Financial institutions are operating under much higher regulatory burdens today than was the case ten years ago. Whilst additional regulation was clearly necessary in the wake of the 2008 crash the ongoing rise in the legislative burden is raising costs, squeezing profits, and forcing many firms to decide whether they want to continue operating in certain market segments. There is a growing realisation that continuing to ratchet up the regulatory burden may be counterproductive if it leads to market inefficiencies and adversely affects banks’ resilience by squeezing profits. But even if the burden gets no higher, matters are unlikely to improve anytime soon as institutions adjust to EU legislation introduced over the past year.
Financial regulation in the wake of the 2008 crash
One of the most important consequences of the Lehman’s bust for the financial services industry was the application of far greater regulatory oversight. This does not come as any surprise. Indeed, the day after the bankruptcy was announced, I wrote: ‘On previous occasions when the US financial industry has suffered major shocks, the authorities have responded by implementing major legislative changes … We might expect a similar legislative backlash in future with any legislation likely to focus on improving the transparency of banks’ risk positions.’
The US response was the introduction of the Dodd-Frank Act in 2010 which was a huge piece of legislation designed, amongst other things, to ensure the financial stability of institutions whose failure could have major implications for the wider economy, and to prevent predatory mortgage lending which was believed to be a major contributory factor to the 2008 collapse. One of the key components of the Dodd-Frank Act was the so-called Volcker Rule which restricted the investment activities of banks and thereby eliminated proprietary trading. In effect, the legislation resulted in a separation of investment and deposit-taking activities in the same way as the Glass-Steagall Act of 1933 which was only repealed in 1999.
It transpired that it was not just US regulators which tightened the reins: banks around the world were forced to comply with the Basel III legislation requiring them to operate with much higher capital buffers in a bid to improve the sector’s resilience to shocks. But the European financial services industry in particular has been hit by two additional pieces of legislation in the past year – MiFID II1 and the GDPR2 – which threaten to have a significant impact on the way in which the industry operates.
MiFID II, GDPR and all that
The original MiFID legislation was introduced in 2004 and was designed to provide harmonised regulation for investment services across the European Economic Area by increasing competition and enhancing investor protection. In 2010 the European Commission called for a review of the legislation, resulting in the MiFID II framework which came into effect in January 2018. The objective of MiFID II is to strengthen the degree of investor protection by improving the functioning of financial markets and increasing the degree of market transparency and resilience. The law puts a much greater onus on counterparties to accurately report trades and the prices at which they take place (the transparency part). Enhanced reporting structures are also required to ensure that the products which are sold by financial institutions are appropriate for the client, thus reducing the likelihood of a bust (the resiliency aspect). One of the other requirements of the legislation is to make explicit the cost of investment advice, forcing asset managers to reveal to investors what they pay for external advice which threatens to upend the European financial services research industry (see below).
The scope of the products to which MiFID regulations apply is also being expanded as the Markets in Financial Instruments Regulation (MiFIR) comes into force. Not surprisingly, the costs of implementing the procedures required to comply with the new regulations are enormous. And we are still in the process of discovery about how the regime will work in the longer term. The whole process is based upon the application of ‘best execution’ – the duty to get the best price in the shortest possible time. But this is open to a great deal of interpretation. Moreover, since MiFID only applies to business conducted in the EU or on behalf of EU-based clients, there is no reason why business conducted in the EU on behalf of extra-EU clients need be subject to the same rules. Accordingly, this could drive some activity out of the EU towards more light-touch regulatory areas.
But financial services are also being impacted by legislation only tangentially related to the industry. One example of this is the GDPR, which came into effect in May 2018. This is designed to harmonise data privacy laws across Europe and to give citizens greater control over the way in which their personal data are used, defined as information that permits us to identify a specific individual. This has significant implications for the way that organisations, including financial institutions, use and store data, and the law mandates that firms have to gain the consent of the individual concerned to hold it. Automatic opt-in is thus not permitted, and individuals can request access to, or the removal of, their own personal data.
The consequences of failing to comply with the law are high: firms can be fined up to 4% of annual global turnover for breaching GDPR, or EUR 20 million. Like Dodd-Frank, GDPR is applicable to foreign institutions that want to conduct business in the domestic market. Thus, any institution that holds information on EU citizens is subject to the strictures of the GDPR whilst companies that want to conduct financial business in the US have to comply with Dodd-Frank. The increasingly onerous nature of region-specific financial regulation is likely to impact on the extent to which financial institutions will want to expand their cross-border activities.
Implications of the enhanced regulatory environment
Ultimately, institutions have to weigh up the cost of regulation against the returns from particular types of activity. Whilst the underlying principle of financial regulation is to make the industry safer so that it poses fewer risks to the wider economy, there is a clear trade-off between profitability and security (Chart 1). In the UK, for example, members of the Independent Commission on Banking (ICB), which reported in 2012, continue to believe that their recommendations on capital adequacy have been largely ignored and that banks do not have enough capital to withstand shocks – a view which the Bank of England does not share. Sir John Vickers, who chaired the ICB, argues that although holding equity capital is costly for banks, because investors expect high returns, ‘high returns make sense only if they compensate for risk ... which is best done by more equity, not less’. In his view, the BoE argument that leverage ratios were ten times higher before the crisis means only that banks today are too risky versus stratospherically risky prior to 2008.
Whilst there is some truth to this argument, it is equally true that efforts to measure bank leverage, as required under the Basel III legislation, represent ‘bogus quantification’. We cannot adequately measure bank ‘riskiness’, and efforts to put a precise number on it give us a false sense of security. And it is not as if banks were not regulated previously, as anyone who tried opening a bank account prior to 2008 can testify. It is more the case that bank regulation was previously misdirected. Thus, in addition to the profitability versus cost trade-off inherent in the regulatory environment, there is a trade-off between the cost and usefulness of regulation.
Indeed, the rising numbers employed in compliance represent a heavy tax on banking activity, and banks are being forced to make costs savings in other areas to ensure they can meet the regulatory challenge. Chart 2 shows a stylised representation of the impact of regulation in which supply is reduced but demand remains unchanged. The upshot is a reduced quantity of service provision but at a higher price.
The compliance burden can best be absorbed by large firms – the smaller the firm, the bigger the relative cost burden since all firms have to follow the same procedures. Indeed, this highlights one of the unintended consequences associated with the new regulatory regime: in their haste to regulate, supervisory bodies adopted a one-size-fits-all approach. This is inappropriate in the sense that institutions vary in size and have different business models: what may work for one institution may not work for another. Indeed, it is possible that what may work for the industry as a whole may not actually work for any individual institution depending on the extent to which the company’s business model deviates from the ‘industry average’.
Moreover, the scale effects associated with compliance are relatively weak: evidence from the Dutch regulator suggests that a tenfold increase in the size of a bank reduces relative compliance costs by a factor of only 2.5 (these figures are higher for insurers and pension funds, at 3.6 and 7.2 respectively). One explanation for this is that as banks become larger so the scope and complexity of their business increases accordingly.
Another side effect of recent legislation is that it places obstacles in the flow of information. The GDPR has made it more onerous to store client information and act on it whilst one of the provisions of MiFID II, which requires the costs of investment research to be made more explicit, has reduced the flow of investment information by curbing the scope of equity coverage. To the extent that markets operate most efficiently when information is freely available, recent regulatory changes threaten to reduce the efficiency with which markets operate.
Case study: The impact of MiFID II on the financial research business
As a research analyst it is impossible to ignore the impact of MiFID II on my own business. Financial research, particularly in the equities business, really took off following the deregulation of the UK financial services industry in 1986 and the subsequent globalisation of banking as Asian markets expanded rapidly. It has historically been seen as a useful adjunct to the sales function, but since it has always been difficult to disentangle the extent to which revenues are attributable to sales and which to research, its costs have been covered by commission charges billed to clients. But the MiFID II legislation requires that institutions managing money on behalf of others have to be explicit about the costs which they pay for investment advice in order to ensure that the ‘best execution’ principle is applied to clients.
In the run-up to the introduction of the legislation in 2018, sell-side providers spent a lot of time and effort determining the appropriate price to charge clients for their research. Ultimately, the appropriate price turned out to be whatever the market would bear and resulted in significant variation by client. Asset managers with limited budgets proved to be very selective in their choice of research provider and a process of sell-side research headcount reduction began. As we enter the second year of the process, anecdotal evidence suggests that asset managers are willing to pay less than in 2018 with the result that research revenues will be squeezed further and headcount reductions will intensify. There is also increased evidence that there has also been a reduction in the number of analysts covering individual companies and a fall in the number of companies under coverage, particularly small cap companies.
For the present, it seems that larger sell-side houses are in a strong position because their large client base allows them to hold down the unit cost of research sufficiently to maintain client interest. But there will be more changes in the years to come as asset managers’ budgets fluctuate in line with the market, which will determine the amount they are willing (and able) to pay. Indeed, there are indications that the buy-side is beginning to undertake many of the research functions which used to be outsourced to the sell-side. MiFID is truly changing the face of at least one part of finance.
Assessing the costs of higher regulation
In addition to the time costs (Chart 3) there are high monetary costs of regulatory compliance. A study conducted by PricewaterhouseCoopers for the Association of Financial Markets in Europe (AFME), based on a panel of 13 major banks and covering the period 2000 to 2016, concluded that the aggregate cost of regulation in 2016 amounted to around USD 37 billion, or 39% of total capital markets expenses. Recall that this is even before the full introduction of MiFID II or GDPR, suggesting that recently implemented regulation is likely to have added further to costs. The largest impacts are derived from risk-based capital and leverage requirements which account for almost 90% of total costs (Chart 4). Regulation is also estimated to have driven a 14 percentage point reduction in return on equity (from 17% to 3%) although offsetting actions such as deleveraging, cost reductions and business model changes limited the overall decline to 6%.
Percent of firms reporting burden by form of regulation
This analysis is typical of many of the impact studies which look at changes to bank balance sheets over the past decade. Policymakers conducting such studies generally conclude that although a considerable amount of work has been done to make the banking sector safer, more needs to be done. Yet, there is an increasing sense from policymakers that many of the regulatory measures already in place and those which are still in the pipeline, are increasingly acting as a drag on the financial sector’s performance.
Ironically, we will only know whether the measures put in place and the additional outlays on compliance represent money well spent if they prevent banks from incurring the wrath of the regulator. If banks never run into solvency difficulties, they may question how much of this is due to luck; how much to judgement, and how much to adequate preparation. It is a question most banks hope not to have to answer anytime soon.
Nearly all finance professionals accept that additional regulation was necessary in the wake of the 2008 crash. But as is always the case with regulatory changes that impact on behaviour, we have to contend with the unintended consequences which followed in its wake. The adverse impact of regulation on bank profitability has been exacerbated by low interest rates, and it is likely that the burden will become easier to bear in future as this effect dissipates. But the adjustment process is set to continue for at least another year as banks operating in the EU get to grips with the full implications of MiFID II and GDPR.
1 Markets in Financial Instruments Directive.
2 EU General Data Protection Regulation.