For the second year in a row – with a response rate of 46% versus 51% last year – cyber incidents top the list as the financial services industry’s biggest risks.
This is according to the eighth Allianz Risk Barometer 2019, an annual survey on global business risks from Allianz Global Corporate & Specialty (AGCS), which incorporates the views of a record 2 415 experts from 86 countries including CEOs, risk managers, brokers and insurance experts.
Many incidents are the result of technical glitches or human error rather than malicious acts. This is according to an analysis conducted by the UK’s financial services regulator, which revealed a 138% increase in technology outages over a year but just 18% of reported incidents were cyberattacks. Reports claim that cybercrime will be the most disruptive economic crime to affect their organisations in South Africa over the next 24 months. The country has the third highest number of cybercrime victims worldwide, losing about R2,2-billion a year to cyber-attacks.
Changes in legislation and regulation also retain second position with a response rate of 31% versus 28% in 2018. This is due to increased regulations in the financial services sector locally and internationally. One of the most significant regulatory changes affecting the industry in South Africa was the establishment of the Twin Peaks model for financial sector regulation as a means to reform the regulatory and supervisory system of financial institutions. This was implemented through the passing of the Financial Sector Regulation (FSR) Act.
The FSR Act gave effect to important changes relating to the supervision of the financial sector. Most notably, it created a prudential regulator; the Prudential Authority (PA) located within the South African Reserve Bank (SARB) and established a market conduct regulator, being the Financial Sector Conduct Authority (FSCA) which is located outside of the SARB. The PA is responsible for regulating banks, insurers, cooperative financial institutions, financial conglomerates and certain market infrastructures. Previously the Financial Services Board had oversight of prudential regulation of insurers, whereas SARB had prudential oversight of banks. This created opportunities for regulatory arbitrage in particular for larger financial conglomerates whose different subsidiaries may have had different regulators overseeing their prudential positions. Clearly in a post credit crisis world, financial conglomerate and group supervision is essential and this “marks an important milestone on the journey towards a safer and fairer financial system that is able to serve all citizens.”
Although unrelenting regulatory changes come with increased costs and implementation challenges, they do however present hidden opportunities for insurers to better manage risk, and allocate capital appropriately. Some of the new regulations that are put in place are expected to prompt insurers to redesign simpler and more appropriate products for their customers.
Market developments (eg. volatility, intensified competition/new entrants, mergers and acquisitions, market stagnation, market fluctuation) moved down from second to third with an unchanged response rate of 28%. For instance, reports indicate that the newly-licensed South African banks are likely to pose disruptions to the local banking industry through web – and app-based services and by leveraging on behavioral and neuroeconomics.
Risk arising from natural catastrophe (eg. storm, flood, and earthquake) is a newly ranked risk at number four with 26% of responses. A recent report indicated that reinsurers do not regard South Africa as a low catastrophe risk region anymore, with the country having experienced a high frequency of large loss events in the last five years such as Knysna fires and Durban floods, which cost the industry more than R5 billion.
Business interruption (BI) has moved from fourth to fifth place with 24% (2018: 27%) of responses. Companies face an increasing number of BI scenarios and many of them can occur without physical damage but with significant financial losses. In addition, the breakdown of core IT systems, product recall or quality incidents, political violence or protests as well as environmental pollution can severely impede a company from operating. If companies are unable to provide products and services – or customers choose to stay away, the impact on revenue can be devastating.