and solvency requirements are under consideration.

Read more

Taxonomies

Taxonomies are expanding in both number and technical detail. The initial focus was on environmental objectives but proposals are now being developed in the EU for how best to reflect the “S”.

Read more

Reporting & disclosures

Requirements for corporate reporting and other ESG disclosures continue to expand. Regulators and standard-setters seek comparability and consistency, to provide investors and other stakeholders with the transparency they require, to minimise the risks of greenwashing, and where possible to harmonise global standards. The scope of reporting and disclosures will grow to incorporate social and nature-related risks.

Read more

Product labels and standards

Mandatory product labels are being developed, which will impact the use of current industry labelling frameworks across all sectors. Work continues on the EU Green Bond Standard and, the EU Ecolabel, and mandatory product labels will be developed in the UK.

Read more

Data and ratings

Regulated financial indices and benchmarks are developing, and there are calls for ESG data and rating providers to be regulated. Providers of ESG ratings and data should expect to come under increased regulatory scrutiny. Both ESMA and the FCA are looking at the way ratings agencies incorporate ESG factors into their methodologies.

Read more

Carbon markets

With firms needing to deliver on their own or government net zero commitments, and present credible net zero transition plans, they are likely to turn to carbon markets as part of the solution. However, there is a patchwork of regulation and calls for greater consistency and transparency.

Read more

Portfolio management and advice

As well as being subject to the SFDR disclosure requirements, EU buy-side market participants now need to meet new requirements regarding the integration of sustainability risks and factors. EU MiFID firms need to consider clients’ sustainability preferences and, from November, new product governance obligations.

Read more

02
Implementing
7.7

Maintaining financial
resilience

The development of new or recalibrated rules was put on hold because of the pandemic, but regulators have swung back into action.

Prudential frameworks are being finalised, refined and expanded as regulators seek to maintain and build on the resilience built up since the Global Financial Crisis (GFC). The pandemic and geopolitical uncertainty as a result of Russia’s invasion of Ukraine have reinforced the need to maintain robust levels of capital and liquidity. Supervisors are focused on credit exposures and provisions which may not yet fully reflect COVID-19 impacts and are now compounded by economic conditions.

Financial firms were relatively resilient through the pandemic indicating that measures put in place after the GFC to boost financial resilience (together with decisive central bank and government actions) have been effective. However, the operating environment remains uncertain, and broad structural changes – such as an acceleration of digitalisation (see Regulating digital finance) could amplify challenges faced by individual firms as they recover from the impacts of COVID-19.

Against this backdrop, supervisors are focused on maintaining robust levels of financial resilience. Implementation of remaining framework elements will be completed (e.g. Basel 4) and existing requirements are under review (Solvency II). New frameworks will be introduced (e.g. resolution for insurers). Regulators are also focused on emerging and escalating areas of risk such as climate and cryptoassets and are considering how best to reflect these in prudential frameworks. Stress testing will play a key role in monitoring banks’ and insurers’ vulnerabilities.

Banks

Banks must now focus on implementation of the final Basel reforms (Basel 4 or Basel 3.1) over a multi-year period. Calls for proportionality and consideration of local specificities may result in regional variations, adding to the complexity for banks operating across borders. Resolution and leverage ratio frameworks for banks are largely complete, but will be subject to ongoing review and refinement. A proportionate prudential regime for smaller firms is being developed in the UK, to reduce regulatory burden and encourage competition. And model risk management practices are under scrutiny.

Read more

Insurers

Insurers will need to monitor closely as discussions develop, at global, regional and national levels, on how solvency rules should be recalibrated. Regulators are also focusing on the development of targeted resolution frameworks.

Read more

WAM

Capital requirements for most MiFID investment firms have now changed in both the UK and the EU. These firms are no longer subject to rules that were predominantly designed for banks. The new prudential regimes have streamlined the previous requirements. All firms should have re-assessed their capital requirements and updated their reporting systems.

Read more

Climate & capital frameworks

Climate-related risks have the potential to undermine the safety and soundness of both firms and the wider economy. Regulators and standard setters are considering how best to integrate climate-related risk in capital frameworks for banks and insurers.

Read more

Image of an antena
03
Emergent
7.1

Regulating Digital
Finance

The pandemic has encouraged moves towards digital finance and the widening use of technology. However, regulators are attuned to the risks of new technologies and increased digitalisation as well as the benefits. They are considering how to adjust regulation for the digital world, including the trading and settlement of digital assets.

The trend in digitalisation – doing more things in a digital way rather than on paper or face-to-face – has accelerated rapidly. There has been an increase in online investment tools, and communications are becoming more immediate. Online descriptions of services and products can be dynamic and customised, and therefore more engaging and educative, but also more persuasive.

The digitalisation of client onboarding has increased, including digital know-your-customer (KYC) checks. The use of different forms of digital identity is spreading and regulators’ interest is increasing.

Fundamental building blocks underpinning all technologies and digitalisation are infrastructure and data. Firms need to ensure the integrity of databases, to have the expertise to store and analyse them, and to have in place good governance and controls. They also need to protect customers’ and market confidential data and to share them, to be able to deliver services more efficiently and across borders. This raises legal challenges, which regulators continue to debate.

New technologies bring new and emerging risks. Firms need to think innovatively about how to identify, measure and manage these risks, including the use of new techniques and tools.

Crypto-assets & CBDCs

The accelerating growth of crypto-assets and decentralised finance (DeFi) raises the concerns of financial regulators on issues of consumer protection, financial stability and monetary policy. However, regulators are encouraging innovation in the use of the underlying distributed ledger technology (DLT) in bring efficiencies to the infrastructure and operations of financial markets. Central banks are exploring the use of central bank digital currencies.

Read more

Artificial intelligence and machine learning

As more financial services are delivered digitally, more data is generated and artificial intelligence and machine learning techniques can be used to bring efficiency to firms’ processes, analyse large amounts of data, for example, to help in modelling, and personalise the delivery of services to customers. Financial Regulators have issued guidelines on its use but actual regulation could come from other areas of government as concerns around the use of AI is not confined to financial services.

Read more

Platformisation, Big Tech in Finance

In the last few years there has been a notable entrance of big tech players into finance, offering a variety of platform-based services directly to consumers as well as becoming critical third party providers to traditional financial services firms. Unlike traditional financial services firms, which are designed to operate exclusively within the financial services domain, some big tech firms are choosing to develop and distribute financial products as part of their wider portfolio of existing activities. Policy makers and regulators are having to examine whether the currently regulatory framework is fit for purpose.

Read more

Data sharing and innovation

Open Banking is seen as a successful driver of innovative products and services for consumer. Regulators and policy makers now embedding and refining the regime and they are considering whether the principles of data sharing contained with the open banking initiative can be widened further into the sector to build an ‘Open Finance’ framework.

Read more

04
Implementing
7.1

Strengthening operational
resilience

Regulators have long expected firms to manage operational risks and have in place business continuity and disaster recovery plans. However, operational resilience is now much broader than this and is becoming a key driver of investment and business strategy. Financial regulators view operational resilience for firms on an equal footing with, and as a key driver of, financial resilience and recognise that poor resilience has the potential to impact not only individual firms and wider financial stability, but also to cause significant customer detriment.

Regulators require firms to demonstrate end-to-end operational resilience (including cyber resilience) in their key business activities, to prevent severe disruption and maintain financial stability. Strong governance and accountability is expected, as is robust testing of disruption scenarios. Firms must consider the possibility of multiple concurrent disruptions and the emergence of new threats and vulnerabilities. Extreme events arising from climate change, from floods to wildfires to unexpected snowstorms, could impact physical operations and geopolitical events could challenge operating models. Regulatory authorities have realised that a broader approach to operational resilience — incorporating equally important components such as people, processes, technology and information — is needed. Underpinning all the regulatory initiatives is the common desire to create a financial services sector that is more resilient to disruption, hence reducing the potential for wider contagion, financial instability and harm to end-customers.

The EU and UK have set out clear expectations for regulated firms. However resilience expectations are now extending to a wider range of participants operating in the financial sector. For more on the operational resilience of FMIs see, Delivering Financial Infrastructure. Cloud service providers and critical third parties are under scrutiny.

Critical/important business services and impact testing

New rules highlight the importance of identifying severe but plausible tailored scenarios, and of performing stress-tests to reveal weaknesses in operating models. Firms are required to define the amount of disruption that they would be willing to tolerate and to monitor and measure their ability to remain within these tolerances.

Read more

Digital resilience

Additional demands on systems, processes and data have increased regulators’ focus on firms’ technological resilience. The draft EU Digital Operational Resilience Regulation (DORA) proposes multiple measures to harmonise ICT resilience requirements, with consequential amendments to other legislation. Cyber security remains critical, particularly with accelerated adoption of technology and increasing sophistication of external bad actors.

Read more

Third Party Risk

Outsourcing policies have been in place for some time, but regulatory requirements are now expanding in the EU and the UK, reflecting the growing reliance on and stability risks posed by cloud and other Critical Third Party Providers (CTPPs). New types of firms are likely to be brought within the regulatory perimeter in order to mitigate these risks.

Read more

Image of an antena
05
Developing
6.9

Developing Financial
infrastructure

FMIs are going through a period of significant change as their importance across the financial services ecosystem grows. They have a critical role to play in making financial transactions more efficient and helping to manage risk in the system. Across the financial sector, the need for scale and efficiency has increased in FMIs and is likely to lead to opportunities for consolidation. Increasing use of technology assists with efficiency and scale but can increase cyber risk.

However, against this backdrop of opportunities, regulatory and supervisory scrutiny of FMIs is increasing due to the developing complexity and interconnectedness of markets and FMIs critical role in the smooth and stable functioning of markets and delivery of financial services.

Central clearing

Clearing Houses or central counterparties (CCPs) are now seen as an essential part of financial market infrastructure and generally worked well during the market disruption caused by the onset of the COVID pandemic. However regulators are still exploring the role of margin in the ‘dash for cash’. CCPs’ growing importance is also reflected by developments in stress testing and recovery and resolution regulations.

Read more

Data regulation

Market data (information on prices, bids, quotes, volumes of traded financial instruments and benchmarks and indices) is becoming increasingly important to financial market participants in informing trading and investment strategies and meeting regulatory and disclosure obligations. Many regulators are concerned about the cost, access and reliability of this data and are proposing amendments to existing regulation, considering new regulation and investigating competition issues. These changes could have impacts on the business models of both the data providers and consumers.

Read more

Payments

The payments infrastructure continues to evolve to keep pace with increasing digitalisation and the opportunities and risks this brings. In the UK, work continues on the delivery of a New Payments Architecture (NPA) and the renewal of the real time gross settlement (RTGS) service so that it remains fit for purpose in a digital age. Regulators and policymakers are examining ways to ensure that users are adequately protected when using payment systems and services. They are also keeping a keen eye on the continued need for access to cash.

Read more

06
Developing
6.6

Enhancing Customer
Protection

The nature of products and services, of how they are delivered, and of communications with customers is changing. The perennial question for regulators about the optimal level of customer protection is now set against challenging economic conditions impacting the cost of living, the need to encourage greater private investment to aid economic recovery, and the increased digitalisation. These factors are driving an upward trend in the level of consumer protection rules being developed by regulators.

Consequently, regulators are increasingly interested in how firms ensure that they are appropriately balancing their own commercial and operational considerations with the needs of end-customers. This interest has a particular focus on it being embedded throughout the firm and at all stages of a product lifecycle and customer journey.

Firms must be able to demonstrate how their culture, strategy, business model, product design and operating model deliver fair treatment to all their customers. We are increasingly seeing this take the form of emerging regulation relating to product governance, assessment of outcomes and value for money/fair value.

New fund structures are being introduced or existing structures adjusted, as European jurisdictions compete for share of market growth and cater for private investment in long-term assets to aid economic recovery. The uncertain economic environment has also increased the number of vulnerable customers and focused the attention of regulators. Many customers will exhibit characteristics of vulnerability at specific points in their lives and they should be able to achieve outcomes that are as good as those of other customers.

Outcomes-focused

Regulators are seeking to move firms’ mindsets away from narrow rules-based compliance to a more holistic assessment of the outcomes that they are generating. This is a new approach, with new rules, under consultation or being implemented, which will have a material impact on firms’ culture, strategy and operating models.

Read more

Vulnerable customers

Initially accelerated by the pandemic and now exacerbated by global economic factors impacting the cost of living, we are seeing an increased focus from regulators on developing specific rules relating to the fair treatment of vulnerable customers. This is likely to have a material impact on firms’ existing processes, procedures, product and services as well as on training and development implications for their employees. Associated documentation will also require enhancement.

Read more

Value for money

Across most jurisdictions, there is currently no specific regulatory requirement on value for money across all sectors. However, to help protect customers, some regulators are starting to consider whether or how to regulate price and value holistically. This will have a material impact on the products and services firms offer and associated charges, and will reinforce how fairly customers are treated.

Read more

Product governance

Although product governance rules have existed for many European firms since 2018, there is mounting evidence that they are not being implemented or supervised effectively. Therefore, we are seeing consultations on enhancements to (and/or reinforcement of) the rules. This is likely to result in firms needing to develop further existing process and procedures.

Read more

Image of an antena
07
Implementing
6.4

Reviewing Capital
Markets

The capital markets in both the EU and the UK are undergoing a period of significant change. The UK leaving the EU has changed the structure and concentration of the market as firms have needed to move operations into the EU. The EU is now undertaking mandatory reviews of the mass of regulation that was implemented post-financial crisis, such as MiFID/MiFIR, and the UK is reviewing on-shored EU regulation to adapt it to the UK market. Both jurisdictions are looking to raise their attractiveness as destinations to raise capital for new and growing companies, by reviewing listings and prospectus regulation.

Concerns linger from the market events of March 2020 and regulators are determined that lessons should be learned. Work to analyse vulnerabilities in non-banks continues, with a particular international focus on liquidity management in open-ended funds. At the same time, the implications of the war in Ukraine have posed new regulatory challenges for market participants.

The first hurdle in the transition away from LIBOR to risk-free rates has been cleared, with a relatively smooth switch in the non-USD markets at the end of 2021, but there is still more to do. Wholesale market participants are also looking ahead to see how technology can help assist the markets in moving towards T+1 settlement, tokenisation, digitisation of data, and greater retail participation.

MiFID II/MiFIR review

When MiFID II/MIFIR came into force in 2018, it represented a comprehensive and profound reshaping of how EU financial markets, products and services were regulated and necessitated large regulatory change management projects within firms. The EU review of the legislation and the UK Wholesale Markets review are unlikely to initiate such large-scale changes but firms working in both jurisdictions will need to carefully manage the likely divergence.

Read more

Fund liquidity management

The repercussions of the March 2020 “dash for cash” for open-ended funds in general, and money market funds (MMFs) in particular, are still being considered by policymakers. In the meantime, the financial market implications of the war in Ukraine have underlined the need for fund managers to have sufficient expertise, resources and plans to respond quickly to unexpected developments and meet regulators’ expectations in a robust manner.

Read more

Primary Markets

Regulatory reforms in both the EU and the UK are looking to reduce the regulatory burden in the primary markets to encourage wider participation in the ownership of public companies as well and improve the quality of information investors receive.

Read more

LIBOR Transition

The majority of LIBOR settings ceased at the end of 2021. The FSB noted that the absence of any significant market disruption was a testament to the magnitude of market participants’ efforts and the level of attention from the regulators and industry bodies to support the transition to risk-free-rates. However, firms still need to transition away from the widely used USD LIBOR by mid-2023 and phase out the use of synthetic LIBOR.

Read more

08
Developing
6.4

Redrawing the
EU-UK border

Approaching two years since the end of the post-Brexit transition period, the commercial and operational implications of the new EU-UK border continue to evolve for financial services firms.

Negative impacts to financial markets were avoided at the end of the transition period, in large part due to the preparations undertaken by regulators and market participants. However, regulatory developments since the UK left the EU underline that firms working in the EU, the UK and elsewhere need to continue to monitor regulatory change in both jurisdictions in order to pre-empt disruption to their business and remain compliant.

Governments and regulators continue to work through the implications of the new arrangements, including adapting existing regulatory frameworks and responsibilities. Firms need to be aware of the potential for regulatory divergence and track developments, particularly across fast-growing areas such as sustainable finance.

Outside the EU, the UK is negotiating a Mutual Recognition Agreement (MRA) for financial services with Switzerland to allow the UK and Switzerland to defer to each other in regulation and supervision of firms undertaking cross border financial services. The UK Financial Services & Markets Bill will legislate to allow an MRA framework, as the UK hopes, in the future, to enter into MRAs with other jurisdictions.

Delegation of portfolio management

Following recommendations from ESMA, towards the end of 2021 the European Commission set out proposals to clarify the delegation rules within the AIFMD and the UCITS Directive. Asset managers should continue to factor the ongoing debate on delegation and ‘substance’ into their thinking.

Read more

Fund marketing and distribution

Amid a trend of jurisdictions introducing new or amended fund structures, questions remain around cross-border market access. While existing EU funds can continue to market in the UK if they are registered under the Temporary Marketing Permissions Regime, the final framework for the UK’s Overseas Funds Regime is still to be operationalised. The details may determine how firms structure their operations.

Read more

Regulated markets and clearing

EU firms’ ability to access services in third countries and the corresponding regulatory treatment continues to evolve. The Commission has extended equivalence for UK CCPs until June 2025, amended its 2021 equivalence decision for US CCPs and recognised exchanges supervised by the SEC as equivalent to EU regulated markets.

Read more

Cross-border services

In the absence of equivalence determinations, cross border access to professional clients remains largely the responsibility of national regulators. For the banking industry this may change under proposed amendments. More broadly, EU authorities continue to focus on reverse solicitation and ‘substance’ in EU entities. In the UK, regulators are working through applications from firms in the Temporary Permissions Regime (TPR). Looking ahead, the overseas market access framework in the UK is currently being reviewed by HMT.

Read more

Image of an antena
09
Mature
5.3

Reinforcing governance
expectations

Supervisors continue to reinforce the need for good corporate governance. This is particularly heightened since the widespread move to hybrid and remote working which has changed firms’ practices and introduced new challenges to both governance frameworks and operations.

Good governance enables the clear identification of fit and proper senior managers, supports the performance of their roles and responsibilities and allows them to be held accountable. Regulators are therefore re-asserting the importance of robust governance arrangements in the interests of market stability and investor protection.

Regulators are increasingly recognising that good diversity and inclusion (D&I) practices reduce risk for regulated firms by reducing “groupthink”, and they are calling out pay gaps and lack of diversity among firms’ boards and senior management.

The significant volume of new ESG requirements and developments in digital finance will require boards to implement and oversee robust regulatory transformation programs with clear designation of accountability across all three lines of defence.

Culture

There is a growing recognition of the powerful roles that culture can play in a firm. Regulators are identifying that, in many instances of poor conduct, deep-set cultural issues have been present and that firms with healthy cultures are less prone to misconduct. An assessment of culture, coupled with other regulatory initiatives can give deeper insights into whether firms operate and are governed in line with regulatory and wider societal expectations.

Read more

Accountability

Initially driven by a response to the GFC, a number of regulators implemented regimes, starting in the banking sector, that required firms to allocate accountability for senior management functions to specific individuals. The rationale was two-fold: to drive up standards within firms as individuals take greater ownership and to simplify supervisory/enforcement action by regulators where individuals are dishonest and/or negligent. These regimes are now expanding in scope across financial services and being introduced in more jurisdictions.

Read more

Oversight

Oversight of a firm’s business and regulated activities by its Board remains a key regulatory theme, particularly since the widespread shift to hybrid and remote working. As noted in our chapter on Strengthening Operational Resilience, third party risk management remains important. In the WAM sector, supervisors are also scrutinising fund governance arrangements and associated oversight capabilities.

Read more

Diversity & Inclusion

Regulators are increasingly recognising that good D&I practices reduce risk for regulated firms by reducing “groupthink”. Following the lead of regulators such as the Central Bank of Ireland, the UK, the FCA, PRA and Bank of England are now seeking to accelerate the pace of meaningful change on diversity and inclusion across sectors.

Read more

Image of a man and an antena

Glossary