Information technology is increasingly pervading every aspect of our lives. While data and trust have become the currencies of today’s digital economy, some threat has emerged from the shadows from the digital which is increasingly challenging its
own foundations. The General Data Protection Regulation (GDPR) can be a mitigation of this threat though it is also important to identify opportunities to leverage the changes in the regulatory environment within banking.
The new GDPR seeks to address the challenges of the digital age and to combat the dangers that come with an era of mass information sharing, by giving people more control over their personal data whilst making sure that personal information is protected
no matter where it is sent, processed or stored. Universally acknowledged as the most lobbied-against European legislation ever, the GDPR in its final agreed text allows supervisory authorities to impose monetary penalties for breaches which can be up to an
eye-watering 4 percent of total worldwide turnover for the previous year. The final text has been formally approved by the EU institutions in April 2016, with the aim of harmonising data protection law across the 28 member states. The deadline for implementation
will be two years from the date of publication. However, firms must not let this long implementation deadline lull them into a false state of complacency. Organisations must take urgent action in the areas of know your customer (KYC), client on-boarding and
client reference data.
The impact of the regulatory reforms
The on-boarding of clients along with KYC activities that typically precedes it has come into intense focus since the onset of regulatory reforms designed to control financial institutions following the 2008 global financial crisis. The harsh truth is that
eight years later, most firms have only made a half-hearted attempt to solve the problem. Client on-boarding is still largely manual, disjointed, time consuming, incomplete and quite simply frustrating.
In the wake of the financial crisis, many financial services institutions seem to be lurching from one regulatory implementation deadline to another. As most of the regulations are geared towards creating greater transparency, better accountability through
reporting, and better assessment of clients, the client on-boarding function has found itself unwittingly thrust into the spotlight. The time is long past where the client on-boarding function was seen as a quick administrative task to get clients over the
line and begin the more exciting task of doing business with them. Regulations such as the Dodd-Frank Act, European Markets Infrastructure Regulation (EMIR), Foreign Account Tax Compliance Act (FATCA) and Markets in Financial Instruments Directive II (MiFID
II) mean that financial institutions now have to answer many more questions about their clients from the onset.
Furthermore, many financial institutions are still uncertain about the scope of their client base. Their client data is dotted around various legacy platforms, including manual databases such as spreadsheets, and standalone end-user desktop applications
(EUDAs). In summary, the client on-boarding process is long, painful and cumbersome and a single customer view is still a myth.
The client’s perspective
Looking at the client on-boarding process through the lens of the client, it is immediately apparent that they are equally frustrated by a lack of transparency from the financial institution on the status of their on-boarding journey. Simply put, clients
are very discontented with the lack of recognition when they make contact with a different part of the bank and are asked to re-supply the same information they have previously already provided.
To make the client feel recognised, the elements of the client on-boarding process need to be tightly connected and integrated with all the other processes in the complete client lifecycle management.
Requirements and benefits of the GDPR
The GDPR will enforce non-negotiable rules on the way banks collect and handle customer data. What is more, firms will have to implement these rules in an environment fraught with several pain points and other regulatory burdens.
Nevertheless, the GDPR provides clarity and consistency of the rules to be applied and restores customer trust, thereby helping firms to fully seize the opportunities of the Digital Single Market. Considering the tough challenges imposed by the GDPR, firms
are well advised not to step back and relax, but to embrace and take advantage of the changes and start the necessary transformation without hesitation.
The GDPR will force firms to think more holistically about the data they use to run their businesses; no easy feat for many financial institutions.