Location Risk Monitoring

Watch Out for New Financial Services Regulations in 2018

Written by Vandana Mohanchandran

Regulatory policies for financial services providers were predicted to undergo a massive restructuring in 2018. However, regulators are likely to continue to expect an overall strengthening of core risk management governance, controls, practices, and reporting, particularly in the areas of data protection and third-party risk management, which can have a considerable impact on the financial services industry.

This blog focuses on the key regulations for financial services sector for the year. The new regulations will help financial services companies to allocate their resources and invest to manage risk. In 2018, continued technological and automation advances can be expected as well as geopolitical uncertainties.

Key Information Documents for Packaged Retail and Insurance-based Investment Products

Three new financial regulations are already in force for the year. The Regulation on Key Information Documents for Packaged Retail and Insurance-based Investment Products (PRIIPs) came into force on January 1, 2018. This regulation targets extending the standards of consumer protection introduced by MiFID II to insurance-based investment products.

To meet the demands of the PRIIPs, business leaders must have a good understanding of what PRIIPs regulation is and how to comply. One of its key requirements is the need to produce Key Information Documents (KID) on the investments offered by the business.

There are certain rules surrounding the format and content of these documents. Financial services businesses must ensure they comply with the risks associated with preparing their KIDs and making sure they are user-friendly.

Markets in Financial Services Directive

The MiFID II (Markets in Financial Services Directive) also came into effect in the first week of the year on January 3, 2018. It introduces a range of new demands for financial services firms. The regulation covers everything from where derivatives are traded to how companies should manage risk and offer transparency.

The Financial Conduct Authority (FCA) specified that it will be lenient towards companies that are not yet ready, although the enforcement date has passed. However, if the financial services company is still compliant, they must prioritize meeting the requirements set forth.

The rules expand the definition of financial promotions to include communications to professional clients as well as introducing a number of other new requirements. The MiFID II checklist will help businesses identify changes in the new rules to ensure that appropriate actions are taken.

Revised Payment Service Directive

The PSD2 (the Revised Payment Service Directive) came into effect on January 13. It permits customers, both consumers and businesses, to use third-party providers to manage their finances, while retaining existing bank accounts.

Under the new rules, banks will be obliged to give third-party providers access to their customers’ accounts. This regulation has the potential to transform competition, for example, a bank will compete with any firm that offers financial services.

Although the PSD2 implementing legislation came into force in mid-January, the Regulatory Technical Standards (RTS) that prescribe the safety and security requirements for the new regulation are not yet in place. Additionally, the rules are unlikely to be finalized until mid-2019, according to the FCA.

Business leaders must improve communication methods with customers to abide by customer outcomes set forth by the FCA.

Insurance Distribution Directive

Insurance Distribution Directive (IDD) is proposed and is expected to come into force on October 1. The IDD is related to the distribution of insurance and reinsurance, and also applies to firms that help with the administration and performance of sold insurance contracts. This regulation is designed to create a fair opportunity for those involved in insurance products sales, and introduces improved requirements.

The regulation was initially expected to come into force on February 23, but in December 2017, the European Commission announced a proposal to postpone the application date following requests from the European Parliament and Member States. However, Member States (including the UK) will be required to transfer the IDD into national law by February, but companies are not required to comply until October 1, 2018.

One of the IDD’s key requirements is the need to produce the new Insurance Product Information Document (IPID). The IPID is designed to give customers information in a standardized format in order to enable them to make an informed decision about products before they buy it. The manufacturer of the insurance product is responsible for producing the IPID, and there are some important rules around its format and what it should include.

Insurance companies can accelerate producing the IPID and complying with IDD by automating some of their processes.

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a new European Union (EU) regulation. It is proposed to come into effect on May 25, 2018. The regulation aims to strengthen and increase consistency in data protection for individuals within the EU. It also governs the exchange of personal data outside the EU. It will replace the 1995 EU data protection directive (officially Directive 95/46/EC) and the UK Data Protection Act 1998 (DPA).

The big change with the new regulation is that companies need to get prior consent from someone before they can start marketing to them. This is likely to have major implications for marketing compliance.

The regulation will affect any organization that:

  • Possesses or processes data pertaining to an identifiable person
  • Contacts those individuals via email, phone, SMS, or mail
  • Tracks customer engagement via e-shots, cookies, or landing pages for the purpose of profiling an individual

Although the GDPR requirements were initially fairly vague, more details have emerged over recent months. In March 2017, the Information Commissioner’s Office clarified the requirements of the new legislation.

Things to Be Done at Present

  1. Get a clear understanding of what is required from each new regulation. The Information Commissioner’s Office website has some useful resources, including a 12-step guide to data protection preparation.
  2. Review existing processes. Do current processes meet the new rules? Contact everyone in the database and start collating their responses. Ensure that this information is stored so there is evidence.
  3. Start at the earliest in order to get ahead of competition.
  4. Remember existing compliance requirements. If the business is regulated by the Financial Conduct Authority or other regulator, ensure that requirements are met. Getting prepared for the new regulations will help ensure that customers are being treated fairly.

As financial services become even greater users of data, they are becoming targets of an increasingly sophisticated army of cyber criminals. Regulators are adapting their approach to take account of cyber risk.

Supply WisdomSM provides updates on new regulatory compliance monitoring programs. Contact us for more information or to get started with a free trial.

Announcing Supply Wisdom® Exuma

The next evolution in Automated Risk Management is here. Now you can automate risk mitigation across the entire risk management lifecycle, from Risk Identification to Risk Decision to Risk Action.