- New AGCS report identifies key risks and loss
trends for the financial services sector. - Covid-19 may drive market corrections and insolvencies
– which could impact financial institutions’ balance sheets, increase exposures
for directors and result in litigation. - AGCS analysis of $1bn of insurance industry
claims show cyber incidents, including crime, is the top cause of loss. Insurers
see a rising number of losses from outages or privacy breaches with third-party
service providers a potential weak link. - Compliance
issues are already one of the biggest drivers of claims and the burden is growing
– particularly around ESG factors and climate change.
JOHANNESBURG/LONDON/MUNICH/NEW
YORK/PARIS/SAO PAULO/SINGAPORE – Media
OutReach – 6 May 2021 – Financial
institutions and their directors have to navigate a rapidly changing world,
marked by new and emerging risks driven by cyber exposures based on the
sector’s reliance on technology, a growing burden of compliance, and the
turbulence of Covid-19, according to a new report Financial
Services Risk Trends: An Insurer’s Perspective from Allianz Global
Corporate & Specialty (AGCS). At the same time, the behavior and culture of
financial institutions is under growing scrutiny from a wide range of
stakeholders in areas such as sustainability, employment practices, diversity
and inclusion and executive pay.
“The financial services sector
faces a period of heightened risks. Covid-19 has caused one of the largest ever
shocks to the global economy, triggering unprecedented economic and fiscal
stimulus and record levels of government debt,” says Paul Schiavone, Global Industry Solutions Director Financial Services
at AGCS. “Despite an improved economic outlook, considerable uncertainty
remains. The threat of economic and market volatility still lies ahead while
the sector is also increasingly needing to focus on so-called ‘non-financial’
risks such as cyber resilience, management of third parties and supply chains,
as well as the impact of climate change and other Environmental Social and
Governance (ESG) trends.”
The AGCS report highlights some of
the most significant risk trends for banks, asset managers, private equity
funds, insurers and other players in the financial services sector, as ranked
in the Allianz
Risk Barometer 2021, which surveyed over 900 industry respondents: Cyber incidents, Pandemic outbreak
and Business interruption are the top three risks, followed by Changes in legislation and regulation – driven
by ESG and climate change concerns in particular. Macroeconomic developments, such as rising credit risk and the
ongoing low interest rate environment, ranked fifth.
The Allianz Risk Barometer findings are mirrored by an
AGCS analysis of 7,654 insurance claims for the financial services segment
over the past five years, worth approximately €870mn ($1.05bn). Cyber
incidents, including crime, ranks as the top cause of loss by value, with other top loss drivers including
negligence and shareholder derivative actions.
Covid 19 impact
Financial institutions are alive to the potential ramifications of
government and central bank responses to the pandemic, such as low interest
rates, rising government debt and the winding down of support and grants and
loans to businesses. Large corrections or adjustments in markets – such as in
equities, bonds or credit – could result in potential litigation from investors
and shareholders, while an increase in insolvencies could also put some
institutions’ own balance sheets under additional strain. “Claims may be
brought against directors and officers in the financial services industry where
there has been a perceived failure to foresee, disclose or manage or prepare
for Covid-19 related risks,” says Shanil
Williams, Global Head of Financial Lines at AGCS.
Cyber – highly exposed despite
high level of security spend
The Covid-19 environment is also
providing fertile ground for criminals seeking to exploit the crisis as the
pandemic led to a rapid and largely unplanned increase in homeworking,
electronic trading and a rapid acceleration in digitalization. Despite significant
cyber security spend, financial services companies are an attractive target and
face a wide range of cyber threats including business email compromise attacks,
ransomware campaigns, ATM “jackpotting” – where criminals take control of cash
machines through network servers – or supply chain attacks. The recent SolarWinds incident targeted banks
and regulatory agencies, demonstrating the potential vulnerabilities of the
sector to outages via their reliance on third-party service providers. Most
financial institutions are now making use of cloud services-run software which
comes with a growing reliance on a relatively small number of providers. Institutions
face sizable business interruption exposures, as well as third party
liabilities, when things go wrong.
“Third-party service providers can
be the weak link in the cyber security chain,” says Thomas Kang, Head of Cyber, Tech and Media, North America at AGCS.
“We recently had a bank client suffer a large data breach after a third-party
vendor failed to delete personal information when decommissioning hardware. How
financial institutions manage risks presented by the cloud will be critical
going forward. They are effectively offloading a significant portion of cyber
security responsibilities to a third-party. However, by partnering with the
right cloud service provider, companies can also leverage the cloud as a way to
manage their overall cyber exposure.”
Compliance challenges around
cyber, cryptocurrencies and climate change
Compliance is one of the biggest
challenges for the financial services industry, with legislation and regulation
around cyber, new technologies and climate change and ESG factors constantly
evolving and increasing. Indeed, the report notes that there has been a seismic
shift in the regulatory view of privacy and cyber security in recent years with
firms facing a growing bank of requirements. The consequences of data breaches
are far-reaching, with more aggressive enforcement, higher fines and regulatory
costs, and growing third party liability, followed by litigation. Regulators
are increasingly focusing on business continuity, operational resilience and
the management of third party risk following a number of major outages at banks
and payment processing companies. Companies need to operationalize their
response to regulation and privacy rights, not just look at cyber security.
Applications of new technologies
such as Artificial Intelligence (AI), biometrics and virtual currencies will
likely raise new risks and liabilities in future, in large part from compliance
and regulation as well. With AI, there has already been regulatory investigations
in the US related to the use of unconscious bias in algorithms for credit
scoring. There have also been a number of lawsuits
related to the collection and use of biometric data. The growing acceptance of
digital or cryptocurrencies as an asset class will ultimately present
operational and regulatory risks for financial institutions with uncertainty
around potential asset bubbles and concerns about money laundering, ransomware
attacks, the prospect of third-party liabilities and even ESG issues as
“mining” or creating cryptocurrencies uses large amounts of energy. Finally,
the growth in stock market investment, guided by social media raises
mis-selling concerns – already one
of the top causes of insurance claims.
ESG factors taking center stage
Financial institutions and capital
markets are seen as an important facilitator of the change needed to tackle
climate change and encourage sustainability. Again, regulation is setting the
pace. There have been over 170 ESG regulatory measures introduced globally
since 2018, with Europe leading the way. The surge in regulation, in
combination with inconsistent approaches across jurisdictions and a lack of
data availability, represents significant operational and compliance challenges
for financial service providers. “Financial services may be ahead of many other
sectors when it comes to addressing ESG topics, but it will still be an
important factor shaping risk for years to come,” says David Van den Berghe, Global Head of Financial Institutions at AGCS.
“Social and environmental trends are increasingly sources of regulatory change
and liability, while increased disclosure and reporting will make it much
easier to hold companies and their boards to account.”
At the same time, activist
shareholders or stakeholders increasingly focus on ESG
topics. Climate change litigation, in particular, is beginning to include
financial institutions. Cases have previously tended to focus on the nature of
investments, although there has been a growing use of litigation seeking to drive
behavioral shifts and force disclosure debate. Besides climate change, broader social responsibilities are coming
under scrutiny, with board remuneration and diversity
being particular hot topics, and regulatory issues. “Companies that commit to
addressing climate change and diversity and inclusion will need to follow
through. For those that do not, it will come back to haunt them,” says Van den
Berghe.
Claims trends and its impact on
the insurance market
The AGCS report also highlights
some of the major causes of claims that insurers see from financial
institutions. The fact that compliance risk is growing is concerning, as
compliance issues are already one of the biggest drivers of claims. “Keeping
abreast of compliance in a rapidly-changing world is a tough task for companies
and their directors and officers,” says Williams. “Their compliance burden is
enormous, and is now accompanied by growing regulatory activism, legal action
and litigation funding.”
Cyber incidents already result in
the most expensive claims and insurers are seeing a rising number of
technology-related losses including claims made against directors following
major privacy breaches. Other examples include sizable claims related to
fraudulent payment instructions and “fake president” scams. Such payments can
be in the millions of dollars. AGCS has also handled a number of liability
claims arising from technical problems with exchanges and electronic processing
systems where systems have gone down and clients have not been able to execute
trades, and have made claims against policyholders for loss of opportunity.
There have also been claims where a system failure has caused damages to a
third party; one financial institution suffered a significant loss after a
trading system crashed causing processing failures for customers.
Recent loss activity, compounded by
Covid-19 uncertainty, have contributed to a recasting of the insurance market
for financial institutions, characterized by adjusted pricing and enhanced
focus on risk selection by insurers, but also a growing interest for alternative
risk transfer solutions, in addition to traditional insurance. Insurance
is increasingly an important part of the capital stack of financial
institutions and a growing number are partnering with insurers to manage risk
and regulatory capital requirements or utilizing captive insurers to compensate
for changes in the insurance markets or to finance more difficult-to-place
risks.
“At AGCS, we are committed to engaging
with financial institutions to help them mitigate their exposures and develop
adequate risk transfer solutions for a sector that is embarking on a major transformation, driven by fast-paced
technology adoption and growing ESG issues, while having to master the
impacts of the Covid-19 pandemic,” says Schiavone.
Source link