Financial Services Horizon scanning for Internal Audit functions 2021

08 October, 2020

Disruptive forces including the COVID-19 pandemic, and social, climate and geopolitical concerns are driving a change in how internal audit (IA) functions act. There are conflicting demands on IA functions to demonstrate adequate assurance coverage, while delivering insight and value in an increasingly "real-time" manner. At the same time, audit committees and boards are increasingly interested in the complete view of risk coverage by their assurance functions, and to see coordination between these functions.

An aerial photo overlooking two large skyscrapers of the Shanghai skyline at night, with a misty fog covering the megalopolis.

In light of the current trends and disruption these functions are experiencing, our annual Horizon Scanning report document provides a point-in-time view of the risks facing the financial services sector over the next 12 to 18 months. It will be useful to IA functions developing their audit universe, risk assessment and 2021 audit plans. It is also useful for the C-suite, executive directors and non-executive directors responsible for the governance and control of financial services institutions.

This year's document provides you with our view on the market issues impacting the financial services sector in 2021 and beyond. It is collated through our own experiences and insights from our subject matter experts. We have split these issues into macro risks, which illustrate the wider risk landscape in which financial services firms are operating and micro risks, presented alongside the key IA focus areas relating to each risk. We also include hot topics for the Asset and Wealth Management, Banking and Capital Markets and Insurance industries.

Macro risks

When planning for rapid change, organisations have to consider not just technological disruption, but societal change. Regulatory changes and technological advancements have made it easier for consumers to switch service providers, and they're increasingly choosing those which align with their political and social beliefs, and are willing to engage with them via their preferred social media platform. Organisations have to keep pace with what is important to their customers or they'll be replaced by more agile competitors.

What issues are front and centre for customers?

Reputation and purpose are increasingly important for customers in every industry

The Black Lives Matter (BLM) movement has re-emphasised the lack of significant movement on the D&I agenda. Although there has been a growing effort from organisations, there has been little material change in the diversity of firms, and pay gaps remain. Whilst organisations talk about diversity, there is continued agreement that opportunities are still not equal for all.

Response to climate risk is becoming a critical factor, impacting how customers spend and save their money, how stakeholders invest and, increasingly, attracting regulatory scrutiny. Green credentials are fast becoming not just an opportunity for organisations to differentiate themselves but an expectation.

Digitalisation has changed behaviours and is now changing how we work

Changes in customer behaviour, that might otherwise have taken years, have occurred in a matter of weeks as a result of COVID-19. Even customers who had previously resisted change have adjusted their habits. Organisations that deliver the most complete and effective digital experience, and support their customers through this transition, will be the biggest winners.

Through the pandemic, staff will have become accustomed to working from home, and performing unfamiliar tasks, such as supplementing contact centre staff, to cope with spikes in demand. Organisations must assess the advantage of formalising this arrangement on a permanent basis, whilst considering how to manage the increase in risks such as fraud and customer confidentiality. A more decentralised workforce is likely to reduce the cost of providing central premises, whilst increased flexibility and remote working opportunities can help attract potential employees for hard-to-fill vacancies. It may also become more economical to return back-office functions to Ireland.

Micro risks

There are a few key thematic risks for the financial services sector at the forefront of the minds of the regulators, C-suite and Boards.

Business resilience

Operational resilience and financial resilience were at the front of the regulators mind last year, and the COVID-19 pandemic provided a practical test for many organisations of their business resilience capabilities. In this section we bring together the key areas of consideration to ensure your organisation is resilient, not just for the current crisis, but for the potential second wave of COVID-19, and any other future crises, be it climate change, geopolitical instability or technological disruption.

  • Operational resilience
  • Cyber-resilience
  • Outsourcing and third-party risk management
  • Climate risk
  • Environment, social and governance risks

Financial crime

Financial Crime is an increasing concern for all financial institutions. Preventing and detecting financial crime is rapidly evolving to be one of the biggest challenges for financial institutions, the impact of which extends well beyond monetary losses to reputation and brand, employee morale, business relations and regulatory censure.

  • AML or KYC
  • Market abuse and surveillance
  • Trade and transaction reporting and algorithmic governance and control

Change risk

Across the financial services sector, organisations are undertaking increasing volume and complexity of change, delivered as part of projects and programmes that make up large change "portfolios". This is set to increase in light of the recent pandemic and changes to the future economic outlook.

  • Programme assurance
  • Portfolio assurance
  • Post-COVID-19 transition
  • Strategy
  • Authorisation activity
  • Cost management
  • LIBOR

Technology risk

Cybersecurity continues to be a top priority for regulators, with increased expectations on firms to produce detailed real-time, IT risk reporting. AI and robotics are driving innovation across the industry, and the increased move to cloud-native technologies represents a significant change to organisations' technological footprint and expertise requirements of employees. Customers increasingly expect to be able to access their information and manage their accounts at all times and from a range of devices, all of which need to run smoothly and be secure.

  • Technology architecture and IT risk reporting
  • Cloud migration
  • IT development and operations

Conduct risk

Conduct risk has been dominated in 2020 by COVID-19. As the seriousness of the situation became clear towards the end of quarter 1 (Q1), the ECB and CBI moved quickly to announce a series of measures for firms to try and help ease the financial burden on customers who may have been affected, furloughed or even lost their job. The measures were set out in various papers in a very short period of time, as the CBI along with other regulators moved to try and protect the economy, customers and financial services firms themselves.

  • Treatment of vulnerable customers

Workforce risk

Now more than ever, it is imperative that organisations proactively manage their workforce risk. They need to combine strong governance and leadership, a clear diversity and inclusion strategy underpinned by data analytics, a cohesive culture with supporting behavioural frameworks, and flexibility which empowers the workforce and encourages a strong focus on wellbeing. These four factors, when combined with a clear organisational strategy and supported by strong people processes, will allow organisations to continually adapt and improve to effectively manage workforce risk.

  • Governance and leadership
  • Diversity and inclusion (D&I)
  • Flexibility and well-being
  • Culture and behaviours
  • Workforce planning
  • Remuneration
  • Tax

Industry hot topics

The key risks that should be considered as priorities for leaders in the AWM, Banking and Insurance industries are identified in this section of the document. The impact of COVID- 19 varies across the industries in the FS sector. The impacts which business leaders should assess and prioritise are highlighted.

Asset and Wealth Management

  • Internal capital adequacy assessment process
  • Liquidity
  • Regulatory reporting
  • Prudential regime for investment firms

Banking and Capital Markets

  • Recovery and resolution planning
  • Liquidity
  • Capital
  • Collections and recoveries process review
  • COVID-19 support initiatives

Insurance

  • Recovery and resolution planning
  • Liquidity
  • Capital management
  • IFRS 17
  • Legislative updates
  • Pricing and product value
  • Policy coverage on business interruption

We are here to help you

Risks are continuing to evolve in the financial services sector, often at a far greater pace than ever before. In the COVID-19 environment, the future is far more uncertain and challenging than before. We are ready to discuss the points highlighted in our report with you and share our ongoing insights from our daily client interactions, as you begin either your annual IA planning or ongoing IA plan assessments or both. Contact us today.

Contact us

Andy Banks

Partner, PwC Ireland (Republic of)

Tel: +353 1 792 6805

Chris Cowley

Director, PwC Ireland (Republic of)

Tel: +353 1 792 8258

Follow PwC Ireland