What does the future hold?
Technology is undoubtedly changing the way many industries operate, with old functions being eliminated or automated for more efficiency, and new delivery channels emerging that allow companies to interact with each other and their customers in ways not imagined even a decade ago.
In an uncertain macroeconomic and financial environment, applying RegTech could make an important contribution to increasing the profitability and efficiency of financial institutions, while improving their effective compliance with financial regulations.
This is truer than ever before in financial services; perhaps no other industry has been affected as much by the technology innovation of the last five to 10 years. And being arguably the most heavily regulated industry, it’s no surprise that firms are leaning on technology as a prime vehicle to help deal with the myriad of regulatory compliance functions necessary to run the business and stay in regulators’ good graces in an efficient and cost-effective manner.
That’s why regulatory technology (or “RegTech”) has become one of the hottest topics for compliance and risk officers over the past year, and will remain a focus for compliance professionals in 2017. RegTech will continue to evolve as financial firms grapple to stay compliant with new and existing regulations. With this trend gaining momentum, it’s of the utmost importance to understand how RegTech will change your business now and in the future.
The rise of RegTech
The cost of compliance continues to rise for financial firms. Some estimates pin the cost of governance, risk and compliance at 15-20 percent of the total cost of running the business at financial firms. That’s nearly one-fifth of an entire firm’s budget just to stay in business and avoid fines from regulators.
That’s where RegTech comes in, providing firms with technology to reduce costs associated with compliance and the ability to run compliance operations more efficiently. Indeed, RegTech solutions offer the promise of making compliance less complex and freeing up more capital to be spent on other more productive uses.
“The ambitious regulatory reform agenda implemented after the financial crisis has closed loopholes in the financial regulatory framework, but has also significantly increased compliance costs of FIs,” writes the Institute of International Finance in a report on the subject. “In an uncertain macroeconomic and financial environment, applying RegTech could make an important contribution to increasing the profitability and efficiency of financial institutions, while improving their effective compliance with financial regulations.”
We have already seen an increase in data privacy laws and new regulations around security as cyberattacks against financial firms become more frequent and larger in nature. The European Union has updated its Data Protection Directive – originally written in 1995 – to take into account technology developed since then; it is set to be implemented in 2017. Under this updated regulatory statute, any company or individual that processes personal data will be held responsible for its protection, including third parties such as cloud providers. This means that any party that touches or has access to consumer data, wherever they are based, is responsible in the case of a data breach. This is especially important for financial firms, who – perhaps outside of government entities – hold the most personal data of any industry. Not only must the firms themselves protect this data, but the many third parties and vendors they work with must do so as well. Violating this regulation comes at a hefty price. Companies face fines of up to 4 percent of their global turnover from the EU if found guilty of flagrantly breaking the rules.
The EU’s new, more stringent rules are hardly unique or an isolated occurrence. In response to the increase in digital interactions and the importance of keeping data safe, we are witnessing a massive increase in the amount of data protection regulation and laws around the globe.
A number of countries in Asia have started to adopt similar laws on the protection of personal data. Such laws will have an impact on how companies collect and use data from individuals in Asia and how that data can be transferred out of the jurisdiction from which it is collected. According to international law firm Bryan Cave, only Australia and New Zealand have been deemed by the European Commission to have adequate safeguards in place for the transfer of data from European member states. As such, the Asia-Pacific Economic Cooperation (APEC) in recent years has adopted a privacy framework to encourage the development of data protection policies and laws.
In the US, new measures such as 2014’s Personal Data Protection and Breach Accountability Act are aimed at mitigating the vulnerability of personally identifiable information to theft through a security breach, providing notice and remedies to consumers in the wake of such a breach, holding companies accountable for preventable breaches, facilitating the sharing of post-breach technical information between companies, and enhancing criminal and civil penalties and other protections against the unauthorized collection or use of personally identifiable information.
Complying with these regulations will become even more challenging as financial firms sharing data becomes more common. For example, the EU’s revised Payments Services Directive calls on the industry to facilitate a way to securely allow for third parties to connect directly with consumers’ bank accounts and retrieve information from them. In the US, Consumer Financial Protection Bureau director Richard Cordray has expressed similar sentiment that American banks and financial firms should also facilitate outside access to financial data.
Several other new regulations will affect financial firms in areas that RegTech can be a big boon in helping comply with. These include:
Markets in Financial Instruments Directive II (MiFID II)
This regulation was originally applied in the UK in 2007 by the Financial Conduct Authority (FCA) that oversees firms that provide clients with access to financial instruments, and venues where those instruments are traded. However, it is currently being revised to improve the functioning of financial markets in light of the financial crisis and in order to further protect investors, with new changes going into effect in January 2018 according to the FCA. Extending the transparency regime that was created for equity instruments in the original directive, MiFID II will apply from January 2018. It represents a fundamental change for financial markets across a multitude of areas, requiring not only major implementation effort but also a reassessment of business models.
This updated directive will change business models and processes for market operators drastically. While it was created by European regulators, it will have a global impact affecting anyone doing business with European customers and firms. Among other things, firms will have to exhaustively detail to regulators’ efforts made around transparency and how they fulfill execution orders.
Firms must become compliant with the 500-plus pages of technical standards when the directive goes into effect – a daunting task. However, partnering with companies that have not only the technology but expertise in this area can help make this a much more manageable task. Things like real-time analytics capabilities, sophisticated alerting capabilities, as well as increased automation, will help firms avoid being buried under a mountain of paperwork.
Fundamental Review of the Trading Book (FRTB)
This provision of the Basel Committee on Banking Supervision pertains to capital requirements for large, internationally active financial firms. It’s seen as something of an update to the Basel III capital requirements; indeed, some are already calling it Basel IV. Among the notable changes being introduced by this new provision are higher capital requirements and a stricter separation of the trading book and the banking book. This measure is intended to reduce the possibility of arbitrage between the two books and to ensure a more consistent application across banks. Regardless of whether they currently use standardised or internal models, banks will need to review their portfolios to determine whether existing classifications of instruments and desks as trading book or banking book are still applicable or whether a revision of desk structure is required.
Financial institutions will need access to more data and stronger data analytics to meet these new risk management and reporting requirements. According to an analysis from PricewaterhouseCoopers (PwC), the FRTB is pushing banks to calculate their capital requirements with a regulator-approved standardised approach, moving away from the trend of each institution using an internal model. This will impose new reporting requirements, including monitoring market risk on an intraday basis and measuring market risk capital at the end of the previous day. Furthermore, PwC states, “banks that continue to use internal models face even stricter requirements, as they will have to report risk capital under both the standardized and internal models. These banks will also have to report their key modelling assumptions to regulators in order to facilitate a better understanding of the variations between standardized and internal model-based results.”
The Basel Committee is calling for the adoption of the FRTB by January 2019, leaving financial institutions with precious little time to implement the technology and robust analytics capabilities needed to remain in compliance.
EU General Data Protection Regulation (GDPR)
Yet another regulation aimed at safeguarding the storage and transfer of client data, the GDPR becomes effective May 2018 and is designed to harmonise data privacy laws across Europe, protect citizens’ data privacy and reshape the way organisations across the region approach data privacy.
In order to comply with the regulation, companies will have to be able to access a single, universal view of data sources; this means consolidating existing data tools to get an enterprise-wide view of data. Firms will also need to rely on automation to track data and apply the appropriate rules when it comes to client personal data and data sets. Companies that aren’t utilising technology to do this will surely be at a grave disadvantage in complying with GDPR.
Packaged Retail and Insurance-based Investment Products (PRIIPs)
The PRIIPs regulation is yet another that has arisen from the ashes of the financial crisis aimed at protecting retail investors. These requirements are intended to make it easier for retail investors to compare products to each other, with the intention that this will increase customer value and force firms to carefully consider how their products will fare when distilled down to a uniform product description.
Among other things, financial firms will need to meet the technical requirements for producing key information documents, short and standardised documents that will communicate all relevant information about a PRIIP to retail clients.
These are just a few of the regulations around data and consumer protection that have arisen in recent years. There are also many other considerations to take into account. For example, the rising use of artificial intelligence in investing means a whole new set of concerns will likely arise from regulatory bodies as this practice becomes more commonplace. With the pace of rapid change, firms need to be equipped to handle not just today’s many regulations, but the ones that will come up in the next five years and beyond.
What does the future hold?
There are several common themes throughout these regulations that will have an impact on how financial institutions are able to deal with them. Firstly, it’s obvious that regulators want more data, and faster than ever before. They want to know how firms make investing decisions, ensure protection of customer data and what they are communicating to clients. Financial companies will need robust data analytics tools to process and mine through the massive amount of data they store to give regulators what they want, when they want it.
It’s also obvious that the manual paper-based processes that constitute much of regulatory compliance must be automated. The sheer amount of data being dealt with means that humans performing these tasks will simply be overwhelmed. Using technology to automate paper-based processes will be essential.
Regulatory technology will be indispensable for firms going forward. Not only will it help cut down the ever increasing costs of compliance, but also it will provide an edge over competitors who have yet to invest in technology to maximise efforts in this critical area.
Join the conversation
Will RegTech find a balance between process automation and data privacy? Let us know what you think in the comments below.