Just over a year ago, when Lloyd Blankfein, chief executive of Goldman Sachs, and Gary Cohn, the investment bank’s then president, wrote their annual message to the company’s shareholders, they talked of “pervasive uncertainty”. They cited worries about economic growth, monetary policy and investor sentiment, and wrote that the UK’s referendum on EU membership, the US presidential election and market volatility were “generating unease”.
Goldman’s 2017 letter is not out yet. Market optimism is high, but it would be hard to imagine a more comforting message this year. A lot has changed in the finance industry in the past 12 months — not least for Mr Cohn, who now acts as chief economic adviser to President Donald Trump. While the Brexit referendum and the US presidential election are in the past, the consequences of those votes are still unclear.
A year ago, financial institutions were hoping that the risks and uncertainties associated with the 2008 crisis were in the past and that a more stable period would follow. Twelve months on, they face a new series of risks.
The one causing most short-term activity is the UK’s vote to leave the EU. Many financial institutions, especially banks and insurers, have their European bases in London. They make extensive use of the EU’s passporting rules to access markets in other parts of the trading bloc, so the potential loss of those rights is causing a rethink. Many institutions are now looking for additional EU bases.
This affects banks more than insurers or asset managers, although so far few have given concrete details of their plans. HSBC says it will move up to 1,000 jobs to Paris. JPMorgan says around 4,000 jobs in the UK could be affected.
Amid the uncertainty over what Brexit will look like, most banks are planning for the worst — the complete removal of passporting rights — and setting up subsidiaries elsewhere in the EU. This will ensure that they can do business in the region after the UK has left.
“Everyone’s making contingency plans,” says Neale Stevenson, who leads the financial institutions group at insurer Beazley. “They’re hoping there’ll be enough of a lead-in time so they can make clear plans.”
© David Bromley However, there is even less certainty about the consequences of the other big change of 2016 — Mr Trump’s election as US president. This has consequences on two levels for finance companies.
The first is interest rates. Mr Trump’s promise to invest heavily and reflate the US economy has pushed up market interest rates, while the official Fed rate rose late last year and is expected to rise again imminently. That means big changes for business models that had been created with a “lower for longer” interest rate scenario in mind.
The second is regulation. Mr Trump has promised to roll back the Dodd-Frank reforms, which were created after the financial crisis to clean up the industry. Many bankers dislike Dodd-Frank and would welcome a softening of the rules, but there is no clarity about how things might pan out, making it difficult for the financial institutions to plan.
“Nothing has happened to Dodd-Frank yet,” says Mr Stevenson. “Financial institutions aren’t interested in broad-brush statements. They’re interested in the detail.”
With that detail still hazy, companies are focusing on more tangible issues. “For the past few years, the biggest thing concerning financial institutions has been investigations from regulators across several jurisdictions,” says Siobhan O’Brien, managing director at insurance broker Marsh.
Those investigations, and the fines that can sometimes follow them, have kept coming. In December, Deutsche Bank and Credit Suisse agreed to pay a combined $12.5bn to US authorities for mis-selling mortgage securities. Mr Stevenson says the process may be drawing to a close. “A lot of litigation from the crisis is done,” he says. “We must be getting to the end of what we know on conduct litigation.”
UK banks were relieved when the Financial Conduct Authority put a 2019 deadline on claims for insurance mis-selling. The bill for those claims has already reached £34bn.
But as one risk recedes, another has arrived in the shape of the threat from cyber criminals. Banks globally have been victims of cyber attacks in the past year, from Bangladesh’s central bank to Tesco Bank in the UK.
According to a Deloitte survey of 77 large financial institutions, only 42 per cent of respondents thought their company was extremely or very effective at managing cyber risk. Respondents viewed cyber security as one of the hazards that would increase most in the next two years.
“Cyber is moving further up the agenda for financial institutions,” says Ms O’Brien. “There has been a lot of press around the attacks, and the cases have highlighted the level of preparedness. There are a lot of people observing others and learning from what has happened.”
For the insurance industry, the growing number of cyber attacks is a threat as well as an opportunity. As institutions that hold a lot of customer data, insurers have to make sure their own systems are up to scratch. However, they also spot a growth market as companies of all types increase their demand for cyber insurance. The market is estimated to be growing at about 28 per cent annually at a time when other specialist insurance lines are shrinking. It is a difficult market for insurers to address, however. Underwriting generally involves assessing a wide range of data, but the industry says data on cyber attacks are patchy, and that the risks are constantly evolving.
It is not just the external environment that is changing. Internal attitudes to risk management have moved on. According to the Deloitte survey, 92 per cent of financial institutions have a chief risk officer. In 2008, at the height of the financial crisis, that figure was 73 per cent. More institutions now have board-level risk committees.
Last year one institution took a particularly novel approach to the problem. In May, Credit Suisse transferred SFr220m ($217m) of operational risk to the capital markets via an instrument it called Operational Re. It works a little like an insurance contract, with Credit Suisse paying the premium and investors providing the cover.
Operational Re covers a range of risks, from cyber to unauthorised trading to fraud and even HR disputes. It pays out only if there are multiple events. Credit Suisse has already paid for SFr3.5bn of large losses itself.
“We see capital markets as a good way to mitigate these extreme operational risks,” says Antoine de Sarrau, a director in Credit Suisse’s solutions business who helped to structure the deal.[“Source-ft”]