SPECIFIC REGULATORY AND GOVERNANCE CHALLENGES OF EUROPEAN BANKS OPERATING ACROSS MULTIPLE JURISDICTIONS

European banks operating across multiple jurisdictions face a set of specific regulatory challenges, including:

• COVID-19, with its impact on capital, collateral, liquidity, business continuity and reporting obligations;
• continued supervisory and enforcement action related, amongst other things, to the prevention and detection of crimes such as money laundering and market abuse, adherence to sanctions regimes, data privacy, cyber security, competition and consumer protection;
• the pace of regulatory reform, which this year has seen the deadline for strong customer authentication under the Payment Services Regulation^[1], and will later include a major overhaul of the reporting of repo and buy-back transactions (SFTR ^[2]), new deadlines to settle transactions (CSDR^[3]), major reforms to market infrastructure regulation (EMIR 2.2^[4]), and capital and access reforms to the arrangements for investment firms under MiFID II^[5] (by virtue of the Investment Firms Review^[6]); and
• adjustments resulting from Brexit, which will likely involve a divergence of regulatory architecture and approach between the EU, U.S. and U.K.

These challenges are evident today and are likely to remain so for at least the next 12–18 months.

Managing regulatory challenges of this sort places substantial pressure on a bank, its organisational structures and its personnel. Whilst it is critical that banks enter this crisis with a strong financial base, it is equally critical that banks enter the crisis with a strong organisation and culture, both of which can be buttressed by appropriate steps taken now.

There are various key elements for a strong organisation and culture. These include:

• Corporate Governance. Having a clear corporate structure with clear board committee assignments, adhering to material board procedures, in writing where appropriate, ensuring all entities and committees have established remits and terms of reference, observing clear reporting lines and responsibilities for internal functions and having effective processes for resolving disagreements and operational overlap.
• Decision-making and Record-keeping. Ensuring decision-making processes are understood by internal stakeholders. There should be an ability to demonstrate, both internally and externally, what decisions were made, how they were made and by whom, with adequate records in support. Once made, there should be an effective process for communication. Poor internal communication is frequently highlighted as a sign of a weak culture.
• Regulatory Touchpoints; Interaction with External Stakeholders. Organisations should ensure that there is a process for managing relations with regulators generally, as well as with particular individuals or teams depending upon the underlying regulatory issue. Regulatory Relations can be established within Compliance or Legal or as a standalone function; Government Affairs can be a part of the Regulatory Relations group. In all cases, it is important to ensure Compliance, Regulatory Relations, Government Affairs and Legal are viewed holistically to ensure that roles and responsibilities of the functions and their overlap with other groups are properly understood. Responsibility for interaction with other external stakeholders should be clearly articulated. This includes ensuring there are straightforward procedures for dealing with investors, the media and external counsel.
• Compliance. Consideration should be given to the appropriate positioning of Compliance within the organisation, for example, direct reporting to the CEO with a direct line to the non-executives on the board, and whether certain aspects should function as part of Risk or Legal. In particular, the roles and responsibilities of Compliance and, especially, its interaction with Legal and the Non-Financial Risk Group need articulation. Areas to consider include the role of Compliance with respect to internal and external investigations, the interpretation of laws, rules and regulations and the oversight and management of conduct risk.
• Culture and Conduct. This is likely to be one of the most important areas of focus for regulators over the next decade. Regulators are looking for open and transparent working environments where all employees are treated with respect and encouraged to raise concerns. Again, having well-documented, well-articulated policies and procedures is key. A robust training programme across the organisation, with a proper balance of classroom and online training, is also important.

With our long standing, pre-eminent global financial institutions practice, Shearman & Sterling can provide support, including:

• Reviewing the bank’s existing organisational structures and recommending modifications to enable the bank to optimise its regulatory structure in conformity with local and international standards;
• Interacting with regulators globally;
• Working with banks to develop, implement and monitor internal policies and procedures across a broad range of topic areas;
• Developing and delivering training programmes for staff and, where appropriate, third parties providing services on behalf of the bank;
• Advising upon and managing complex, cross-border, internal and external investigations, litigations, supervisory and regulatory enforcement matters, complaints and HR-related issues, risks to reputation and other matters where legal risk arises.