The pace of regulatory change and technological innovation continues to accelerate across financial services. As institutions adapt business models while preserving trust and stability, 2024 will solidify key policy frameworks around conduct, digital assets, artificial intelligence (AI), environmental, social, and governance (ESG), regulatory streamlining, operational resilience, and Basel III reforms.
Complexity abounds for governance, risk, and compliance (GRC) functions. Continuous regulatory developments must integrate with legacy systems and emerging capabilities like cloud and AI. And new risks, from social media identity fraud to third-party dependencies, require vigilant oversight.
Navigating this landscape calls for GRC teams to match regulatory delivery against the future. Modernising compliance infrastructure and harnessing technology are vital to the efficiency and anticipating what’s next – from the promise and perils of DeFi through to sustainable finance and diversity and inclusion (D&I) trends.
Cognizant’s 2024 GRC outlook summarises seven themes influencing the path ahead over the next 12 months:
1. Embedding Consumer Duty for retail conduct
The Financial Conduct Authority’s (FCA) Consumer Duty remains central to a flagship policy reshaping conduct expectations. With the initial deadline passed, 2024 will solidify Consumer Duty’s central role as firms evidence duty alignment while optimising outcomes.
Closed-book remediation must be finished by July 2024. However, the journey has just begun towards engraining a customer-centric culture through principles-based rules open to interpretation.
The annual evaluation also mandates continuous improvements based on identified gaps. This likely necessitates long-term investments in legacy reconfiguration, data, and analytics for incumbent banks.
2. Cryptoasset regulation comes of age
The crypto winter, sparked by FTX’s collapse towards the end of 2022 and – more recently – a fine against Binance, triggered an industry shakeout. Flagging trading volumes and cratering coin values question fundamental value. However, the promise of programmable money persists with central bank digital currencies (CBDCs) and private initiatives around decentralised finance (DeFi).
After over a decade of non-compliance with traditional financial rules, 2023 marked a pivotal year for cryptocurrency regulation amid extreme market volatility. Following the cryptoasset financial promotions regime – effective from October – the FCA has announced a phased approach, beginning in 2024 with fiat-backed stablecoins and payments use cases before addressing broader digital asset markets.
The aim is to apply traditional policy levers, from anti-money laundering (AML) to consumer protection – to remedy past non-compliance while enabling sustainable innovation like tokenised assets and smart contract automation. The Bank of England (BoE) will explore the potential of a digital pound, and the United Kingdom will consider developing a CBDC. But, overall, this development is a break from crypto’s original raison d'être.
Watch also for the FCA consultation on promoting competition in digital payment services. Open banking laid the foundations for greater consumer choice – the next wave of payment rails could redefine engagement across e-commerce, point-of-sale, and peer-to-peer contexts.
3. Balancing innovation and risks for AI and machine learning
AI and machine learning offer transformational potential across financial services, from customer experience to operational efficiency. Yet assurances around safety, transparency, and ethics remain integral to scalable adoption.
From the recent industry engagement – in the form of discussion papers and feedback statements from the FCA, the Prudential Regulation Authority (PRA), and BoE – it is clear that digital infrastructure, resilience, consumer safety, and data are vital to getting integration right.
The UK regulators continue developing a principles-based approach, avoiding hard-coded rules unfit to govern rapidly evolving technologies. While restrictions apply for inherent high-risk use cases, the prevailing posture supports experimentation under controlled conditions to nurture innovation.
Industry input has emphasised managing third-party dependencies, given the outsized role of external data and models. Cloud provision has likewise raised oversight considerations. Approaches must also address risks surrounding bias, unfair outcomes, and tech determinism, where humans become over-reliant on automated decisions.
Promoting accountability and assurance of AI trustworthiness will help guide usage in a socially responsible manner sensitive to human rights. But, delivering explainable and fair AI against risks of automating harm remains an ongoing journey for firms and policymakers alike.
Meanwhile, regulatory technology (RegTech) and AI promise cost savings that help offset margin pressures from capital and liquidity reforms. Cloud data platforms similarly centralise infrastructures for scalable modelling, monitoring and reporting.
While harnessing technology, the human element remains vital for executives setting conduct, culture and assurance functions contextualising risks. Fostering skills – like root-cause analysis and risk interconnectivity mapping – help firms look inward at their vulnerabilities rather than obsessing over rulebooks.
4. Continued push to issue ESG regulation such as the taxonomy
Sustainable finance rule-making gathers momentum even as ideological battles persist around environmental, social, and corporate governance (ESG) investing. Questions continue swirling over greenwashing, measuring impact and financial materiality amid economic volatility impacting fund flows. And many in the industry report – privately – of suffering from “ESG fatigue."
Nonetheless, the underlying ‘need’ for sustainability and ESG driven initiatives remain as crucial as ever. With unprecedented environmental changes across the globe, there is an increasing concern and willingness to change behavioural patterns for a greater good.
Market-wide ESG transparency and standardisation could spur a race to the top if robust disclosures prevent opacity and virtuous competition isolates credible offerings. Global taxonomies aiming to unify standards also promise to mitigate issues like throwing broad ESG labels on funds lacking measurable, sustainable outputs.
The finalisation of sustainability disclosure rules in the UK addresses principles and definitions to substantiate ESG claims for labelling investment products and company activities. With the European Union (EU) ahead in this race, expect the UK to use 2024 to catch up with the pace.
Ultimately, ESG regulations are focused on transparency and disclosures that will require firms to address data management issues – such as inconsistency and unavailability of data – as well as appropriate reporting.
Yet it’s not all about just the E of ESG. Indeed, the recent diversity and inclusion consultation papers jointly issued by the PRA and the FCA to cover the S highlight how other aspects of ESG are being brought under the regulatory radar. Additionally, the ‘UK Green Taxonomy’ is expected to be finalised.
5. Streamlining UK regulatory frameworks post Brexit
The post-Brexit regulatory landscape is coalescing to support a more tailored, agile UK framework that promotes competitiveness while safeguarding consumers and markets.
The Edinburgh Reforms, a set of reforms to drive growth and competitiveness in the financial services sector announced by Chancellor Jeremy Hunt in December 2022, are centred on efficiency, accountability, and transparency. The following year, the blueprint was cemented through the Smarter Regulatory Framework (SRF), notably consolidating EU retained law under the renewed Financial Services and Markets Act (FSMA) regime that empowers principle-based regulation.
With implementation ongoing, 2024 will realise more SRF benefits. Streamlining disparate rulebooks aims to boost access and trade while increasing accountability through enhanced monitoring. Outcomes-based regulation also better targets real-world impacts aligned to policy priorities like technology innovation or competitiveness.
Smooth transition remains critical, however, to ensure continuity and resilience for incumbent institutions still modernising foundational infrastructure. Smaller firms require help adjusting through more modular, user-friendly guidance.
Post-Brexit focus is shifting from being aligned and compliant with EU regulations to what is relevant for the UK and being a differentiator on the global stage with new evolving relations with the EU, US and the rest of the world.
6. Financial resilience through the Basel III endgame
Almost two decades after the financial crisis, policy emphasis is shifting from resolution to boosting resilience – operationally and financially. As such, the tools of measuring risk have been re-evaluated in the Basel III endgame, to mitigate risks that cause significant failures to cascade across the interconnected market infrastructure.
While the rules have been years in the making, the ongoing debate revolves around whether these changes are justified, with banks emphasising their well-capitalised positions and regulators stressing the importance of safeguarding financial stability, especially in light of the recent bank failures – namely, Silicon Valley Bank and Credit Suisse – that call for the need for vigilance.
Due to frequent service disruptions, new standards target third-party dependencies across cloud and tech ecosystems. Annual stress-testing exercises will gauge response readiness. Enhanced outsourcing rules hold suppliers accountable to continuity assurances.
Financially, completed Basel III requirements impose stringent capital buffers to absorb losses. This places a greater onus on internal models accurately capturing risk exposures. Stress testing likewise checks adequate resources to maintain operations under duress.
While largely written, nuances continue evolving across regions. Ensuring coherent adoption remains tricky as complexity grows, implementing numerous frameworks simultaneously. Heightened economic uncertainty also means requirements may tighten further if market instability endures.
7. Operational resilience implementation focus across the globe
All mature financial services regions have developed their own frameworks for strengthening the operational resilience of firms. Key regulations include the UK Operational Resilience Policy, the EU Digital Operational Resilience Act (DORA) and similar initiatives in the US.
While most policy details are now finalised, some technical standards remain in development. Nonetheless, firms are ramping up compliance efforts for upcoming deadlines between – 2025 for both the UK and the EU, for instance.
A key challenge is not only pure implementation, but doing so consistently when each jurisdiction’s approach differs slightly. The UK framework is broader, covering third parties beyond pure information and communications technology (ICT). DORA’s emphasis stays narrowly on cyber risks and ICT resilience. The US directive splits focus across financial stability, incident response, and sector-specific oversight.
With no “high watermark” framework uniformly adopted, complexity persists. Some outstanding details, like DORA’s technical guidance, further hinder planning. Firms must track each standard closely.
For 2024, continued progress in centralising and implementing controls across resilience requirements is essential. Collaboration with regulators and third parties will help reconcile gaps. While long-term in outlook, these frameworks bring overdue improvements to risk management and systemic stability.
Key takeaways
Financial institutions face unprecedented pressures in 2024 – from geopolitical uncertainty and market volatility to digitisation and de-globalisation. Firms must remain vigilant to external change while executing internal enhancements to business model resilience.
For GRC teams, consolidation around conduct and data use will prove foundational before innovating financial services. Mastering operational resilience and preventing system outages also represents table stakes.
Harnessing RegTech and data and analytics to embed compliance by design will unlock greater responsiveness to regulatory change. Success requires institutionalising agility through technology and accountable customer-centric cultures centred on managing risk.
While rules will become more complex, the principles of good governance – ethical conduct, responsible innovation, and transparency – remain timeless. The institutions that live these values will shape financial services in the next decade, and beyond.