The banking sector is currently passing through a period of transition due to new regulations. Today, new technologies are playing a key role in helping the industry to address the main problems that face it in achieving compliance with this mass of legislation. A sign of the times: these technologies have been nicknamed “Regtech”
The roots of this phenomenon go back several decades, but it was the financial crisis of 2008 that accelerated the creation of a new legislative and regulatory framework. Stimulated in part by excessive risk-taking in the international banking sector, the crash brought the economy to its knees world-wide.
It was followed by the introduction of a series of regulations intended to prevent a repeat of these events and to safeguard private individuals from risky financial products. The regulatory framework now demands information systems for supervisory purposes. And the audit trail has now extended to include data sovereignty, something which also affects banking institutions, inter alia.
A complex legislative framework for the banking sector
Today’s banking regulatory framework is extremely complex, imposing costly requirements. Laws such as Sarbanes-Oxley, the recommendations laid out in BCBS 239 (principles of risk data aggregation and risk notification) and the Basel III reform oblige entities to retain their transaction reporting for supervisory purposes.
The future General Data Protection Regulation (GDPR) on the protection of the privacy of individuals in the European Union will have also a significant impact. The revised MiFID II directive on Markets in Financial Instruments should also impact and transform a large number of banking activities and information systems, from trading to transaction reporting, and including HR and IT systems. Banks also have increasing requirements as to their Know Your Customer (KYC) and anti-money laundering (AMC) procedures.
Bringing more agility to regulatory compliance
Current events remind us more and more frequently that failure to comply with these regulations and requirements damages the reputation of the institutions concerned. It exposes them to substantial fines or criminal proceedings.
Banks and other financial services therefore have no choice but to ensure that their management and data integration procedures are able to adapt to a mass of constantly evolving regulations. It is not simply a matter of launching individual projects to address each new regulation, but of establishing a broader framework for a more agile approach to compliance with these new rules.
A survey conducted by PwC in 2016 among some 45 European banking institutions revealed that two-thirds of the banks had no general framework for data governance. Henceforth this will be one of the key priorities for leaders in the sector.
The key role of data governance
Meeting the needs of compliance in so complex a regulatory landscape means ensuring high-quality data management. Data mapping and the audit of data flows (data lineage) – or the ability to determine the provenance of data and to demonstrate the results of these analyses to external supervisory bodies – is a crucial process.
This is because to maintain compliance, entities must understand the lifecycle of their data. They must know, and be able to show, as required, the processes and transformations through which these data have passed over time. In other sectors, this challenge has had implications for the value chain – for example, in the pharmaceuticals industry and, nowadays, in the mass food market. What was applied to physical products is now also applied in the dematerialised world of data.
Traceability, a key requirement
Traceability has thus become a key demand of the new regulations. For instance, an entity must be quite sure that a customer has given consent for an offer or service. In the case of the GDPR, banks must establish a Personally Identifiable Information platform, PII (even if the European definition of personal information is wider) where it can retrieve all the relevant data from a single location.
They also need to reconcile and harmonise the disparate PII data in order to have a single view of the customer or employee. To do so, banks can call upon technologies for data quality, master data management (MDM) and the management of metadata, in order to map these data.
Data mapping is often seen as the first step towards sound data governance. In reality, data governance goes further, consisting of a comprehensive set of processes guaranteeing that the important data are formally managed across the whole entity.
Deploying the right data governance systems and solutions
To arrive at environments managed in a high-performing, secure and compliant manner, it is crucial for banks to deploy the right data governance systems and solutions. This is necessary in order to achieve compliance with all the regulations such as the GDPR. In such cases, the introduction of adapted strategies will be essential for managing parameters such as the consent period (opt-in), establishing the rights of the person concerned (the right to be forgotten, the right to amend or access data, data portability) or for archiving historical data.
Likewise, just as GPS has transformed the transport industry by providing a real-time overview of traffic conditions, modern data platforms have the potential to bring the necessary transparency to the whole financial information supply chain. An essential ingredient in any regulatory compliance initiative. These tools can facilitate and accelerate access to information, but also ensure its protection. Furthermore, they stop employees from creating their local own versions of databases and other Excel files, which may be difficult to manage and supervise and which may even constitute infringements of the regulation in themselves.
Profiting from compliance efforts
Little by little, and as self-service access and data preparation tools become more widespread to increase productivity and competitiveness, it will become more and more important for a banking sector seeking to become compliant to ensure sound data governance and management. This will also contribute to strengthening competitive advantage, while allowing decision-makers to prepare data rapidly so as to take full advantage of the digital potential.
It is also important to remember that efforts to improve the management, mapping and governance of data will bring benefits in the short as well as the long term. The next legislation to be introduced will pose fewer problems to these entities if they have already established sound practices.
Finally, regulations forcing entities to adopt best practices in terms of the management of customer identities (GDPR, KYC, etc.) will lead them in the right direction for establishing close relationships with their customers – relationship based on trust and personal interactions.