Revolution in regulation
This year, several new pieces of legislation will come into force that will transform data management within the financial sector. Leading figures in the legal, insurance, asset management and banking sectors decipher what impact these changes will have and explain how to turn regulatory challenge into business opportunity.
The European Union Markets in Financial Instruments Directive II (MiFID II) has been a key regulatory topic for the Luxembourg asset management industry. Coming into force in January, the directive has created a single rulebook covering financial market activities and services. It aims to enhance investor protection and establish a safer, more open and responsible financial system.
“Fidelity Luxembourg was an integral part of Fidelity ‘s global MiFID II implementation programme and covered the new conduct of business requirements for all markets in Continental Europe served from our Luxembourg office,” explains Corinne Lamesch, Head of Europe Legal and FIL Luxembourg at international investment manager Fidelity International.
COMPLYING WITH MIFID I
Fidelity worked closely with ALFI, the Association of the Luxembourg Fund Industry, to assess the impact of MiFID II on investment funds. The working group comprised of asset managers, management companies, securities service firms, audit firms, law firms and document and information management firms.
As a key regulatory topic for Luxembourg's investment fund industry, there was a close and successful collaboration between all the stakeholders to prepare and implement MiFID II.
“As a key regulatory topic for Luxembourg’s investment fund industry, there was a close and successful collaboration between all the stake holders to prepare and implement MiFID II. In particular, the work of the various industry groups led to the use of common templates, to exchange the new data required by MiFID II. This is a key achievement because fund manufacturers and fund sellers/buyers can thereby exchange a large amount of new data in an efficient, harmonised and automated manner.”
MiFID II aims to make the distribution of and trading in financial products transparent and cost-effective.
“MiFID II is aiding us with our mission to create innovative financial solutions with the best possible outcome for our clients. The easier it is to understand a product, the easier it is to use a product. However, the regulation around inducement has raised new questions, and it is more important than ever to work closely with our clients to ensure we meet changing client needs, including tailoring new investment solutions and services. New requirements have helped in our path to developing a new variable management fee, which will better align our in terests with our clients. The model includes both a reduction of the annual management fee and a variable management fee that is symmetrically linked to fund performance.”
Ensuring our financial products are transparent and cost-effective to our clients is essential to us.
There has been criticism within the asset management industry that the required disclosure of transaction costs associated with managing investments has created substantial confusion about how to understand data.
Ensuring our financial products are transparent and cost-effective to our clients is essential to us. We are MiFID II compliant and transparent in our data. However, it is important to note that at present there is currently no industry standard to how transaction costs are calculated, so it’s hard to compare and contrast between different asset managers. The varying transaction cost methodologies being applied across the industry is making it difficult for investors to make like-for-like comparisons. This is expected to continue until the industry has harmonised cost methodology. We encourage investors to consider both net performance and costs when evaluating a fund,” adds Lamesch.
Private banks have also been adjusting their business models in light of the new rules. Every bank planning on providing financial advice in any form must now articulate precisely what the value proposition looks like and how much it will cost. “Is this a game changer for the private banking sector? Definitely! And not only for Luxembourg, for the whole banking industry in Europe. For the consumer, these changes are positive as transparency in the banking world becomes the new standard. And it drives the market into focusing on the clients’ needs,” says Sandrine De Vuyst, Head of Private Banking, ING Luxembourg.
For the consumer, these changes are positive as transparency in the banking world becomes the new standard. And it drives the market into focusing on the clients' needs.
In addition to the resources and knowledge available at the group level, De Vuyst could leverage support from the Luxembourg ecosystem to help clarify the directive. “The financial regulator, the CSSF, listens to the sector and tries to understand the actual situation banks are facing. They were very supportive throughout the implementation process and assisted the banking sector during the transition period from the MiFID I regime to the new MiFID II. Several circulars were issued to implement the assessment of knowledge and competence of the employees giving investment advice and providing information on financial instruments.”
In the longer term De Vuyst believes that with transparency on costs and margins the whole sector will continue to face pressure for the margins to go down. “Private banks have to adapt their offering in terms of investment services (i.e. focusing on investment mandates) and pricing. And they hav to assume the impact on costs that had the implementation of MiFID II. The competitive advantage for Luxembourg is to be able to offer an unmatched variety of banking services and financial products with easy access to clients. In some home countries of our clients, we see that the product offering is getting narrower and standardised, which may be an unwanted effect of this directive.”
“MiFID II is aiding us with our mission to create innovative financial solutions with the best possible outcome for our clients.”
Implementation of MiFID II has had a significant impact on the costs for the industry yet the industry has much to gain from the clarity the directive will bring. “Clients will benefit from a fully transparent world with clear pricing and relevant products. We are convinced that product offerings with simplified pricing structures will become more important in the future. We are better suited to guide our clients towards the right product, particularly in the advisory business. With a regulated framework, clients benefit from more protection, and the relationship managers seek to bring more added value to the relationship through more frequent client contact and formalisation of advice.”
PSD2 AND THE API CHALLENGE FOR OPEN BANKING
The EU Payment Services Directive (PSD2), creates a new era of openness; requiring banks to allow Third Party Providers direct access to customer payment account information – provided customers give consent. The change is set to revolutionise the payments industry, affecting everything from the way we pay online, to what information we see when making a payment.
PSD2 has been developed to protect customers in this growing digital economy.
“PSD2 has been developed to protect customers in this growing digital economy,” says Thierry Schuman, Member of the Management Board, BGL BNP Paribas Luxembourg. “It is an opportunity for innovation and Open Banking as it regulates the way we share sensitive information and it provides FinTechs and Banks with a new playground to shift our service model. It also comes with new distribution models and a new competitive landscape which is often a good way to offer new services and more choices to customers.”
WILL THIS BE THE DEATH OF TRADITIONAL BANKS?
The BNPP Group, one of the largest financial actors in Luxembourg with more than 3,600 employees, anticipated PSD2 well in advance so that all changes coming into effect in January 2018 were delivered and operational in due time. BGL BNP Paribas is a founding member of LuxHub, an industry-led initiative gathering third-party PSD2 providers and banks at the centre of the financial ecosystem.
The banking sector has a crucial role to play in helping the client to understand and control the use of his banking data.
“The banking sector has a crucial role to play in helping the client to understand and control the use of his banking data. We have already fulfilled this role of customer protection, by ensuring that access to data is regulated and processed through dedicated interfaces, the famous APIs. This is instrumental to ensure the safety of our customers. As a consequence, the technics related to screen or web scrapping (access using customer’s bank Ids for aggregators or payment initiators) which presented real concerns about data protection and security will be gradually abandoned,” he adds
ARE FINTECH’S GOING TO TAKE OVER?
We see banks opening up their platforms to third parties, looking to collaborate with developers and improving their offerings to match changing consumer expectations. The increased innovation will make financial services more transparent,” says Duke Prins, CEO of Payconiq International, a European cross-border mobile payment solution headquartered in Luxembourg. Last year, Payconiq, acquired Luxembourg payments company Digicash and now has a growing number of powerful banks as shareholders.
Luxembourg's central location is perfect for managing a growing European business, and the government supports an entrepreneurial and international business environment.
“Luxembourg’s central location is perfect for managing a growing European business, and the government supports an entrepreneurial and international business environment. The openness to innovation in Luxembourg and the proximity of the banks, who are our main business partners, makes it an ideal testing ground for us to quickly learn what works and what doesn’t.”
WILL CONSUMERS GET A BETTER DEAL?
The Payconiq mobile app enables banking customers to make payments via smartphone, and between accounts held at different banks. “Our main challenge is changing the habits of the consumers so that their instinct becomes paying with their phone. This is also our biggest opportunity, as we can show customers and businesses the benefits of mobile payments.”
Our main challenge is changing the habits of the consumers so that their instinct becomes paying with their phone.
Giving customers a better deal through innovation is central to the BGL PNP Paribas PSD2 strategy. The bank works closely with FinTechs and a business innovation team sources and qualifies the best partners to test and industrialise new service models for customers.
Our business innovation team identify, co-work and test tailor-made solutions in real conditions with real customers or prospects, to maximise the chance to industrialise the service if the Proof Of Concept is successful. In only a few months we were able to launch a Minimum Viable Product with 300 volunteer employees and customers of the Bank and the experience led us to decide to deploy the new service at a larger scale,”adds Schuman.
GETTING READY FOR GDPR
The General Data Protection Regulation (GDPR) will affect every business and public body that processes the personal data of EU residents. It will cause a significant disruption to how companies store, manage and process personal data. The regulation will be enforced on 25th May and organisations will have to comply or face hefty fines.
The key change is that, under GDPR, consent will require clear affirmative action. Silence, pre-ticked boxes and inactivity will no longer suffice for there to be a valid consent,” explains Véronique Hoffeld, Partner, Loyens & Loeff Luxembourg.
The key change is that, under GDPR, consent will require clear affirmative action.
Consents that were obtained pre-GDPR will continue to be valid under GDPR (without any confirmation or other action from data subjects required) provided that they meet the GDPR requirements for consent. “The reinforcement of all these obligations requires that all operators check their current procedure, policies and data flows and put in place additional measures to ensure their processing activities are lawful. This is also the case for storage – personal data cannot be kept indefinitely. Data processors and operators must put mechanisms in place to ensure that their servers and archives are regularly ‘cleaned’,” she adds.
Data is the lifeblood of the insurance industry, and GDPR will cause a significant shake-up in how insurers store, manage and process personal data. Globally, 2018 is a particularly challenging year for the sector who must navigate a regulatory maze.
“At the beginning of the year, we had to implement the regulation Packaged Retail Investment and insurance-based products (PRIIPs) which took a lot of our energy and we are still fine-tuning the many PRIIPs requirements. The Insurance Distribution Directive (IDD) is also on the way, and the General Data Protection Regulation (GDPR) requires a lot of resources and work as well,” explains Romain Braas, CEO, Bâloise Assurances Luxembourg, a provider of insurance and pension solutions headquartered in Switzerland.
GDPR brings higher standards to the existing data protection standards and creates new requirements. The data protection scope is extended and, a new organisation of responsibilities defined.
The reinforcement of GDPR requires that all companies check their current procedure, policies and data flows as well as putting place additional measures to ensure their processing activities are lawful. “GDPR brings higher standards to the existing data protection standards and creates new requirements. The data protection scope is extended and, a new organisation of responsibilities defined. In fact, it is not just a new regulation, but also a cultural change which will concern every employee and every stakeholder acting in the insurance chain. Changes must be made in people’s skills, insurers processes, and IT organisation. GDPR is, therefore, a major evolution and non-compliance is simply not an option,” says Braas.
New rules on data portability will particularly impact the insurance industry. Individuals will be able to obtain data that a controller holds on them and reuse it for their own purposes. “Data portability is a new right given to the policyholder and allows the latter one to ask for the transfer of his/her data to another insurer or service provider, meaning that customers now have ownership and control over their data. Data portability will make it easier for the customer to change his/her insurer. Between insurers, a commonly agreed data transfer template should be developed to make the portability more efficient.”
GDPR is not just a new regulation, but also a cultural change which will concern every employee and every stakeholder acting in the insurance chain.
For the end customer, it will mean more transparency, more rights and better control on the use of his/her data. For insurers, the prospect of increased business.
“GDPR will allow us to create (or improve) a trust relationship with the customer if he/she is convinced that his/her personal data is safely and correctly treated. It gives us a legal framework to improve the quality of our data and to offer our customers products which fit their specific needs. We focus on innovative insurance solutions and new niche products. A good GDPR compliance will be necessary to create new partnerships, and we are ready,” Braas concludes with a smile.