How to successfully integrate GDPR, PSD2 and MIFID II:

1)    Convert threats into opportunities

2)    Use a risk-based approach to identify key gaps

3)    Master customer data on a relationship basis

4)    Govern the ‘What?’, ‘Where?’ and ‘Who?’ of your data

5)    Reduce silos by taking a holistic approach

6)    Integrate regulatory and innovation initiatives

7)    Automate on-boarding and off-boarding of partners

8)    Monitor and oversee a detailed audit trail

The new regulations GDPR, PSD2 and MIFID II are making changes in the FinTech sector.

MIFID II is aimed at improving efficiency and integrity in capital markets. PSD2 requires banks to open customer account and transaction data to third parties via open APIs, and the GDPR imposes rigorous requirements for them to protect customer data with stringent penalties for those who fail to do so. An integrated approach is the most vital to incorporate the GDPR considerations upfront into the PSD2 and MIFID II programs and digital initiatives.

Data, which is fundamental to all Fintech businesses as well as the financial sector as a whole - does not adhere to any borders or other geographic restrictions, once unleashed it travels globally and at the speed of light. This is of course one of the drivers behind blockchain technology – such as bitcoin – and the reason why governments are keen on getting up to speed on crypto-currencies.


London's position in the world of FinTech


London (and the UK as a whole) is at the forefront of digital innovation and, despite current risks and increasing challenges, the Fintech/ RegTech sector is thriving – and at a massive scale. Going forward, this will require a careful balance between regulatory freedom, creative stimulus and an ecosystem that facilitates the right conditions for continued growth.

"Banking ultimately comes down to dealing with people."

Ultimately, banking – and that includes RegTech, despite all talk of AI and robotics – comes down to successfully dealing with people. People with differing aspirations, expectations and ways of working. It is the financial sector’s passion for innovation, its thirst for purpose, and London’s resilience and diversity that uniquely positions the UK as a European and global Fintech hub.

It remains to be seen if this is a revolutionary or an evolutionary game changer, but either way, RegTech will remain central to the brave new world that awaits - where the customer, app users or, more generally, people will take centre stage.


The future for Regulation Tech


However, risk managers will influence the rate of adoption rather than the pace of technology change in Fintech and RegTech. They will need to understand technology, both the opportunities and the risks, in order to stay ahead of the curve - risk is a multidisciplinary role and risk managers need to widen their skillsets to remain current and competent.

To those sceptics who are demanding that regulators need to provide clear guidance to Fintech start-ups and evolve with them rather than entrench them, RegTech solutions provide a reality that ensures order in an open and democratised world of finance.


Article also credited to the IRM-Special Interest Group in ERM in Banking & Financial Services:

Shiva Keihaninejad (Deputy Chair), Markus Krebsz, Ipsita Pradhan, James Arscott (Chief Content Officer – “”), Darius Mayhew and Raza Sadiq (Chair)