MiFID II, GDPR and other legislation – what has the impact been after one year?
At Oxial we choose our partners very carefully, preferring to only work with companies and consultancies that really add value to our own proposition and technology. One such partner is EY, which fits our supervised and digital compliance model particularly well.
With Oxial’s technology to automate controls and processes around compliance legislation, in conjunction with the vast industry expertise and understanding offered by EY’s consultants, there is a powerful proposition for any organisation that wants to approach compliance in a more joined-up and modern way.
With modern compliance – in Financial Services (FS) especially – growing more complex and involved year-on-year, Oxial CEO Eric Berdeaux recently caught up with EY’s EMEIA Financial Services Partner Pierre Pourquery who leads the Control and Compliance solution for Europe, to discuss the impact of MiFID II, GDPR and other legislation and to look ahead to the coming year.
The past 12-18 months has seen a lot of high-profile legislation introduced. What has the impact been so far of MiFID II, GDPR and others?
Pierre Pourquery / ET: “The increase in regulation that has taken place over the past year or so, has resulted in a significantly higher cost of control, that banks are now urgently trying to reduce. They are just starting to understand that tactical fixes will need to be replaced by strategic changes but they don’t really have the patience for this.”
Eric Berdeaux / Oxial: “The effects of all this regulation should be that banks alter their approach to compliance and make it much more central to how they operate, although I don’t think that has happened as much as it should have. There is a tendency to do whatever needs to be done to comply as quickly and painlessly as possible – that’s understandable, but also short-sighted. I agree with Pierre completely that these tactical fixes are not ideal in the medium to longer term.”
Are firms compliant with this new legislation, or are some firms still in the planning phase and not yet ready?
PP: “I think most firms have by and large, complied with whatever needs to be complied with. Or at least implementation for most of them is being finalised and they are very close to compliance. The problem is that implementation is not being done optimally, just via the tactical fixes I mentioned previously, and it is crying out for a more strategic approach.”
EB: “Companies’ readiness for new legislation is very mixed, and there are certainly firms that are burying their head in the sand over GDPR in particular. But as we see more incidences and perhaps the first fine from the European Union (EU), that will certainly focus people’s attention on getting their own house in order.”
The penalties for GDPR non-compliance in particular, are very severe. Are we likely to see any major fines in 2019?
PP: “It’s difficult to say, but I don’t think so. Perhaps for data protection when an incident occurs, that could see one of the major fines, but that is still unlikely I would say.”
PP: “A massive fine is something that no organisation would want of course, but I think what could be equally damaging is the long-term brand implications of say, non-GDPR compliance. No bank wants to be known in perpetuity as the firm that does not look after its customers’ data properly, and the long-term damage to a bank’s credibility and trustworthiness could be vast. This is perhaps a greater risk than the threat of a fine.”
What does 2019 hold for current and future regulations that may affect the FS sector?
PP: “Most of the focus is going to be on operational resilience, Brexit and IBOR. These will be the big factors in 2019, although we all hope that some of the uncertainty surrounding Brexit will be addressed sooner rather than later.”
EB: “We could be in for a momentous year in the compliance sector – what could be truly transformational for the industry, is if the regulators begin to embrace digital submissions more fully. There have been a number of signs this will be the case and will be a major boost to the industry, especially around reporting. Oxial is already working with two national regulators in Europe on such projects and 2019 could be the year that sees the death of compliance reporting as we know it.”
Oxial and EY’s partnership on a continuous compliance service, means that banks and other FS firms can stay on top of the ever-changing and growing global regulation and compliance requirements throughout 2019 and beyond.
If you are interested in learning more about how digital compliance could help your organisation, then take a look at our resource center that holds a variety of case studies and whitepapers on this topic.