‘One year into the COVID-19 pandemic: key considerations for the financial services industry’

The COVID-19 pandemic has caused unique humanitarian disruptions and unprecedented challenges to the global economy, not least to the financial services industry. This article provides a high-level overview of the impact of the pandemic on the financial services sector, considers whether regulated firms operating within the industry were well-positioned to weather such an unpredictable storm, and comments upon the anticipated reaction from the industry to address any shortfalls exposed in operational processes and the framework regulating the conduct of firms’ business, one year into the pandemic.

The net impact of the pandemic on market participants operating in the industry culminated in heightened liquidity, credit, solvency and cybersecurity risks, to name a few. According to the European Banking Authority, the liquidity coverage ratio of EU banks as of June 2020 remains in check notwithstanding the acute effects of the pandemic. Similarly, the sound capital positions of the insurance sector prior to the outbreak of the virus provided insurance undertakings with certain buffers which came in handy to fight the impact of financial shocks on the sector, although the uncertainty around the medium- and long-term economic consequences of the pandemic on insurers (and the industry in totality) remains. However, the pandemic prompted liquidity challenges in certain areas of the investment services and funds industry, particularly for firms trading in fixed income securities and less liquid assets, such that in the initial stages of the pandemic entities faced an uphill struggle to maintain adequate liquidity levels as a result of depreciation in asset value and surges in volatility, coupled with substantial redemptions from customers invested in various asset classes.

The effects of the pandemic on financial services operators should be seen in the context of the existing legal and regulatory framework governing the banking, insurance and securities sectors, all of which are highly regulated industries at an international, regional and local level. In general terms, entities undertaking business within this space are subject to rigorous operational, governance, compliance, risk management, and anti-money laundering and terrorist financing requirements, and are therefore better placed, at least on paper, to withstand external pressures posed to the business by their very nature.

One of the fundamental obligations imposed on regulated entities is to implement sufficiently robust business continuity and disaster recovery arrangements within their systems in order to prevent potential threats from harming their business, and which enable firms to resume operations in an efficient manner in the event that such threats manage to penetrate their systems. A regulated entity is therefore expected to implement preventive measures, plan appropriately and undertake impact assessments, in order to ensure that the entity is able to tolerate a certain level of stress and ensure continuity of service, chiefly in terms of systems, people and processes. Indeed, in March 2020 the European Securities and Markets Authority (ESMA) released a statement recommending financial market participants to deploy their business continuity measures, as and to the extent necessary, in order to maintain operational continuity in line with regulatory requirements. COVID-19 certainly put firms’ operational resilience to the test and epitomised the calls of regulators for firms to establish and implement business continuity plans within their operations, which they were required to activate practically overnight to deal with the outbreak of the pandemic.

In today’s day and age, the conduct of the business of financial services operators is largely reliant on a skilled workforce and safe, secure and reliable information technology (IT) systems. COVID-19 permeated the modern financial services industry in a manner that was inconceivable to it prior to the first quarter of 2020, leaving the industry with no other option than to adapt to new norms of social distancing and remote working or risk succumbing to the consequences of the virus. Naturally, while firms that had invested in appropriate risk management frameworks (including appropriate human and technological resources) over the years were better equipped to deal with the turbulence, by and large, the industry confronted the challenges posed by the pandemic in a remarkable manner.

Against this backdrop, market operators and regulators should work in tandem for the continued success and growth of the financial services industry. The manner in which stakeholders collaborated since the pandemic hit Europe’s shores is a testament to that. Indeed, we have seen that firms, albeit subject to stringent legal and regulatory requirements, were not left to skirmish with the consequences of the pandemic singlehandedly, with measures – ranging from recommendations to utilise capital and liquidity buffers to absorb losses, to postponements in reporting deadlines – having been introduced at a regional and national level to alleviate the pressure. Regulators were and remain sensitive to the difficulties faced by the industry and continue to play a crucial role in safeguarding investor protection, financial stability and market integrity.

That the industry managed to cope with the pressures posed by the pandemic to the extent it did is certainly a vote of confidence in recent regulatory reforms which have been codified into legislation and implemented at a regional and national level. This experience also validates the importance of having a robust legal and regulatory framework in place and of regulators’ supervisory role in examining firms’ extent of compliance with their obligations at law. Nonetheless, regulatory regimes should reflect the best possible understanding of how market events may impact regulated entities and, in this sense, the shockwaves caused by the pandemic should serve as a key yardstick for regulators when conducting future reviews of regulatory frameworks. By way of example, ESMA’s guidelines on liquidity stress testing applicable in the context of the investment services and funds industry entered into force in September 2020. Closer to home, it is no coincidence that the Malta Financial Services Authority – Malta’s single regulator for financial services – highlighted information technology risk, cybersecurity and security risk management as key areas of focus in its supervisory priorities for 2021. Also, one year into the pandemic market operators most definitely value the importance of their IT systems and identify them as critical areas of business. Firms should therefore consider this experience as an opportunity to assess the resilience of their operational risk management frameworks, and allocate adequate resources to ensuring that their systems are capable of dealing with the relevant risks. Firms may also expect regulators to focus their supervisory efforts on these critical areas of business in months and years to come.

As the rollout of the vaccination programme is gathering pace and restoring confidence that life may eventually return to pre-COVID-19 norms, perhaps with certain permutations, the local financial services industry’s road to recovery may be somewhat longer and steeper, not solely due to the pandemic, but also in light of the testing times the jurisdiction is facing. That said, over the years Malta has been able to cope with challenging times, and it is apt for this perseverant mentality to steer the industry in a direction that will lead to enhanced standards and increased resilience, even more so considering that the financial services sector has been a major contributor to the sustainable growth of the Maltese economy. The stage is set for stakeholders to grab the bull by its horns.