Peak Regulation?

By José María Roldán Alegre, Senior Advisor Kreab

PEAK REGULATION¹?

A few weeks ago, I attended the Eurofi event in Budapest. Back in Madrid, a question was still lingering in my mind. What is the future course of financial regulation in the EU, but also elsewhere? Let me devote a few lines to this issue.

The growing complexity of regulation

The growth of financial regulation in the last decades has been astronomical. Whilst the first Basel Capital Accord of 1988, known as Basel I, had barely 30 pages and 10.540 words, the latest Basel Accord (known as Basel 3.1, Basel endgame, or Basel IV), finalized in 2017, has 1845 pages and 459.573 words. Yes, a single aspect of financial regulation, that refers to the minimum capital banks need to hold, has 61% of the words the whole Bible has! Add to this all the standards that affect the different aspects of financial activities and intermediaries, as well as the local jurisdictions implementations, and you will end up with a Regulatory Framework that is much, much longer than the Bible itself.

Factors affecting regulation 

Where is this increase in the scope of financial regulation coming from? There are two sources for this expansion of the regulatory framework. The first one relates to the increased complexity of financial activity. The second one comes from the impact that financial activity can have on the real economy (and in societies at large).

Complexity

Regarding the increased complexity of financial intermediation activity, it affects all aspects. We have new financial instruments, new intermediaries, and new markets, but also new technologies being applied to old problems (such as AI, for instance). And whilst regulations after WWII tried to fix even the interest rates that banks could charge to clients², the philosophy of the last decades has been to “let one hundred flowers bloom” and regulate thereafter. In other words, financial innovation has not been stopped ex-ante, but rather regulated ex-post.

Impact

Another major source of financial regulation comes from changes in the perceived impact of financial activity, specifically of banks, in the real economy and in society. In this respect, the Great Recession caused by the Global Financial Crisis was the major event that explains most, if not all, the regulatory tsunami that has impacted financial firms, and with intensity, banks³. The crisis, the worst international financial crisis that the world has seen since the 1929 crisis (that led to the Great Depression and that contributed significantly to WWII), was a major element in the creation of the current regulatory framework. And this should not come as a surprise: not only it meant a loss of Global GDP of around 10 to 15%, it also represented the disappearance of several types of specialized financial intermediaries⁴.

The Covid 19 crisis

Despite the severe impact that the Covid 19 pandemic had on society and in GDP growth and, frankly speaking, despite the initial fears of many of us, the permanent impact it had on the financial sector has been negligible. The strong response of governments, combined with a banking industry that was in far better shape than in the past, are elements to explain the paradox. Having said that, the modest impact that a huge crisis had on the financial sector was never considered as an argument to lessen the regulatory burden on banks or other financial intermediaries.

The 2023 US Banking Crisis

In early 2023, a series of small and mid-size banks in the US suffered severe turbulences that led to a full-fledged crisis for three of them (the most relevant, Silicon Valley Bank or SVB). A rapid response by regulators, that guaranteed that deposits of the affected banks would be honored irrespectively of their coverage by the deposit guarantee scheme (beyond the limit of coverage) curtailed any potential contagion.

The problems in the troubled banks, but also in the mid to small-size segment of US banks, were related to a specific issue, the interest rate risk in the banking book (IRRBB), and particularly the lack of application of Basel 3 standards in this area (the US was under no obligation, since Basel 3 standards only apply to internationally active banks).

Despite this, the initial response of US authorities was to propose a further toughening of the rules (described as “Basel 3 endgame”) across all banks, affecting more of the biggest US banks (that were left facing huge increases in their capital requirements). After a rather strong response and pushback by US banks, the initial regulatory response was deeply watered down, going below Basel 3 standards in some areas such as Operational Risk.

The ESG revolution

Although the issue of climate change provoked by greenhouse gases has been identified for a long time, the last decade has seen a growing consensus, both stemming from authorities and the private sector, on the role that financial markets participants and intermediaries should play in ensuring a transition to low emission economies around the Globe. Also, this new consensus has been accompanied by the need to improve governance and social standards in the private sector (and specifically in publicly traded firms), around the widely known acronym “ESG” and the concept of sustainability (from a social, environmental, and economic viewpoint).

The new rules around the disclosure of ESG have also a global dimension, thanks to the work of the ISSB (International Sustainability Standards Board) and other bodies (both from the official and the private sector), although the EU seems to be leading the world effort. The EU taxonomy on environmental sustainability, or the Corporate Sustainability Reporting Directive (CSRD), and the Sustainable Finance Disclosure Regulation (SFDR) are at the forefront of international progress in the ESG area.

In short, the new social consensus on ESG-related issues also represents a whole new chapter in the regulatory framework for financial intermediaries and financial markets.

The Brave New Digital World

Another extraordinary change in the financial sphere is the penetration of new technologies, be it Cloud, AI, speed and reliability of worldwide communications, etc. But with all technical revolutions, new risks emerge: cyber risk, cyber fraud, and operational fragilities stemming from an interconnected digital world create an environment for financial firms full of new possibilities, but also of new challenges. As for authorities, the challenges stem from the need to maintain a safe, but also solid, resilient digital financial framework that can withstand IT-related disruptions.

This is the reason why we have also seen regulatory initiatives around the world on requirements for firms to guarantee the operational resilience of the financial system. In the EU, DORA (Digital Operational Resilience Act), enacted in 2022 and coming into force in 2025, is similar in its approach to rules enacted in other jurisdictions around the world.

One area in which the EU has clearly decided to go ahead is in the sphere of AI regulation. The AI Act, enacted this year, is the first comprehensive regulation devoted to the deployment of AI at a worldwide level. It sets out clear expectations on AI deployment in areas and uses considered to be of high risk and, whilst not just applicable to financial firms, it will impact the financial sector, around the area of provision of financial products (banking as well as insurance products) to retail clients.

The future of international cooperation in the financial field

Most of, if not all, regulations affecting financial intermediaries and markets stem from international regulatory bodies (IOSCO, IAIS, and the Basel Committee, but also the FATF) under the coordinating technical umbrella of the FSB and under the political control of the G20. It is then legitimate to ask whether we can expect this strong international consensus-based regulatory work to continue in the coming decades.

The response is, probably, not. In the current environment of political tensions, a more inward-looking regulatory process seems to be unavoidable. Consider for instance the future role of the G20 in the wake of the invasion of Ukraine by Russia or the geopolitical tensions between the US and China.

However, due to fears around the international competitiveness of financial firms and financial markets, any uncoordinated regulatory response to emerging issues will be, most probably, subdued and limited in scale. Take the example of the Basel agreements on minimum capital requirements. Something as complex as Basel 3 would never have been done in a national, isolated environment: the fears of affecting the international competitiveness of your banks and, finally, your economy would make such a move unrealistic.

Have we reached “Peak Regulation”?

The answer to the question is, most probably, yes. The regulatory cycle that started with the Global Financial Crisis is clearly maturing. The regulatory paradigm constructed in the last decade is complete, wide, extremely complex, and costly to apply. There seems to be no other problem that financial markets may face in the coming decades that is not already considered in the current regulatory regime.

Add to this the implementation and compliance work related to the new regulations, not only for firms, or markets but also for authorities in charge of supervising them. The new paradigm is in place, but the compliance exercise has barely started, and it will take a long time before someone can say “mission achieved.” We have barely scratched the surface on items such as ESG (in particular, in the field of climate change), or IT in its double aspect of resilience and AI.

Also, we cannot be naïve and expect that, given where geopolitics are going, it is going to be easy to forge new international agreements. There are reasons to stay optimistic about the chances of agreements around Basel III, or IT resilience, to resist the current battered seas of international cooperation. However, to agree on new standards for current or emerging issues requires a political capital that is absent in the current world. Absent a new, massive shock, such as another crisis of a global scale as the one seen between 2007 and 2012, we should not expect new global regulatory initiatives.

And finally, some of these regulations have endured very harsh reality checks, such as the COVID-19 pandemic. The financial system seems, by far, more resilient than the one prevalent before 2007.

What does this mean in practical terms?

Even though the regulatory wave seems to be finally petering out, this may not represent a radical change for financial firms and markets. The pendulum has stopped swinging in the tougher regulation direction but does not seem to be moving in the other direction, in the deregulation direction.

For firms and markets, the harsh reality is that the rollout of the current regulatory paradigm will impose massive compliance costs. The need to verify compliance in a zero-tolerance world will mean that external parties, helping firms to deliver full compliance, will still be needed. Compliance costs, both internal and external, will continue to uptick in the next years.

The challenge for supervisors is by no means smaller. The new fields of regulation, such as operational resilience, AI, and some aspects of ESG (those related to scenario analysis), require a set of skills beyond what is currently the prevalent mix within the supervisory staff. In the short run, some shift of responsibilities to firms and their Boards can be observed, as a short-term response to the challenges of implementing the new paradigm. But in the longer term the “shift strategy” does not seem sustainable and supervisory authorities will need to up the ante and face the challenge posed by an increasingly complex regulatory paradigm.

An additional reason why the regulatory peak may not represent a radical change relates to the potential tweaks to compliance derived from the greater supervisory experience gained in the practical application of the new regulations. This may come as new sets of guidelines, supervisory expectations, or new on-site and off-site supervision tweaks, etc. As regulators gain experience with the new rules, one can expect a changing practical implementation of them.

Finally, a complex machine requires complex maintenance. We will probably not see the addition of massive new chapters to the current regulatory regime. But the maintenance, and the regulatory tweaks as we gain practical experience in the implementation of the new regulations, of such a massive set of regulations will represent a major pressure point for lawmakers, regulators, financial firms, and markets, and for the ancillary firms helping them (consultants, auditing firms, specialized third party services providers, etc.).

Summary and conclusions

Financial firms and market infrastructures are probably leaving behind the most intense regulatory process seen in the last century. The peak of new regulations is probably behind us. But we should not be naïve and expect from now onwards a constant reduction in regulation. Rather than achieving a peak, we may have just reached a regulatory platoon for the coming decades. But do not panic: firms such as Kreab will be available to help you progress through the Regulatory Altiplano.

¹ I borrow the jargon from the oil industry. As per Wikipedia, “Peak oil is the theorized point in time when the maximum rate of global oil production will occur, after which oil production will begin an irreversible decline.” In the context of this article, it means the moment in which financial regulation production will stop growing.

² For instance, in the US a regulation, known as Regulation Q, from 1933 until 1986 imposed maximum rates of interest on various other types of bank deposits, such as savings accounts and NOW (Negotiable Order of Withdrawal) accounts, and from 1933 until 2011, imposed various restrictions on the payment of interest on deposit accounts (during that entire period, it prohibited banks from paying interest on demand deposits).

³ In fact, I was the first one to use the term regulatory tsunami in a 2009 conference. As per a 2010 PWC UK material, prepared by Richard Barfield:” Brace for impact, you are not going to escape!” warned Jose Maria Roldan, Chair of the Standard Implementation Group of the Basel Committee, as he warned the 2009 Geneva Risk Minds Conference of the “tsunami of regulation” that was about to hit the banking industry.

⁴ For instance, the US Investment Banks disappeared and were either liquidated, absorbed by other banks, or transformed into chartered banks. And in Spain, a whole sector, the Savings Banks sector, was transformed into equity-based banks.