FINMA Issues New Risk Monitor Identifying Key Risks for Financial Institutions

On December 10, the Swiss Financial Market Supervisory Authority (FINMA) announced that it is publishing a Risk Monitor report for the first time.  FINMA stated that previously the Risk Monitor has been solely an internal instrument that it used as part of a risk-assessment tool, but that it would issue the Risk Monitor annually in the future.

This Risk Monitor, in FINMA’s words, “provides an overview of what FINMA believes are the most important risks currently facing supervised institutions and describes the resulting focus of its supervisory activity.”  The new Risk Monitor identifies six principal risks for its supervised institutions and the Swiss financial center:

1. The persistent low interest-rate environment.  The Risk Monitor stated that

[p]ersistently low interest rates in both Switzerland and the European Union (EU) over both short-term and long-term horizons are having a detrimental impact on the profitability of supervised institutions. This situation increases the risk of asset price bubbles and sudden reversals and may potentially undermine the viability of certain business models.”

The Risk Monitor also commented that “if interest rates were to stagnate at their current low levels for a very long time, this would pose a risk to certain business models. This is particularly true of banks focused on the interest margin business and life insurers.”

2. “[A] possible correction on the real estate and mortgage market, especially in the investment property segment.” The Risk Monitor observed that “[t]he sharp rise in vacancy rates for investment properties, combined with the ongoing boom in construction activity, is exacerbating the risks in the Swiss real estate and mortgage market.”  It added that “[p]revious crises have shown that financial institutions which expand their activity in the late phase of an economic cycle are particularly exposed to the risks of an ensuing economic downturn.”

3. Cyberattacks. The Risk Monitor highlighted the fact that “[t]he high and ever-growing dependency on and interconnectivity of information and communication technologies give rise to pronounced vulnerabilities among Swiss financial institutions.” It cited, as one example, that

outages of and disruptions to IT systems, particularly those resulting from cyberattacks, can jeopardise the availability of critical services and functions.  Depending on the nature of the cyberattack in question, this can have repercussions for individual financial institutions and threaten the functioning of the Swiss financial centre as a whole.

Recognizing that “[t][he number and intensity of cyberattacks are growing strongly,” the Risk Monitor also stated that “[a] successful cyberattack can have serious consequences for the functioning of the Swiss financial centre,” particularly if an institution that provides integrated or interlinked services (e.g., a systemically important financial institution) were successfully attacked.  Such an attack, the Risk Monitor warned, “could prove damaging both to other financial institutions and the Swiss economy as a whole. The reputational damage would be significant, and confidence in the Swiss financial centre would be affected.”

4. What FINMA termed “a disorderly abolition of LIBOR benchmark interest rates.” Because LIBOR benchmark interest rates continue to be widely used in financial instruments,” the Risk Monitor identified “[i]nadequate preparation for the replacement of LIBOR interest rates (envisaged by the end of 2021), including Swiss franc LIBOR,” as a key risk.

5. Money laundering. The report commented that the fact that the Swiss financial center “is a leading global crossborder wealth management hub for private clients   . . . makes it particularly exposed to money-laundering risks.”  It  took note of two specific concerns.  First, in light of the spate of recent corruption scandals involving entities such as 1 MDB and Petrobras, it stated that “the risks for financial institutions involved in the cross-border wealth management business remain high.” It also warned that the complexity of the structures involved in bribery and corruption, “particularly when domiciliary companies are used, can increase the risk of money laundering.”  Second, it specifically stated that

the financial industry also faces new risks in the area of blockchain technology and the cryptoassets that are attracting growing interest from clients. Although these new technologies promise efficiency improvements in the financial industry, they also accentuate the threats posed by money laundering and the financing of terrorism due to the greater potential anonymity they involve, as well as the speed and cross-border nature of the transactions. Malpractice by the financial institutions active in FinTech could significantly damage the reputation of the Swiss financial centre and slow down the development of digitalisation.

6,  Increased impediments to cross-border market access, particularly in the EU. Given the “trend towards tougher market access rules for foreign providers in a number of jurisdictions,” which “is occurring against a backdrop of increasing friction in international trade and uncertainties relating to Brexit,” the report stated that “[f]or Swiss financial institutions, this gives rise to legal uncertainties and risks, as well as the possibility of additional costs.”

In addition to these six principal risks, the Risk Monitor report identified other long-term risks.  It described “the financial risks arising from climate change as one of the most important long-term risks,”  but included comments about other long-term risks such as “an ageing society, the increasing individualisation of insurance based on big data, and risks for wealth management in a market with falling values of financial instruments.”

N.B.:  Risk and compliance teams at financial institutions with international operations should value the public issuance of the Risk Monitor for three reasons.  First, it provides them with an unprecedented level of insight into the thinking of FINMA about key risks in the financial sector, even if the report understandably focuses on risks affecting Swiss institutions and the Swiss financial  center.  Second, it also gives them a new source of analysis and perspectives that should be incorporated into their risk assessment processes.  Third, they should welcome FINMA’s willingness to make its own risk-assessment process more transparent and to commit to doing so in future versions of the Risk Monitor.

Some in the fintech sector may be surprised by the Risk Monitor’s admonitions concerning blockchain technology.  In separate remarks on December 10, however, FINMA Chief Executive Officer Mark Branson took pains to explain to reporters that FINMA wants to give blockchain developers “a chance and we have done a lot to remove unnecessary barriers to enable projects based on digital currencies.”  At the same time, Branson said, “we are also not starry-eyed as these new business models come with new risks, or old risks in new shapes.”

Institutions under FINMA’s authority should therefore be prepared, if they intend to push for greater adoption of blockchain technology, to present specific factual information and analysis to FINMA demonstrating how those institutions intend to modify their risk assessments and compliance programs to mitigate those “new risks” or “old risks in new shapes.”