Product Family

When I was growing up in the early 1980s, we were subjected to fanciful plot lines from far-fetched films, from Matthew Broderick hacking NORAD's computer system and nearly starting World War III, to Superman being called upon to defeat a computer fraud genius played by a relatively youthful Richard Pryor. I read comic books about genetically modified, computer chip-enhanced soldiers and dreamed about doors swishing to and fro as I walked alongside Buck Rogers in the 25th century….

It all seems utterly ridiculous now. After all, completing a cheque stub as adulthood beckoned made me feel properly grown-up, along with the hormones kicking in as I spent my meagre savings on the latest Bowie vinyl.

I've written four cheques this year. Three of those were to the kids' school, which is now going paperless. We're only in the 21st century but, like many others, most of my finances are conducted online or contactless or by plastic - and, occasionally, doors even swoosh.

Banks around the world are subject to constant cyber-attacks from hackers; all day, all night; every day, every night.

Banks around the world are subject to constant cyber-attacks from hackers; all day, all night; every day, every night. From teenagers shut away in their bedrooms, rediscovering the wrong Velvets and dressed in replica Nirvana rip-offs, to sophisticated, criminal gangs seeking out and exploiting weaknesses in IT systems, the nature of banks' operational risk exposures is changing rapidly.

If the private email accounts of high-ranking government agency officials can be hacked, then certainly no institution can consider themselves 100% safe. Banks and their regulators need to keep up with rapidly changing operational risks.

However, the focus of regulation since the financial crisis has been on building capital buffers and discouraging specific activities deemed to be more risky. But banks are now built on IT systems and most of their customers engage with them via IT and mobile platforms.

While the Basel Committee on Banking Supervision is due to opine on the effectiveness of existing capital rules in advance of Basel IV, we are still realistically at least a couple of years away from Europe-wide legislation to protect banking customers in the event their personal details are compromised following a hack. How relevant can such legislation be, given the speed of technological advances in payment processes, data storage and remote systems?

In a world where risks are changing fast, there is a danger that banking regulation will default to a one-size-fits-all approach. If there is a move towards a more standardised approach for even the most sophisticated banks, we risk a separation of capital assessment from risk management. Capital reserves should become more dynamic to cater for changing risks, not less so.

This creates a dilemma for regulators. Simplification of the rules for capital required to be held by the banks has much appeal - consistent measurements, comparability, and so forth. But it places less importance on good behaviour, such as effective risk management and internal controls. After all, we want our regulators to protect us, the public and the banks' customers, against bad conduct. Surely that was the fundamental lesson of the financial crisis. Regulation can put many rules in place, but cultural change comes more slowly and has to be led by the senior management.

Management guru Peter Drucker once said: "Culture eats strategy for breakfast." Regulation needs to set the framework for the more sophisticated banks to operate where capital can be flexible and serve the equally important purpose of protecting customers as well as the stability of the financial system. History tells us that the behaviour, or culture, of an organisation is just as important as the financial ratios.

Bowie's released an album shortly before his death early this year, vinyl's back in fashion and Superman will be in cinemas again this year year. Plus ça change, plus c'est la même chose.

Want to know more? You can reach Gerard

First Published in Post Magazine on February 11, 2016


More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.