A Post Covid-19 World: Is your Private Bank Future-Ready?
The Covid-19 outbreak has developed rapidly in 2020 with far-reaching implications, says PwC. With new ways of working, it also changes the risk landscape for private banks. Nobody quite knows what the new normal will be. We share below some of the changes and emerging risks that have reared its head amongst the industry, and we urge private banks to plan their responses accordingly.
By Kian Leong Quek, Partner, Financial Services Assurance; Abigail Chen, Senior Manager, Financial Services Assurance; and Eva Tsang, Manager, Financial Services Assurance, Singapore, PwC
Customer due diligence risk
Travel restrictions and lockdowns have heavily affected traditional face-to-face interactions with customers. This may increase difficulties in implementing customer due diligence requirements such as documents refresh, or delays in obtaining corroborating evidence for due diligence purposes. Notwithstanding these challenges, the Monetary Authority of Singapore (MAS) continues to keep a close eye on Money Laundering and Terrorist Financing risks and whether financial institutions are appropriately mitigating these risks in response to the evolving Covid-19 situation.
Private banks should consider the different challenges that may arise and formulate practical solutions accordingly, be it by making provisions for certain scenarios on a risk-based approach, or by enhancing its monitoring mechanisms so as to track backlogs closely and other related impacts arising from the challenges in these times.
Incidentally, Covid-19 has accelerated digitalisation across the industry, particularly in front end client communication. This would lead to ever-increase in the amount of data collected, stored or communicated in digital forms. Private banks should consider how to better leverage the use of data/insights enabled platforms to augment digital interactions as a differentiator.
What is your future state customer journey and how can you integrate customer data collected with the use of digital platforms and solutions to address CDD risks efficiently and effectively, whilst enhancing customer experience as a differentiator?
One of the top key emerging risks for private banks is conduct risk, and MAS has been taking active steps in recent years to drive the culture and conduct risk agenda across the financial institutions.
The Covid-19 pandemic has triggered historic high levels of market volatility and trading volumes, and on top of that, private banks have had to address the challenge of a mass migration of employees working from home. Across the capital markets, sharp price adjustments have been observed over short periods of time, and it is likely that unexpected losses could bring to the spotlight allegations of mis-selling or inappropriate sales and advisory practices.
The shift to work from home practices presents additional challenges in ensuring adequate record-keeping and retention of orders taken outside of the bank’s traditional channels.
To manage conduct risks remotely, private banks should first focus on critical risks and assess whether related controls may require adjustments for remote working arrangements. Where policies have been relaxed or businesses have been most disrupted (for example, volumes, alert triggers, change of processes, and affected resources), private banks may consider performing targeted supervisory and compliance monitoring reviews in these areas. In the area of emerging risks, private banks will need to plan their responses by assigning responsibility and setting up multi-functions task force as necessary to tackle the issues from multiple perspectives.
Do you have the right tone at the top and the processes and frameworks to instil a culture of collective and individual accountability? Are there dynamic processes to gather monitoring and surveillance inputs and outputs so as to enable supervisory oversight in a fast changing environment?
In the area of cyber risk, private banks are exposed to increased vulnerabilities, such as improper sharing of information via use of unapproved channels, and risk of data leak as a result of bankers handling sensitive information while working from home. Additionally, Covid-19 has corresponded with a sharp rise in cyber-attacks via phishing emails and mobile messages. Understandably, these resulted in heightened scrutiny by regulators alongside increasing penalties for data breaches.
Staff vigilance is key in the face of cyber threats. Also, private banks should proactively identify the vulnerabilities of its critical IT assets and fortify its defences accordingly. As for unknown weaknesses, private banks need to be equipped with a robust incident management process in preparation for the when, not the if.
Are you securing your operations against cyber threats impacting your critical IT systems and key information assets such as customers’ assets and data? Have you built resilience to deal with cyber threats?
Every crisis brings challenges as well as opportunities. Whilst banks are prompted to reassess strategies and adapt its working practices for the new normal, it should not forget to assess the evolving risks and scale up with better tools, technology, and process improvements to enable effective oversight and supervision.
Start building resiliency today, for the opportunities of tomorrow.