The end of the year is the time where companies and individuals reflect on the past 12 months and look forward to the year ahead. It seems regulators are no less different, as seen in the recent publication of the UK regulatory initiative grid for 2022, published by the Treasury and the UK's financial services regulators. 

Its publication is part of the continuing approach where the regulators collaborate on their numerous initiatives, helping institutions better understand the tempo and timings of these requirements. Previously, regulators typically proceeded under their own steam, with little reference to each other's priorities. This placed the onus of mastering new regulatory developments on to the shoulders of operational, risk and compliance teams at regulated institutions. Given the near-constant stream of announcements in response to changes in the markets, the economy and technology, this coordinated approach remains a welcome development for everyone.

The developments highlighted in the regulatory grid cover a broad range of issues. Appropriately, post-COP26, initiatives around climate financial risk and green investments loom large. Equally, the transformation of data collection, building on the foundations of digital regulatory reporting. LIBOR transition remains a significant theme too, as does reviewing the prudential regulatory framework of smaller, non-systemic banks.

Operational Resilience
One issue that continues to gain momentum centres on operational resilience. This has been a common theme for the last three years, with the first compliance dates for those institutions directly impacted coming in March 2022. Operational Resilience falls into two parts: internal operational resilience, and the resilience of third parties that form the supply chain to banks and other financial institutions. It seems that the resilience of third parties will be an area of focus for regulators next year.

One initiative is the potential introduction of a dedicated portal, managed by the regulators, which will capture the nature and detail of the third-party relationships that are essential to banks, whether they be Cloud Computing service provers, credit reference agencies or payroll service providers for example. The outcome of a consultation document, scheduled for H1 2022, should complement the information captured in a routine compliance review conducted by regulators. While the consultation process will get a range of feedback, it is clear that regulators will want greater visibility of the supply chain of financial institutions.

Third-Party Risk Management (TPRM) systems
One implication of this development is likely to mean that banks will need to have exceptionally good Third-Party Risk Management (TPRM) systems and processes in place to ensure they remain a step or two ahead of their regulator at least when supply chain issues emerge.

Another initiative highlighted in the 2022 grid is a consultation paper looking at how a third-party incident register can help regulators with an enhanced visibility of third-party issues and their impact on institutions and the wider sector. While still at the consultative stage, this again highlights the desire of regulators to involve themselves in the detail of how institutions rely on third-party relationships, and the impact of issues when they occur. Concentration risk and systemic risk issues are likely to be front of mind too, as institutions often use similar applications and service providers to deliver key services.

Critical Third Parties (CTPs)
There is also going to be a discussion paper, published jointly by all the UK regulators, to discuss how best to regulate Critical Third Parties (CTPs) who provide services to regulated firms. It will be interesting to see what areas there covers, but third-party technology providers, data providers and potentially even application providers seem likely candidates for greater regulatory scrutiny in the future, at least in part.

This all serves to highlight the feedback we have been receiving from our conversations with our customers in banking, where TPRM is growing in importance in many areas, as companies continue to focus on their core activities and outsource other services. This development, together with hybrid working, increases operational flexibility but also the chance of greater operational risk. We anticipate that the demand for robust solutions that help to identify and address these operational risks will continue to grow in 2022 and 2023.