Why 2019 will be a year of continuous supervision in FS compliance
This past year or so in Europe has witnessed an almost unprecedented number of new regulations that Financial Services (FS) firms must adhere to. We have seen new legislation including GDPR, MiFID II and PSD2 introduced, additional regulatory hurdles to navigate for an FS industry that was already one of the most heavily regulated in the world.
This has significantly increased the pressure on GRC teams within FS firms. Not only is there more regulation but the penalties for non-compliance have increased too, which means compliance functions will be tested like never before.
But compared to the past 18 months, 2019 will see far less new regulations introduced in FS. This means that FS GRC teams can concentrate on maintenance and management of existing regulation. But what regulatory requirements do they entail for FS firms, and what is the best way of approaching them?
The EU General Data Protection Regulation
More commonly known by its acronym, GDPR, this is one of the most high-profile and important pieces of legislation in a generation. Introduced to reflect the changing nature of data privacy in the internet era, any organisation that holds data on European consumers has had to overhaul the way they store and manage that data. For those that fail to do so, the penalties are severe.
In January 2019 it was announced that internet giant Google is to be fined 50 million euros by the French data regulator CNIL, for a breach of GDPR. If Google can be fined, then can any organisation truly believe it is safe?
Furthermore, GDPR is very much an on-going requirement. Amongst some FS firms there was a collective sigh of relief when 25 May 2018 passed by, as if the job was complete. Every single piece of data that comes into an organisation from now on must be GDPR compliant, so banks face a significant and on-going challenge.
Markets in Financial Instruments Directive (MiFID II)
The second iteration of the EU’s MiFID II is another major piece of legislation, intended to bring new levels of transparency to buyside and sellside trading activities across all the major asset classes in the capital markets industry.
MiFID II has applied since 3 January 2018 and appears to be delivering on its aims of strengthening investor protection and improving the functioning of financial markets by making them more efficient, resilient and transparent. In February 2019, Andrew Bailey, chief executive of the Financial Conduct Authority, said equity investors in the UK had saved more than £180m from changes to the way asset managers paid for research last year.
However, smaller and mid-sized brokers have stated that they have been squeezed by the arrival of MiFID II, and it certainly places an additional strain on smaller teams that lack the compliance resources of bigger firms.
The PSD2 (Revised Payment Service Directive) is primarily legislation that impacts retail banking, and it aims to create a single integrated market for payment services in Europe. It does this by standardising the regulation for banks and also for newer and more agile FS providers.
For consumers and business customers, PSD2 means they can use third-party providers to manage their finances. Because banks are now obligated to provide access to customers’ accounts through open APIs, those third-party providers can build financial services on top of banks’ data and infrastructure.
But for banks, PSD2 raises a number of challenges – rising IT costs due to opening of APIs and increased security requirements, as well as losing payment revenues and the long-term threat of additional competition.
Compliance is not a one-of project
This all reinforces the need for FS firms to approach compliance for these regulations on an on-going basis. We are entering a new era of regulation in which compliance is a perpetual operational activity that must be continually managed and run effectively.
This requires the right tools for the job, an automated digital solution, supported by external experts that know all there is to know about individual compliance requirements. Such a digital approach gives complete peace of mind that deadlines are met and to the specific needs of the regulator.
This continuous supervision is of the highest importance in 2019, as FS firms get to grips with the new regulatory landscape. If you are a mid-sized FS firm that needs help addressing the latest compliance requirements, then do look at our GRC modules that provide the agility to deal with changing rules and regulation.