Tue 09 May 2017
In 93% of data breaches, the targeted systems were compromised within minutes. 83% of the time, those breaches were not discovered for weeks, leaving the attackers with plenty of time to do their damage and exfiltrate data[1]. The average consolidated total cost of a U.S. data breach in 2016 was $7 million, and the average cost incurred for each lost or stolen sensitive data record was $221[2] .
The increasing digitization of corporate assets, the proliferation of network connectivity, the disappearance of distinct corporate borders, and the increasing motivation and capabilities of cyber adversaries have transformed cyber risk from a technical consideration for a single department into a significant business risk for the whole enterprise.
In response to the evolution in the complexity of cyber risk, the National Association of Corporate Directors (NACD) released the 2017 edition of their NACD Director’s Handbook on Cyber-Risk Oversight. Their guidance consists of the following five key principles:
1. Enterprise Risk – Historically, cybersecurity has been considered an IT function; however, cyber risk oversight is a board-level responsibility, and directors need to approach it as an enterprise-wide risk management issue. Some of the highlighted areas for directors to engage management on include:
• Crown Jewels – Management should have an understanding of the organization’s most critical data assets – where they reside, how they flow through the organization, and who has access to them. This foundational understanding supports a focused and efficient protection and cyber risk reduction strategy. As part of this, management should consider not just high probability risks, but also low probability/high impact risks that would be catastrophic.
• Third Party Risk – Management should understand cyber risks present not only within their own organization’s infrastructure, but also within the larger ecosystem of partners, suppliers, affiliates, and customers within which it operates. The degree of connectivity that the organization has with third parties can increase its cyber risk exposure, as several well-known and significant breaches were initiated through third parties.
2. Legal Implications – The board and the individual directors should have an understanding of the cybersecurity legal and regulatory landscape that is applicable to the organization. This includes liability, public disclosure and reporting (e.g., SEC), information sharing, infrastructure protection, and data breach notifications. Some areas of emphasis for this principle:
• Simulations/“Table Top” Exercises – As a result of the varied manners in which company executives have handled data breaches at their organizations, it has become clear that proper incident response planning is not just a necessity for IT staff and management, but also for corporate executives and directors. Corporate brands have been impacted by unclear and inconsistent executive communication. The Handbook recommends that directors participate in simulations or “table top” exercises to become familiar with their incident response procedures and communication approach.
• Board Minutes – Formal Board meeting minutes should reflect when cyber risk issues are on the agenda or discussed, whether by the full board or key committees.
3. Cyber Expertise – While NACD research has shown that an increasing number of boards discuss cyber risk on a regular basis, it also indicates that most boards do not have an adequate understanding of it. In lieu of adding “single purpose” directors with cybersecurity expertise, boards can close this gap in other ways:
• Deep dive briefings or examinations.
• Leveraging existing independent advisors, such as external auditors and outside counsel.
• Participating in director education programs.
4. Cyber Risk Management Framework – Directors should set the expectation that management will adopt an enterprise wide cyber risk management framework with adequate staffing and budget. This is important for every organization, but particularly for more distributed and decentralized organizations to establish a consistent approach to managing risk. The Handbook states that organizations should at least consider the adoption of the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
5. Board-Management Cyber Discussions – Alignment between board and management with respect to cyber risk should be obtained by having discussions of which risks to avoid, accept, and mitigate or transfer through insurance.
Although the NACD Blue Ribbon Commission on Risk Governance recommended that risk should be a function of the full board, research indicates that over 50% of boards assign cyber risk oversight to the audit committee. Given that this is where cyber risk governance discussions with management are occurring for many organizations, the role of internal audit to provide an independent and objective assurance of cyber risk management is critical.
The Institute of Internal Auditors (IIA) has defined this organizational cybersecurity role within their “Three Lines of Defense in Effective Risk Management and Control” model. Their Global Technology Audit Guide (GTAG) Assessing Cybersecurity Risk: Roles of the Three Lines of Defense identifies the owners and cybersecurity activities for each line of defense: management, risk and compliance, and internal audit.
As the third line of defense, the internal audit role is to independently assess cybersecurity risks and controls to ensure alignment with the organization’s risk. This involves evaluating the effectiveness of cybersecurity controls in the first line of defense and reviewing the adequacy of cybersecurity frameworks, standards, risk assessments, and governance of the second line of defense.
Our experience in providing cybersecurity services to internal audit clients validates the increasing focus of boards and audit committees on cyber risk, and the increasing expectation that the internal audit function will provide appropriate coverage of cyber risk. This has been manifested in:
• Increasing audit committee reliance on existing providers such as external auditors and outside legal counsel.
• Increasing collaboration between the three lines of defense to obtain proper cyber risk coverage.
• An increasing percentage of cybersecurity related audits within the annual IT audit plan.
• A significant number of internal audit departments that achieve cyber risk coverage by leveraging the services of cybersecurity service providers.
• Depending on the overall organizational size and structure, there is sometimes a blurring between the second and third lines of defense, with internal audit assuming some of the more traditional second line functions in order to achieve appropriate organizational cyber risk coverage.
Some of the more typical internal audit cybersecurity coverage can be grouped into the following categories:
• Cyber Risk Management – A cyber risk management framework is a key governance component that enables an organization to evaluate organizational cyber risks to identify areas that need to be addressed either through mitigation or transference. There are different models, but most consider some sort of intersection of threats, vulnerabilities, and asset value to determine qualitative or quantitative risk. This is a strategic function that is intended to direct and evolve the organization’s cyber protection efforts, and is typically a function of the second line of defense.
• Cyber Control Framework – A cyber control framework is a prioritized set of practices typically consisting of people, process and technology, that are intended to protect against an organization’s cyber threats. The control framework can be continually adjusted to evolving risks through the cyber risk management process, and provides a link between risk management and operations. Internal audit coverage in this area can help answer common audit committee/board question, “Do we have the right controls in place to manage risk moving forward?”
• Technical Cybersecurity Assessments – These assessments are performed largely to identify current vulnerabilities within the IT infrastructure, and can include vulnerability assessments, penetration testing, web application security assessments, wireless security assessments, and social engineering. They are essentially point-in-time assessments that can help answer the common audit committee/board question, “What are our current cyber risks?”
• Cybersecurity Operations – Cybersecurity operations consist of the people, processes, and technologies that are in place to manage cyber risk within the IT infrastructure, and typically reflect the implementation of the cyber control framework. Examples of such operations include IT asset management, patch management, threat and vulnerability management, malware protection, logging and monitoring, and cybersecurity assessments. Depending on scope, an audit of the cyber control framework can provide some coverage of cybersecurity operations. However, some situations may warrant a deeper dive into a particular operational area, such as the implementation of a new process or tool.
• Cybersecurity Compliance – Depending on the business and industry, an organization may have to comply with various governmental or industry regulations, such as FFIEC, HIPAA, and PCI DSS. Failure to comply with such regulations can result in considerable organizational impact – both direct ones such as fines and penalties, and indirect ones such as reputational damage. Internal audit coverage of these areas can provide an independent perspective on compliance, potentially identifying gaps that can be addressed prior to any regulatory body audit.
• Data Protection – A foundational issue for properly aligned cybersecurity is organizational knowledge of the entry points, flows, and storage locations of sensitive data. Such knowledge enables not only the implementation of direct protective controls, but also the prioritization of actions within the cybersecurity operations. Incorporating the processing or storage of sensitive data as an attribute within IT asset criticality supports prioritization of other actions such as patching, vulnerability remediation, and monitoring and response. Internal audit coverage within this area could include data classification, sensitive data inventory, data protection mechanisms such as access management and data leakage prevention (DLP), and IT asset management integration.
• Cyber Resilience – Internal audit functions have traditionally focused on preventive measures and controls. However, the increasing frequency and impact of data breaches and cyber incidents have shifted the cyber risk management paradigm to include quicker detection of incidents and breaches and effective organizational response. The internal audit function must mirror this paradigm shift in its cyber risk audit coverage to provide independent assurance and/or improvement opportunities in incident detection and response and, more broadly, cyber resilience.
An important consideration across all of these internal audit cybersecurity areas is for the Chief Audit Executive (CAE) to establish highly collaborative and productive relationships with the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) outside of the performance of cybersecurity related audits. This will promote the alignment of organizational cyber risk management views and help establish internal audit as a trusted cybersecurity advisor.
[1] 2016 Verizon Data Breach Investigations Report
[2] 2016 Ponemon Cost of Data Breach Study: United States
Want to get notified when new blog posts are published?
Subscribe
We have identified and ranked the key risks for financial services business leaders in 2024 based on market research, regulatory insights as well as our assessment of the current difficulties facing firms. We discuss in this article the key takeaways for you and your organisation. A more detailed assessment can be found here, which contains […]
On 29 June 2023, the European Union’s (EU) Markets in Crypto Assets Regulation (MiCA) entered into force. It is being implemented in stages depending on the provisions, between June and December 2024. The regulation, which provides clearer rules for crypto-asset service providers and token issuers, is much needed for this fast-changing industry. The rapidly approaching […]
We have identified and ranked the key risks for financial services business leaders in 2024 based on market research, regulatory insights as well as our assessment of the current difficulties facing firms. We also highlight the changes in risk rankings compared to last year, justified by global events and new regulations that have surfaced in […]
The widespread use of working from home (WFH) during the pandemic, regardless of sector or geographical location has required organisations and their information systems (IS) management to be very agile in deploying or increasing their capacity for remote collaboration. Some institutions were already prepared – for example, following the wave of strikes at the end […]
Digital transformation has expanded the need for security, continuity and resilience. Today’s business must embrace an enterprise risk management strategy that includes legal, regulatory and political considerations. Enterprises today face a significant level of security challenges across their organizations. IT is no longer a secondary priority; it is now at the very heart of the […]
The Eurofi financial forum is a setting for exchanges between European Union (EU) economic and financial regulators and senior financial sector executives from the industry. It occurs bi-annually alongside the Economic and Financial Affairs Council configuration (ECOFIN) meetings. This summary takes stock of the Eurofi discussions, as well as recent publications by the EU Commission […]
DORA (the Digital Operational Resilience Act) is the key regulatory outlook for IT and Cyber risk between now and 2025. The European Supervisory Agencies have sought to strengthen the resilience of institutions by emphasising the need to evolve the approach to operational risk management, of which information and communication technology risks are a part. DORA […]
The IIF Annual Membership meeting is a setting for insights and perspectives from global financial regulators and senior financial sector executives on topical economic and regulatory issues. Being a forum with global coverage means that it is a valuable setting for picking up future economic and regulatory directions. A packed agenda under the theme of Building […]
The regulatory requirements for insurance companies are becoming increasingly complex. In this interview, Marc Böhlhoff and Thomas Volkmer, Partners at Mazars in Germany, discuss the impact of this change on the industry and delve into what it means for the operations of auditing and consulting firms. Mr. Volkmer, the insurance industry is undergoing rapid change. What […]
Since the onset of 2023, regulatory news has been adorned with the latest European legislation, under the acronym DORA, adopted on 10 November 2022 by the European Parliament. Standing for the Digital Operational Resilience Act, it will apply to the members of the European Union from 2025, and concerns companies in the financial sector specifically. […]
The Single Resolution Board (SRB) convened its annual conference on 13 February 2024 with a theme highlighting the focus for the year: ‘The road ahead: risk, readiness and resilience’. While significant strides have been made with the EU banking resolution framework and tools, the SRB’s Chair Dominique Laboureix recalled this is not the end of […]
Last October, the European Central Bank (ECB) initiated the preparation phase of the Digital Euro project, following two years of investigation and a proposal on the establishment of a digital euro published by the European Parliament (EP) in June 2023. In January, the ECB began seeking potential providers to develop a digital euro platform and infrastructure […]
Mazars recently hosted a Financial Services INED Roundtable Dining Event in Dublin[1]. Over 50 financial services independent non-executive directors (INEDs) attended, from banking, asset management, funds and insurance entities operating across the EU and UK. The roundtable focussed on the challenges facing INEDs in the current unpredictable macroeconomic environment. The new and emerging risks and […]
DORA is a legislative proposal that aims to improve the digital operational resilience and ensure the performance and stability of the financial system of the member countries of the European Union in the face of the risks associated with ICT (Information and Communication Technology) in the financial sector (cyber-threats, cyber-attacks). The DORA requirements will apply […]
The European Central Bank (ECB) issued the SSM supervisory priorities for the 2024-2026 cycle on 19 December 2023. They sum up what institutions under the direct supervision of the ECB should expect in terms of areas of supervision, in 2024 notably, and allow firms to prepare themselves for forthcoming onsite inspections or thematic reviews. Please […]
Could the transition period towards the new alternative Risk-Free Rates (RFRs) be more complex than initially envisaged? The speech given by Edwin Schooling Latter, Director of Markets and Wholesale Policy at the Financial Conduct Authority (FCA), on the 28 January 2019, suggests this might be the case. While Mr Latter re-affirmed that the key focus […]
In recent years, we have seen a tremendous surge of interest in measuring and managing operational risks, both as a result of regulatory developments in corporate governance and capital adequacy, as well as due to a growing realisation that an enterprise-wide view of risk management is simply good business (those familiar with ISO9001 Quality Management […]
Because of its importance in society, the insurance industry has always faced a considerable amount of regulatory requirements at the national (BaFin) and international (EIOPA) level. Although this is generally something to be welcomed, this also presents a range of different challenges – not least because the regulations have indirect effects and unintended side effects. […]
Because of the 2008 financial and economic crisis, banks have accumulated billions of non-performing loans (NPLs) on their balance sheets. Even 10 years after this major economic event, the situation is not yet back to normal in some countries. In the European Union, and in the Eurozone particularly, NPLs are a real concern as they […]
Big data analytics is one of the most discussed topics in the world of finance. Application of these methods has led to better assessment of credit quality, improved pricing of insurance contracts as well as automation of client interaction. Processes that were previously cumbersome, such as customer on-boarding, have been streamlined and their costs drastically […]
Fintech is prominent in today’s business lexicon, having migrated from the back office to a prominent position in both consumer and commercial finance. Its core functionality on mobile devices and wide application in artificial intelligence (AI) spans blockchain, smart contracts, banking, insurance, regulation and cybersecurity. And Amazon Web Services (AWS), a major cloud player, is […]
The whole financial system relies on reference interest rates, more precisely on InterBank Offered Rates (IBORs) whose integrity and reliability have raised some concerns since the 2008 financial crisis and the LIBOR manipulation scandal. These IBORs are used to determine the unsecured short-term funding cost in the interbank market for a combination of currencies, tenors […]
With a portfolio in excess of €1300 billion in 2017, euro savings are firmly established as the preferred life-insurance product for people in France, thanks to their threefold benefits of guaranteed capital, attractive returns and instant liquidity. However, recent financial and regulatory developments raise questions as to the legitimacy of this product in the savings […]
3 Questions to Mister Doe When it comes to the administration of dormant bank accounts and unclaimed life policies, the quality of data, the inflexibility of internal procedures and complex processing is causing banks and insurers big problems. Vladimir Nguekam, CEO of digital analytical firm Mister Doe talks to Mazars about how taking a digital approach […]
Mass data… The real estate sector is gradually going digital, and recent constructions now incorporate equipment and connectivity to allow both use and maintenance to be optimised. However, as the renovation of the stock is naturally slow, the majority of these assets are not “connected”. Nevertheless, a great deal of data is available and constitutes […]
Non-performing loans (NPLs) remain at the forefront of the European regulatory agenda, with two major consultations run by the European Central Bank (ECB) and the European Commission (EC) over the recent weeks, both in relation to the introduction of minimum prudential backstops. NPLs, a longstanding hot topic in Europe In the aftermath of the great […]
Robotic process automation (RPA) is software that sits on a PC or workstation and is programmed to mimic the activities that a member of staff would perform. It will open applications, copy and paste data, and follow predefined rules. A robot will complete activities three to five times faster than a person. Customer satisfaction can […]
With significant IBOR reform on the horizon, Mazars brought together industry experts, practitioners and regulators to discuss the challenges and opportunities they face. Speakers included the Bank of England Market Division’s Alastair Hughes, EFRAG’s Didier Andries and Mazars’ IBOR lead, Pauline Pelissier. From a comprehensive and illuminating session, Pauline sums up the key takeaways: “What […]
With little more than two years to go, Libor’s cessation date continues to near. The voluntary agreement of panel banks submitting to Libor will conclude at the end of 2021, from which risk-free rates (RFR) are expected to replace Libor and similar indices. Are corporates paying enough attention to Libor updates? Libor’s cessation should be […]
Financial market participants – at least the largest ones – are actively preparing for the expected discontinuation of the London Inter-Bank Offered Rate (LIBOR) after 2021. Transitioning towards a LIBOR-free world is a challenge that requires the involvement and coordination of the whole industry in order to find appropriate solutions to replace the 35 different […]
With Libor’s cessation date at the end of 2021 looming, global regulators are hastening their IBOR fallback strategies. Yet while market momentum has increased for multiple published RFR indices, among them the GBP SONIA, the EUR €STR, and the USD SOFR, Asian economies, some of which rank among the world’s largest, continue to lag. While […]
Since the 2008 crisis, the financial sector has been under scrutiny. Identified as one of the crisis root causes, the importance of risk management framework and risk culture and its interconnectedness to ensure the long run financial stability of each organisation has been revealed. Accordingly, institutions are expected to develop an effective risk management framework […]
Since Libor was first used in financial markets in 1986, it has become the foundation of the global interbank funding market. However, regulators ruled that Libor’s volatility during the last global financial crisis (GFC) and a rate-rigging crisis in 20121 involving the world’s largest banks exposed a fundamental weakness with the rate’s publication methodology. Yet, […]
The expected 2021 disappearance of LIBOR requires robust fallback language for cash products and derivatives alike. Industry associations have taken initiatives to reform the historic fallback language of securities, with ISDA proactively leading the way on derivatives and national working groups proposing enhancements for cash products. While the derivatives market is expected to be harmonized […]
As we continue to feel the effects of the global pandemic, the banking sector, like many other sectors, now faces unprecedented uncertainty about the economic outlook ahead. While banks go into this pandemic in a stronger position than the global financial crisis of 2008, the current environment presents particular challenges and disruption to standard accounting […]
The Alternative Reference Rates Committee (ARRC) continues to support market participants in their efforts to transition from USD London Interbank Offered Rate (LIBOR) towards the Securities Overnight Reference Rate (SOFR). Following the Financial Conduct Authority’s (FCA) March 2020 statement that the expected LIBOR cessation deadline remains unaltered – i.e. end of 2021 – ARRC published […]
A raft of recent consultations on Ibor reform indicates that we may finally be making some progress. We have seen the International Swaps and Derivatives Association (ISDA) issue another round of consultations for Inter-Bank Offered Rates (IBORs) trying to solve the issue of the spread and term adjustments in fall-back for derivatives referencing IBORs and […]
The lines between financial services and high technology are becoming increasingly blurred. Four major technological changes will disrupt financial services in the years ahead. In this article, written by the Economist Intelligence Unit and sponsored by Mazars, we are discussing how technological disruptors are impacting the global financial services industry. We review how C-suite financial services executives, […]
As chief risk officer and executive committee member of Atlas Insurance PCC, Ian-Edward Stafrace is passionate about effective enterprise risk management and seeking opportunity from risk. Here Alan Craig and Enrico Federici of Mazars in Malta, talk to him about technological, regulatory and business model changes and how protected cells are enabling innovation. What do […]
At a time when the European Banking Authority’s stress tests have provided valuable insights into the solvency levels of European banks, these banks are continuing their efforts to formalise the conceptual and operational framework of risk management. While changes in capital requirements (the Basel Pillar 1 quantitative requirements) still command the attention of bankers and […]
A series of initiatives designed to help combat terrorism financing have put electronic payment cards in the spotlight due to the fact they guarantee anonymity in the use of small sums. Announced on 23 November 2015, these initiatives supplement the action plan for combatting the financing of the terrorism presented by the Minister on 18 […]
Banks prepare for the reinforcement of prudential supervision via the Single Supervisory Mechanism (SSM). After successive waves of new regulatory requirements in recent years, the outlook for the calculation of risks and Pillar 1 capital requirements is becoming clearer. At the same time, whereas the implementation of these new requirements has and continues to mobilise […]
Digitalization poses many challenges for AXA Assistance as well as bringing great opportunities. Alexis de Schonen, Digital Transformation and Strategy Director, and Roman Puszka, Chief Compliance Officer and Data Privacy Officer, discuss this issue. Does digitalization play a central role at AXA Assistance? And if so, which one? Alexis de Schonen : Digitalization is the […]
By 2025, The Wall Street Journal ([1]) estimated that Generation Y, also known as Millennials, would represent nearly half of the total active population in the world. The challenge for banks is to adapt their strategy to match Generation Y consumer habits and behaviours. Unlike previous generations, Millennials have the increased ability to choose between […]
Confronted with legislation that is becoming increasingly constrictive, banks must optimize the management of their data. It’s a challenge that is compounded by the fact that data is often dispersed throughout information systems – a fact that aggregators are capitalising on to offer new multi-bank applications. Banks have a role to play in detecting abnormal […]
The arrival of technology has been a game changer for Ireland’s banking industry. Niall O’Grady Commercial Director of permanent tsb (PTSB) talks to Liam McKenna Partner Consulting Services – Mazars Ireland, about how the bank is using digitalisation to create more meaningful relationships with customers. Liam McKenna: Where does technology fit into PTSB’s proposition – as an […]
The number of electronic money players in the European market has increased in recent years, from 4 in 2010 up to 48 in 2014*. Add to this the fact that numerous players beyond the banking world have also created their own electronic money institutions, including Leetchi, Google and Amazon and the sector is now seen […]
Thanks to Advanced Analytics, insurance providers can bring claims management into a new era by combining automatic processing of large volumes of data with human expertise. Analyzing data in order to optimize the claims processing chain is not a new phenomenon for insurance providers, notably in the field of health care. The health care sector […]
Cyber attacks aren’t just getting more frequent, they are also becoming significantly more vicious and sophisticated. According to the latest figures from the Ponemon Institute, the average cost of a data breach has reached nearly $6.5 million in the US, alone. Yet today’s cyber attacks have far-reaching negative impacts that continue to ripple outward long […]
New York Department of Financial Services (DFS) has significantly raised the bar for cybersecurity programs, releasing regulations on September 13, 2016 slated to go into effect on January 1, 2017. The regulation will affect all entities with a DFS “license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law […]
With Solvency II fully in force, the insurance industry has entered a new phase of transformational development. For many insurance companies, Solvency II has provided the opportunity to make better sense of risk and yet, insurance companies continue to operate using risk management programs that have not evolved and may not protect them from the […]
The unique business transformation attached to the digital era requires companies to respond with velocity. New systems integrating core transactional assets with mobile and social media have to be used – implying their ability to face volume. Moreover those new systems need to manage enriched operational reality and risks. Laurence Malroux, CEO and President of […]
The European Central Bank (“ECB”) recently launched public consultation on guidance to banks on non-performing loans (“NPL”). Consultation periods runs until 15 of November 2016. As NPL harms the profitability, funding and capital of banks and more globally the real economy, the ECB issued this guidance, aiming to achieve common practices for how to handle […]
Non-Performing Loans (NPLs) are a key issue and will continue to be on the European agenda as a top priority for a long time. On the one hand, the ECB guidelines are already applicable, as they represent a best practice reference for the day-by-day work of the Joint Supervisory Teams. On the other hand, the […]
Cyberattacks aren’t just getting more frequent, they are also becoming significantly more vicious and sophisticated. The majority of today’s data breaches result from human error, making cybersecurity a “people problem” as well as a technology issue. The solution to this people problem can’t be solved by purchasing new hardware or software or implementing sophisticated network […]
We look at the rise of ‘robostocks’ and algorithmic trading, and consider the repercussions on financial markets. An old investment adage mockingly states that “a failed trade becomes a long term investment”. The idea behind it is that if a security is bought and underperforms, investors tend to keep it until it eventually becomes profitable, […]
There is a clear pipeline of jumbo disposal Non-Performing Loans (NPLs) in Italy, thanks to the ECB push, however vendors will need to take into careful consideration a few factors in their decision, such as recent regulatory reforms of insolvency and foreclosure and a possible EU bad bank. 1. ECB Push Europe’s NPL assets are […]
Impacts from the COVID-19 pandemic have reverberated across every part of the global economy. Small businesses are struggling to pay their employees, banks are grappling with collapsing local economies, and many borrowers across the nation cannot meet their monthly mortgage payments. Banks will play a critical role in supporting their communities through this crisis, and […]
Personal data security is increasingly important, but many companies may not be ready to comply with the EU’s tough new data protection laws, which must be implemented by May 2018. All EU businesses that handle data will have to comply with the General Data Protection Regulation (GDPR), which will require investment in systems and training […]
Measuring banking risks is a difficult exercise, but striking a balance between simplistic and overly complex measurement techniques is the key to accurate risk measurement. This was the substance of the European Central Bank’s (ECB) Chair of the Supervisory Board, Danièle Nouy, in a speech at the Austrian Chamber of Commerce in Vienna, on 2nd […]
In this podcast Greg Simpson discusses cyber security with our expert Francisco Sanches. They discuss major threats such as emerging risks, FCA guidance on cloud data storage and the cyber security skill gaps to name a few. Podcast player
The Risk-Free Rates Working Group (RFRWG) published an update on the impact of COVID-19 on the timeline for firm’s plans to transition away from GBP LIBOR on the 29th April. While the central assumption of LIBOR’s publication being ceased after the end of 2021 remains intact, the Working Group has amended the timeline for the […]
In a series of articles aimed at promoting debate on the evolution of international tax regimes, Michael Lennard, Chief of International Tax Cooperation and Trade in the Financing for Sustainable Development Office (FSDO) of the United Nations, discusses the tax-related challenges governments, professionals and practitioners face. Following on from the first article on this topic, […]
With COVID-19, being declared a pandemic on March 11, 2020, financial institutions have had to shift most of their resources to mitigate the risks that have arisen. This has adversely affected important activities, one of which is market participants’ efforts to detach from LIBOR before its cessation at the end of 2021. As a result, […]
Since the Covid-19 pandemic, post-model adjustments1, or management overlays, have become an increasingly common and accepted mechanism used by banks to manage expected credit losses (ECLs). The number of post-Covid unprecedented events related to the war in Ukraine, energy crisis and global economic uncertainty has raised a number of questions relating to the consistency and […]
The global climate crisis has triggered the financial sphere to address the way in which it conducts business. Climate risk consideration is currently growing in the banking industry but should also be considered by banks in the Credit Valuation Adjustment (CVA) when pricing derivatives. The credit risk for long dated derivatives (beyond 10 years), reflected […]
“I see digital as the future of finance”. These are the words of the Executive Vice President of the European Commission (EC), Valdis Dombrovskis, voiced in the summer of 2020. He has undoubtedly been proven right as governments and central banks around the world have heightened their efforts to keep oversight of the digital transition […]
The rapid collapse of one of Switzerland’s most emblematic banks, following the demise of tech lenders on America’s west coast, has raised concern over banking stability. What are the consequences for the sector, the economy and for society? Gregory Marchat, Global Head of FS Advisory, and Emmanuel Dooseman, Global Head of Banking and Capital Markets, […]
The European Commission published on 18 April 2023 a new legislative package aiming to adapt and strengthen the framework for crisis management and deposit insurance (CMDI), with an acute focus on small and medium-sized banks. This proposal, which follows the announcement of the Eurogroup finance ministers inviting the Commission and the European co-legislators to review […]
New measures to combat money laundering and terrorist financing The European Parliament has adopted a set of stringent measures to strengthen the fight against money laundering and terror financing, alongside circumventing sanctions within EU. These regulations are presented by EU in the form of a “legislative package” comprising three key measures which provide various practical […]
With the approaching end of the investigation phase of the ECB’s digital euro project in October 2023, and the expectance of a decision on starting a realisation phase by the end of this year, the pros and cons of a potential digital euro have been widely discussed in the past months. The topic became even […]
ACPR publishes report on automated AML/CFT transaction monitoring systems In 2022, the ACPR conducted a comprehensive thematic review, focussed on the automated systems utilised by the entities under its supervision. This entails entities implementing their obligations in terms of transaction monitoring. The primary objective of this review was to assess the efficiency of the operation and […]
Revised list of uncooperative countries and territories for tax purposes published by the European Council The list of uncooperative countries and territories about tax is an important part of the external tax strategy of the EU. Globally, this strategy intends to contribute to the ongoing efforts to advance good governance practices in the tax domain. […]
A recent major board reshuffle in one of Europe’s largest listed investment companies has focused attention on private investment valuations. It follows concerns raised by an ex-director over the robustness of the directors’ processes for approving investment valuations. The issues primarily question whether the Board of Directors has sufficient training and experience and whether governance […]
Despite banks emerging from the Covid-19 crisis in reasonably good health, the war in Ukraine combined with a global energy crisis and an uncertain economic landscape have once again put the spotlight on credit risk exposures. To better understand credit risk trends, Mazars conducted an analysis of 26 banks in 11 European countries in May […]
For several months now, we have been in an economic and financial environment that we have not seen for some years. In May, inflation in the Eurozone reached 8.1%, with six countries exceeding 10%, while the United States recorded an 8.6% year-on-year price increase. The short-term reasons for the return of inflation are well known, […]
Under IFRS 9, forward-looking information is a key component of Expected Credit Loss (ECL) calculations. However, forward-looking information requires a significant level of judgement, making comparisons difficult to navigate. Indeed, similar to the use of post-model adjustments, forward-looking scenarios have also been reported by stakeholders in the context of the IFRS 9 impairment post-implementation review […]
The Basel Committee on Banking Supervision (BCBS) and Financial Stability Board (FSB) published reports in October 2023 on the causes and lessons learnt from the Spring 2023 banking turmoil. The BCBS report provides an assessment of the causes of the banking turmoil, the regulatory and supervisory responses, and the initial lessons learnt. The FSB report […]
While the banking sector has shown resilience over recent years, the economic environment and geopolitical situation remain tense. So, what does this mean for risks to the banking sector? More specifically, what is the impact on capital requirements for banks with the implementation of the Capital Requirements Regulation (CRR3) and the Capital Requirements Directive (CRD6), […]
There are increasing regulatory expectations globally for financial institutions to disclose and demonstrate how sustainability-related responsibilities are allocated within the organisation. In this respect, the increasing global trend towards mandatory sustainability disclosure frameworks continues to underscore the significant role that the finance function is anticipated to assume in sustainability. It’s a trend reflected in Mazars’ […]
There is growing pressure for banks and insurers to incorporate C&E factors in their risk management frameworks (RMF). As a practice, it gives the ability to set clear thresholds for the climate impacts banks and insurers are willing and able to absorb. By establishing these thresholds, firms can effectively monitor their exposure to C&E risks, […]
The integration of environmental, social and governance (ESG) considerations into strategic planning is increasingly becoming a common practice among financial services firms. However, climate-related risks can also serve as drivers of financial risk for institutions. These risks can manifest through various transmission channels, translating climate and environmental (C&E) risks into more conventional categories such as […]
In environmental, social and governance (ESG) reporting, materiality is crucial for enhancing transparency and accountability in sustainability and climate-related disclosures. Importantly, it helps identify and report on matters that are deemed significant, emphasizing their relevance to stakeholders. Materiality comes in various forms. Financial materiality focuses on sustainability issues impacting financial performance, aligning with annual financial […]
In late 2023, and to coincide with COP 28, Mazars published its latest Sustainability practices survey on the progress banks and insurers have made in embedding sustainability into their businesses, our most comprehensive and information-rich report to date covering 404 executives in banks and insurance companies in 16 countries Despite sustainability being in the limelight […]
In January 2024, the European Central Bank (ECB) published its Climate and Nature Plan for 2024-2025. This plan aims to: This plan underscores those financial risks stemming from climate change remain a key area of attention for the ECB. The ECB will continue working on several topics including stress testing, scenarios and climate-related data, and […]
In the contemporary landscape of insurance, the business model of open insurance, characterised by the strategic opening of insurers’ resources to external collaborators, has been a focal point of discussion. Unlike the banking sector, where regulatory mandates such as the Payment Services Directive (PSD2) of 2018 have compelled the development of open banking practices, insurers […]
Following Russia’s annexation of Crimea in March 2014, the United States (US) and the European Union (EU), together with other countries, imposed mainly economic sanctions on Russia. Since Russia’s recognition of the self-proclaimed autonomous republics of Donetsk and Lugansk, followed by Russia’s attack on Ukraine on 24 February 2022, these sanctions have taken on new […]
Central Bank Digital Currencies (CBDCs) continue to receive increasing attention not only from the ECB but all over the world. So far, 10 countries [1] have already deployed CBDC programmes with another 15 countries [2] currently conducting pilot programmes. In total, 105 countries are considering using CBDC programmes, representing over 95% of global GDP and […]
One of the major challenges of IBOR transition is the availability of historical data on alternative risk-free rates (RFRs) required to implement interest rate model changes or re-calibration. With the Secured Overnight Financing Rate (SOFR) only published since April 2018, the available time series do not provide enough observations for risk modelling. Adding to that, […]
The Targeted Review of Internal Models (TRIM) was one of the largest projects by the European Central Bank (ECB) aimed at identifying potential sources of unwarranted or non-risk based variability in Significant Institutions (SIs) risk-weighted assets (RWA) from the use of Pillar 1 internal models such as Probability of Default (PD), Loss Given Default (LGD) […]
The revised market risk framework – also known as the Fundamental Review of the Trading Book (‘FRTB’) – not only impacts an institution’s regulatory capital charge calculation for market risk, but also affects operational, governance and business strategies. FRTB brings significant change. With the aim of harmonising capital standards for market risks across jurisdictions and […]
An important milestone in the IBOR transition is the change in rates used by LCH and CME for discounting and Price Alignment Interest (PAI) calculations for USD OTC cleared swaps. Indeed, on October 16, 2020, they moved from using the daily Effective Federal Funds Rate (Fed Funds) to the Secured Overnight Funding Rate (SOFR) for […]
There is little doubt that Covid-19 has had a significant impact on insurers, but there were already factors in play that were adding pressure on the insurance industry. What covid-19 has done is to create new challenges, as well as bringing existing challenges to the foreground. Looking ahead, the actions insurers take now to deal […]
One of the anticipated challenges in the transition from IBOR rates to risk-free rates (RFRs) is the management of its impact on quantitative models. The ones currently used for pricing IBOR-linked financial instruments account for term rates which are “forward-looking”. The RFRs replacing the IBORs are all overnight rates. This means that a term rate […]
In a series of articles aimed at promoting debate on the evolution of international tax regimes, Michael Lennard, Chief of International Tax Cooperation and Trade in the Financing for Development Office (FfDO) of the United Nations, discusses the tax-related challenges governments, professionals and practitioners face. In the first of this two-part article, Mr Lennard expresses […]
Facebook’s ambition to create a transferable global digital coin between users on the social media giant’s messaging platforms WhatsApp and Messenger has been controversial from the outset. Perhaps not surprisingly, the backlash from regulators around the world was substantial from day one. The world’s leading economies were less than enthusiastic of the possibility of a […]
With more than half of the world’s fastest-growing economies located in Africa1, the continent’s economic outlook is a positive one. Average annual GDP growth since 2000 is over 5%, placing Africa as the second-fastest growing economy behind Latin America. Real GDP growth, estimated at 3.4% for 2019, is projected to accelerate to 4.1% in 2021. […]
While digital transformation has been disrupting all business sectors for many years, 2020 will be remembered for its particular impact on real estate administrators. A third of French respondents believe that artificial intelligence can be more efficient than a real estate agent. Moreover, 40% of those under 50 years old are convinced that the property […]
Over the past decade, the financial services industry has been disrupted by the arrival of new players whose rise to prominence has pushed traditional banks – previously faced with little competition – to transform themselves. In this context, technology and innovation, particularly 5G, will allow the most skilful and agile banking organisations to take advantage […]
Click here to read ‘Key takeaways & industry challenges following the ECB TRIM project – a focus on credit risk (Part 2)’ As articulated by the ECB in its recent TRIM reporting, the 236 findings cover different key aspects of supervised entities Internal Model Method (IMM) models & frameworks. Remediation actions are underway in all […]
The digitalisation of banking processes and the introduction of AI-led technology impact the central and strategic role of information systems within the banking system. The growing use of information and communication technology (ICT) exposes all financial institutions to an increasing level of digital risk that could weaken their operational resilience, in particular, due to more […]
The war in Ukraine, as well as the unprecedented sanctions imposed by the European Union, the United States and their partners against Russia have had major consequences for financial services institutions. For foreign companies operating in Russia or Ukraine, the first concern was the safety of their staff. They had to make difficult choices to […]
Brexit, or the UK’s departure from the European Union, became a reality on 1 January 2021. In terms of the regulatory impact for the financial sector, and the banking sector in particular, the UK being a third country, UK banks can no longer benefit from the European passport for their continental activities. Therefore, they can […]
With the current ultra-low interest rate environment and market volatility having a negative impact on banks’ returns and, ultimately, their capital positions, operating models must quickly adapt and become more cost-efficient to maintain profitability. This drive for cost-efficiency has become more apparent as innovation in technology and ongoing digitalisation have further upended traditional banking systems […]
Local and international trends have transformed the way banks operate, affecting their capital positions and profitability. In particular, ongoing digitalisation programmes and technological innovation continue to add pressure on traditional banking models, including the supply chain. While management’s focus on capital preservation, profitability and growth for shareholders remains, risks from an operational perspective have intensified. […]
The identification and management of non-performing loans or NPLs as early as possible by banks are among supervisors’ current high-level priorities. Indeed, when prudential, monetary, and fiscal crisis mitigation mechanisms are tapered, the weakening of borrowers’ creditworthiness could materialise, along with increasing credit risks and therefore NPLs. This expected rise of new NPLs in European […]
The Covid-19 pandemic has amplified technology’s impact on the banking sector, helping to prove that technology now stands at the core of business sustainability for banks. In their constant search for convenience, digitally-savvy customers have pushed banks’ focus towards providing global business solutions more than ever. A new normal has emerged: an environment where banks’ […]
Like all industries, the real estate sector has to implement a range of legal, technical and organisational measures to protect the personal data of its employees, customers, prospects and suppliers. Processing must comply with several regulations related to data protection, including, for example, the General Data Protection Regulation (GDPR), applicable since 25 May 2018. Same […]
The invasion of Ukraine by Russia on 24 February 2022 is considered the most significant geopolitical event since the Second World War. While there is no question of military intervention by the European Union (EU) at the moment, the EU has nevertheless decided on a major package of sanctions that will have a heavy impact […]
As a setting for exchange between European Union (EU) economic and financial regulators and senior financial sector executives from the industry, one of the world’s largest financial services conferences, Eurofi, took place in Paris in February. Established in 2000, the Eurofi meetings occur bi-annually* alongside the Economic and Financial Affairs Council configuration (ECOFIN) meetings. The […]
Since the European crisis management framework was established in 2014, there have not been many failing banks in Europe. However, the recent global health pandemic, combined with the ongoing conflict in Europe between Russia and Ukraine, could easily change this. The EU crisis management framework was established in response to the global financial crisis and […]
Regardless of geography or business sector, many groups and companies have taken out cybersecurity insurance policies in recent years. These policies cover companies against new threats to information systems, including ransomware and data theft incidents that have been making the headlines. For a long time, the risks identified in these policies were on the borderline […]
Financial Technology (“Fintech”) companies have kick-started a revolution in the payments landscape. Using state-of-the art technology, fintech companies are transforming how payments are transacted and processed. Banks and traditional payment providers are having to entirely rethink their approach to how they interact with innovations in order to stay on top of their game. Technological change […]
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.