Banking and financial services are one of the most highly regulated industries and are continuously subjected to new and changing regulations.
Amid varied approaches and timetables to the implementation of agreed regulatory reforms, attention is now more acutely focused on culture and governance, the challenges of new technology, and emerging economic, market and operational risks. Firms need to be prepared to respond to this shifting focus and the new demands that it will place on them.
Amidst the myriad of regulations that banks and financial organizations have to contend with this year, two regulations that are at the forefront of concern for many in 2019 are GDPR and SFTR.
GDPR & SFTR
The goal of the new GDPR framework was to make Europe ‘fit for the digital age’. Initially, GDPR was designed to give greater control to EU citizens over their own personal data. However, GDPR went on to provide a framework to simplify the regulatory environment for businesses. The terms of GDPR ensure that not only will organizations be legally responsible for storing and protecting data, but also the individuals at those organizations who manage and collect the data. Like most cases of non-compliance, the penalties under the GDPR framework are severe.
The goal of SFTR on the other hand is to promote greater transparency in securities financing markets and mitigate the inherent risks of shadow banking. SFTR will require that all EU financial institutions report all of their securities finance transactions (SFT) to an approved trade repository. What does this mean? To put it simply, SFTs are any transaction where securities are used to borrow case, or vice versa. In each applicable transaction, the ownership of securities changes, until the end where the ownership reverts - acting as a collateralized loan. The SFTR framework will cover three key requirements:
- Transaction Reporting
- Disclosure Obligations
- Collateral Reuse Obligations
SFTR, which comes into full force in the second quarter of 2019, will enhance reporting requirements, directly impacting trading and collateral management.
Because financial institutions handle a great deal of highly-sensitive personal data, they are well-aware of the responsibility that is placed upon them from society and typically have a number of mechanisms and practices in place that help them maintain compliance.
Regardless of what definitive changes lawmakers and regulators might make in 2019, banking organizations should continue to drive effectiveness and efficiencies across their risk and compliance programs by maintaining sound risk frameworks and continuing to embrace tools to calibrate risk so they can meet applicable laws, regulations, and supervisory expectations.
Below we’ve outlined 5 ways banks and other financial institutions can prepare for regulatory change in 2019:
1. Move from a reactive to a proactive approach of gathering regulatory change data
Executing on day-to-day compliance activities is often a struggle for financial institutions because reactive issues eat up time that might otherwise be used toward forward-looking risk mitigation. The evolution of business adds new pressures for chief compliance officers (CCOs) and their teams. At the same time, new capabilities emerge that can help these teams do more.
There are now tools on the market that help compliance teams become increasingly proactive by monitoring global authoritative sources for financially-relevant content (e.g. regulatory changes, updates, notices, guidance, and similar). Once sourced, this information can be brought into the platform and decomposed into individually mappable obligations through the use of artificial intelligence technology, specifically natural language processing, that can deduce topics in the content and tag it with searchable meta-data (e.g. country, issuing body, issue date, #pages, etc.).
This automatically updated repository of current regulatory content removes the burden of manually monitoring and ingesting this information from a multitude of sources, reducing the risk that something is missed.
2.Understand regulations in context of your specific organization
Knowing how regulations relate to and impact your specific business processes and products is absolutely critical because it will ensure you not only understand the full scope of its impact on your organization, but also help you prioritize and prepare for any potential changes that need to be made. New regulations are being implemented at an alarming rate, so being able to decipher expectations prior to enactment will help you prepare for the changes and ensure that nothing is missed.
When a regulatory change does arrive, teams are beginning to use tools that help identify which downstream objects or processes may be impacted. These tools are able to find and display any assets in the system (processes, risks, controls, policies, etc.) that are semantically similar to the change being considered. This helps ensure the full scope of impact is surfaced and is then used to prioritize efforts and decision making.
3. Create a centralized repository of compliance information
Technology is an important asset in compliance management and solutions that give financial organizations the ability to store and manage regulatory information in a centralized repository are being increasingly implemented. These unified repositories can hold both regulatory and business artifacts (source regulations, decomposed into individual obligations, interpretations, processes, policies, procedures and controls and related system requirements) that are versioned, secure and scalable.
These repositories also give financial institutions the ability to collect, organize and manage all required evidence and associate it back to regulatory interpretations to demonstrate compliance for internal and external auditors.
4. Standardize documentation and reporting
All data that is gathered and stored must be reported in a way that is compliant with the rules and regulations for the financial industry. The goal of SFTR is to standardize reporting practices so there is less discrepancy when accounting for monetary transactions. For most organizations this is quite the challenge because it requires making changes to corporate naming conventions and accounting practices.
Today, there are tools on the market that are able to automatically generate documentation that is part of a compliant process. Any type of document, such as User Requirement Specifications, Functional Specifications, Test Reports, Risk Assessment Documents, can be generated automatically with current data in standard corporate formats.
By doing this, your organization can ensure they are always compliant with the regulations that control their practices.
5. Keep growing / Keep evolving
The most successful financial organizations will be the ones who have a strong framework in place that seamlessly connects risks at a strategic, operational, and IT level.
A compliance modernization program that combines new technologies and new approaches, keeping both of them in alignment with enterprise goals, can generate a measurable value proposition for the compliance function—and turn the CCO into a strategic partner.
With new capabilities, the compliance function can claim a renewed business case. It can deliver a positive return on investment (ROI), rather than merely justify itself as an expense of doing business. But to make this happen, organizations’ compliance strategy should be integrated and aligned with the overall business planning process. That’s the only way to make sure that the value compliance generates is consistent with the organization’s goals.
To learn more about the most effective technologies to help banks and financial organizations achieve and maintain compliance, watch our upcoming on-demand webinar.
In this on-demand webinar, Blueprint CTO, Tony Higgins, is joined by David Paris, Head of UK and Ireland Financial Services Consulting at Cognizant, to talk about how ‘digital-first’ services have transformed the financial services industry and which emerging technologies help banks overcome compliance challenges, including GDPR and SFTR.