This year promises to be a challenging one for global financial institutions and other businesses struggling to comply with an enormous amount of regulations. Corporates and their treasury departments are confronted with the burdens imposed by the Markets in Financial Instruments Directive and Markets in Financial Instruments Regulation (MiFID II and MiFIR), the second Payment Services Directive (PSD2), the Common Reporting Standard (CRS), not to mention the US Foreign Account Tax Compliance Act (FATCA) and the Financial Crimes Enforcement Network (FinCEN) Final Rule, among other regulations.
MiFID II: a game changer for market structures
MiFID II is probably the most sweeping financial industry legislation ever enacted, and could be a complete game changer for market structures as noted by Bloomberg and others. This European Union (EU) legislation regulates firms that provide services to clients linked to financial instruments (shares, bonds, units in collective investment schemes and derivatives) and the venues where those instruments are traded. The legislation could affect many functions including trading, transaction reporting, client services, as well as the systems that support those functions. The changes are currently scheduled to take effect from 3 January 2018.
Among other requirements, those impacting transparency and know-your-customer (KYC) are critical. Disclosures on the nature of operations, products, and services are more prescriptive than ever before. KYC now goes beyond identifying and verifying your customer and understanding their business needs to assessing their ability to bear losses and risk tolerance. More documentation will be required to demonstrate you have done your due diligence, assessing your customer or partner, and how you will conduct that business.
Corporates must face the facts: manual legacy systems that are paper-driven are not an effective way to meet the requirements, outdated IT systems will not be able to handle the onboarding and reporting requirements, and data will need to drill down deeper.
PSD2: wider access poses risks which are costly to manage
The EU’s new directive on payment services, PSD2, will become effective in 2018. The goal of the legislation is to create an efficient and integrated market for payment services throughout the region. The directive creates a single payment area that lets citizens and businesses make cross-border payments as easily and safely as they would in their own countries. It aims to make payments faster with a wide choice of payment services and provides consumer protection.
PSD2 is part of a legislative package that, together with other regulations, limits the fees for transactions based on consumer debit and credit cards, and bans retailers form imposing surcharges on customers for the use of these cards. Application Program Interfaces (APIs) are utilised for the access and payment process. APIs will also be needed to meet the requirement of banks facilitating access to third parties of their customer accounts. Significantly, this wider access poses anti- money laundering (AML), privacy, fraud, security and other risks, which will be costly to manage.
PSD2 also has stricter security requirements for account access and the initiation and processing of payments. The new level of security will require funding for assessment and upgrades as needed to IT infrastructures, or partnering with fintech and other companies.
In a nutshell, what are the key issues plaguing compliance professionals brought on by this regulatory environment? They include, but are not limited to, avoiding regulatory investigations or penalties, supporting business growth without compromising compliance, managing disparate sources of information and data accuracy, and overcoming a lack of resources owing to high processing time.
Strategies used by businesses and their treasury departments to meet the burdens
What strategies are being used by companies and their treasury departments to respond to these regulatory challenges? Below are three strategies that organisations recognise as best practices among these groups:
Understand the regulatory trends
First, they are focusing on understanding the current regulatory requirements and foreseeing any changes. For example, globally, compliance officers are analysing the impact of Brexit and US president Donald Trump’s regulatory vision. Each of these factors may signal a call to assess the impact of a regulation on the ability of financial institutions to lend money that promotes business.
Another consideration is the ease of businesses to compete globally. Significantly, no one wants to weaken our capability to disrupt the financial network funding terrorism, trafficking, and organised crime. Governments globally have expended considerable effort and resources building anti- money laundering safeguards. We can anticipate that these efforts will survive any attempt to roll back regulatory regimes in the interest of easing the burden on conducting business.
In addition, compliance officers need to take into account any regulatory discrepancies such as global privacy laws versus compliance requirements, as well as jurisdictional variations in the regulations. Compliance officers and treasury departments weigh the options: is it more cost effective to implement a compliance process across the enterprise that meets the strictest regulations, or tailor the process to each variation across jurisdictions?
In addition, how do you manage staying current with regulatory changes? Is it enough to train staff by relying on webinars, conferences, and media for updates and trends? Or do you need dedicated in-house staff, or even outside consultants, to assist in this effort?
Harness data and technology
Second, compliance professionals are seizing the opportunity to harness data and technology to build a robust compliance programme and culture. This enables the organisation to take more acceptable risks while protecting against financial, legal, and reputational problems.
Reliable, current data is key to successfully fulfilling the regulatory requirements. When risk and compliance officers need to maintain compliance with diverse regulations, they need a globally consistent policy. To accomplish that, there needs to be synergy across data sets, with the right degree of accuracy, governance, lineage, and latency to execute policy. This includes entity resolution and data to build a golden source fit for multiple regulations, with global coverage and firmagraphic content to meet KYC/AML and other challenges.
It also means multi-language workflow tools to support consistency in programmes and processes utilised to meet those requirements. Risk and compliance officers understand that profitable growth and brand strength depend on robust entity insight to build reputable customer relationships. Compliance professionals need to find new ways to reduce the regulatory burden, while still protecting brand reputation as the company pursues growth and new customer relationships. Comprehensive data enables them to create a full picture of an entity quickly, and reuse that information across the business.
Increasingly corporates and businesses are leveraging the regtech industry to replace manual processes. Compliance solutions use agile technology to meet the evolving global regulatory requirements. They are integrating accurate and current data into the business’s proprietary systems to support efficiency goals. They reduce the regulatory burden with a compliance workflow and required data assets through a single platform. Significantly, regtech enables businesses to leverage analytics to make sense of data.
Maximise efficiency and realise cost savings with outsourcing
Third, to maximise efficiency and realise cost savings, there is an increased focus on outsourcing the non-core but essential compliance activity in order to obtain necessary compliance expertise or reduce costs. For example, corporations are expected to utilise risk intelligence and screening to verify the identity of companies and individuals, validate shareholders, and establish beneficial ownership.
Leveraging the expertise of a trusted third-party provider accelerates this due diligence process by providing the ability to uncover complex business structures, and efficiently verifying the entity and beneficial owners. This data can be combined with screening and analysis. With trusted data and analytics that give an audited view of customer due diligence processes, businesses have the power to make faster knowledge-based compliance decisions, injecting sanity into the global compliance frenzy.
Utilising the strategies outlined, companies and their treasury departments are addressing regulatory challenges and seeing opportunities as they understand their business relationships and meet compliance regulations. They are embracing new IT structures along with trusted data and analytics, and leveraging the expertise of partners to meet those challenges. These strategies speed up processes, drive efficiencies, provide cost savings, and make the entire compliance process less burdensome.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Despite all the automation and improvements that digital banking has the potential to achieve, customers and their needs still form the very core of the banking sector.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.