RegTech Insight Knowledge Hub
In a nutshell: GDPR gives control of personal information back to its individual owners: requiring businesses to capture, control and protect data under strict new guidelines that impose hefty fines for non-compliance.
Read on in our Knowledge Hub ‘Everything you need to know’ section to understand the full details of what GDPR is all about, who it impacts, the key requirements, the technical and data challenges it presents, and the outlook.
You can also take a look at all the latest content we have related to GDPR. And you can see a listing of key vendors delivering solutions to this regulatory challenge.
By Edel Brophy, Global Regulatory Manager, Fenergo. Keeping up with compliance regulations across multiple jurisdictions can be tricky for financial institutions. Hugely ambitious, the ratification of the state law the California Consumer Privacy Act (CCPA) is one of the toughest challenges they’ve faced. With just one month to go, it’s therefore concerning that one third…
A-Team Group’s RegTech Summit made a triumphant return to a full house in New York last Thursday, with an excellent turnout of over 230 practitioners, regulators, start-ups and solution providers all keen to explore how the financial services industry can best leverage technology to drive innovation, cut costs and support regulatory change. Colin Ware, Global…
As the volume of regulation continues to increase, with regulators not always managing to achieve consistency across frameworks and jurisdictions, how can financial institutions keep up with the ever-changing requirements – and match compliance needs that can sometimes feel conflicting? In one of the most popular panels of the day at the recent RegTech Summit…
Financial institutions around the world are bracing themselves for the onset of the EU’s General Data Protection Regulation (GDPR), which introduces eye-watering financial penalties for firms failing to meet stringent new rules on managing the personal data of EU residents. GDPR – which comes into effect in May 2018 – will have a major impact…
The EU’s MiFID II and other regulations globally have placed greater emphasis than ever on market surveillance, recording of trading communications and records-retention processes in an attempt to stamp out market abuse and boost investor confidence and protections. At the same time, the public’s attitude toward data privacy has hardened, most visibly through new regulations…
Recorded Webinar: Privacy vs. Surveillance: Managing conflicting regulations in Germany and other privacy-sensitive jurisdictions
The EU’s MiFID II and other regulations globally have placed greater emphasis than ever on market surveillance, recording of trading communications and records-retention processes in an attempt to stamp out market abuse and boost investor confidence and protections. At the same time, the public’s attitude toward data privacy has hardened, most visibly through new regulations…
You can listen to the recording of this webinar by registering on this page. Are your client lifecycle management processes – including client onboarding, Know Your Customer (KYC), Anti-Money Laundering (AML) and most recently General Data Protection Regulation (GDPR) – up to the right standard for today’s pressing regulatory challenges? Early iterations of KYC and…
You can listen to the recording of this webinar by registering on this page. Data monetisation has become key to revenue growth at financial institutions, but how can they get it right and achieve competitive advantage, and how will General Data Protection Regulation (GDPR) impact their progress? This webinar will discuss why and how financial…
The May 25, 2018 compliance deadline of General Data Protection Regulation (GDPR) is approaching fast, requiring financial institutions to understand what personal data they hold, why they process it, and whether it is shared with other organisations. In line with individuals’ rights under the regulation, they must also provide access to individuals’ personal data and…
In a testament to the enduring popularity of the A-Team Regulatory Data Handbook, we are delighted to publish a sixth edition for 2018-19 of our comprehensive guide to all the regulations and rules that might impact data and data management at your institution. As in previous editions of the Regulatory Data Handbook, we have updated…
Welcome to A-Team Group’s best read handbook, the Regulatory Data Handbook, which is now in its seventh edition and continues to grow in terms of the number of regulations covered, the detail of each regulation and the impact that all the rules and regulations will have on data and data management at your institution. This…
Everything you need to know about: GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) is an EU ruling that replaces the previous EU Data Protection Directive 95/46/EC of 1995. It aims to harmonise data privacy across the region, improve data protection for EU residents, and ensure data security. It gives individuals ownership of their own personal data and the right to find out what personal information is held about them and how it is used, request for it to be rectified or deleted, and restrict processing or movement between organisations.
GDPR provides individuals with:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- The right not to be subject to automated decision-making including profiling
While the 1995 edict took the form of a directive, which places obligations on member states and which their governments are then required to transpose into local law, GDPR is an EU regulation and is directly applicable and enforceable as law in every EU member state. GDPR provides a single set of data protection rules for all EU member states, while still allowing a degree of tailoring within individual jurisdictions.
GDPR was approved by the European Parliament on April 18, 2016, and tool effect in all member states on May 25, 2018. Despite the UK’s planned departure from the EU in 2019, UK businesses within the scope of GDPR will be required to remain compliant if they want to trade within the single market.
The regulation includes 99 articles, of which 64 are general and cover areas such as objectives, scope, definitions, requirements, liabilities and penalties. The remaining 35 articles are actionable and include 15 related to business and requiring actions such as setting policies, seven covering assessment of areas such as infrastructure and deployment, and 13 including technical detail about what data controllers and processors must do to achieve compliance.
Who are the regulators?
The primary regulator is the European Data Protection Supervisor. In addition, the Article 29 Working Party is an advisory body made up of a representative from the data protection authority of each EU member state, the European Data Protection Supervisor and the European Commission.
In the UK, GDPR is regulated by the Information Commissioner’s Office (ICO).
A full list of EU regulators can be found in Appendix 1.
Who needs to know?
While GDPR is an EU regulation, its requirements extend to any business globally that is collecting personal data from EU residents. GDPR applies to every entity that holds personal data derived from activities subject to EU regulation anywhere in the world. Its global scope means firms that control or process data relating to EU and non-EU citizens residing in the EU will be forced to deal with complex regulations governing personal data.
Unlike its predecessor, GDPR extends accountability not only to controllers that determine the purposes, conditions and means of processing personal data, but also to processors that handle personal data on behalf of controllers.
As GDPR applies to every company that sells to, or stores personal information about, EU citizens, it inevitably impacts financial services firms. They need to reconsider how they capture information, build data management systems, govern and protect personal data, and handle potential breaches. The regulation also has a knock-on effect for vendors of technology and data solutions that provide relevant services to financial clients and will need to incorporate GDPR compliance into their solutions.
Firms that do a good job of GDPR and take a proactive approach to compliance should benefit from improved customer communication, strategic data management and a higher level of trust in the market. Breaches of compliance could entail not only reputational damage but fines up to €20 million or 4% of annual group turnover, whichever is the greater.
What are the key requirements?
While financial firms subject to the 1995 directive already have data protection policies and practices in place, the detail of GDPR adds a significant layer of complexity that must be addressed in order to achieve compliance.
Notable challenges presented by GDPR include:
- Understanding the lawful basis for processing personal data
- Gaining consent to process the data
- Building data privacy by design
- Notifying authorities and individuals of data breaches
- Ensuring data portability
- Giving individuals the right to have data deleted, provided there are no legitimate grounds for keeping it.
Key elements to consider include:
Since May 2018, general contractual terms have no longer been sufficient to provide proof of consent from individuals to process personal data. Instead, consent must be unambiguous, freely given, informed and refer explicitly to each processing purpose. Consent for processing sensitive data held by banks and financial institutions must also be explicit. In order to manage data appropriately, companies must consider how customer data is collected, managed and shared with third parties, and develop appropriate consent management policies.
GDPR requires firms to identify personal data, manage it within the scope of the requirements, and ensure ?it is secure and accessible. This presents numerous data management challenges including data centralisation, master data management, data governance and automation. Organisations must be able to prove compliance throughout processes that fall within the scope of the regulation. This requires extensive data lineage to be put in place and data governance policies to be established, documented and enforced across an organisation.
Financial institutions must respond to the regulation’s enhanced rights for individuals to access, transfer and delete data by amending privacy policies and procedures, and the way in which they manage data access requests. GDPR also introduces the concept of data privacy by design, which requires financial institutions to promote privacy and data protection compliance in new system builds.
GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
To assess security risks, GDPR mandates that controllers carry out data protection impact assessments (DPIAs) when certain types of processing of personal data are likely to present a high risk to the data subject. The regulation also recommends a number of techniques?to prevent security breaches, including encryption, anonymisation and pseudonymisation. Constant monitoring of personal data is required in order to detect anomalies, and any breach must be reported within 72 hours.
What technological challenges does GDPR represent?
GDPR requires a much more rigorous approach to protecting data privacy than its predecessor. At its core is the understanding that while data is an asset, its ownership remains with the EU citizen?and not with the data controller or processor. GDPR’s main articles describe interactions between these stakeholders, and this set of parameters represents a significant challenge for financial institutions in terms of understanding the scope and granularity of what is required. Specific challenges include understanding what personal data is held within the organisation, what business processes affect regulated data, and how data is handled and transported.
Organisations should document all personal data they hold, including data that falls into special categories, and record where the data came from, and any other organisations it is shared with. An information audit across the organisation or within particular businesses may be necessary. GDPR also requires data processing activities to be recorded. For example, if inaccurate personal data is shared with another organisation, the inaccuracy must be communicated to ensure both organisations correct the data.
Current privacy notices should be reviewed and amended in line with GDPR requirements. Personal data collection previously required giving people information such as the organisation’s identity and how it intends to use the information. Under GDPR there are additional requirements, including the need to explain the lawful basis for processing the data, retention periods, and individuals’ rights to complain to supervisory authorities if they think there is a problem with the way their data is being handled.
To achieve best practice GDPR compliance and effectively locate and manage personal data, organisations need to capture the data, make a data inventory and create a central data repository. This will ease the challenge of identifying and sustaining personal data workflows by ensuring disparate data is reconciled, data is maintained, entitlement policies are in place, and access to personal data is available to data subjects. Challenges include legacy systems that may need replacing, data silos, derived data, and scattered and duplicated data within big data environments or collaboration tools.
GDPR introduces a duty on all data controllers and processors to report certain types of data breach to the authorities within 72 hours. To ensure compliance, organisations need robust processes for breach detection and investigation, which can be supported by data lineage and governance, as well as internal reporting procedures. Failing to notify a breach when required to do so can result in significant fines and penalties, making it crucial to have data management processes in place that can support detection, reporting and access to the details of a breach
What solutions can be used?
GDPR is an enterprise-wide regulation where the use of emerging technologies could improve the accuracy and efficiency of compliance, reduce costs, improve data quality and deliver better customer service. Existing in-house systems may need to incorporate vendor solutions to improve or add new data privacy policies, new processes, and/or specific elements of compliance. These solutions need to meet both reporting and compliance requirements by providing a data inventory or catalogue of protected data showing where the data is stored and how it is used. Alerts for possible non-compliance are also an option.
An over-arching GDPR solution could include core capabilities such as:
- A data identification system
- A centralised inventory of personal data
- Data lineage to track and trace all application use of protected personal data
- Workflows around personal data ownership
- Data sharing agreements that dictate how personal data should be shared both internally and externally
Key areas to explore include:
Metadata management tools can be used to identify personal data, categorise the data and assign GDPR attributes to it. The metadata can be loaded into a data governance platform and used to identify data elements relevant to GDPR. Once data processes and data elements are identified and governed, they can be linked and data elements used in particular processes can be mapped.
Solutions include technology tools and techniques that support the identification and capture of personal data wherever it is. For most firms, and particularly those with hundreds or even thousands of servers, the need is to minimise the number of locations holding personal data and use automated tools to analyse and consolidate the data. Master data management (MDM) is also helpful in marshalling data and reconciling it to create a data warehouse containing master data records of personal data. In the context of GDPR, this data can then be used across services and applications that individuals opt into.
Many firms already have data governance and lineage in place, and this can be extended to support the requirements of GDPR using either in-house technology and expertise, or vendor solutions. Some, however, will need to start from scratch, or may decide to refresh their solutions. Typically, vendor solutions are based on platforms that automate data governance and management, and provide trusted data to business users including help desk advisors responding to requests from data subjects about what personal data the organisation holds about them and how it is used.
GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system that can provide the individual with direct access to his or her information.
Implementing the regulation is a large data management challenge requiring significant budget, IT involvement and human resource including lawyers and subject matter experts. It is also an evolution of data protection that will deliver benefits to both data controllers and data subjects.
Data controllers can look forward to business benefits based on a better understanding of customers, the potential for product innovation and the ability to build customer trust, brand image and reputation. Data subjects can gain greater insight into how, why and when their data is used and request that it be corrected or deleted in certain circumstances.
Looking beyond these gains, GDPR will harmonise data protection across the EU, provide a level playing field for data controllers and data subjects and, more broadly, push forward best practice data management across the financial sector.
GDPR: Pros and Cons
- Harmonised data protection across the EU
- A level playing field for data controllers and data subjects
- Improved customer trust, communication and brand image
- Operational benefits including centralised data, updated data content, improved processes and reduced costs for internal and external audits
- Reduced time to build applications, which could lower costs and provide competitive advantage
- Improved security, lower potential liability
- Improved customer service and targeting, and the potential for product innovation due to a more accurate view of personal data
- Potentially use of data science and predictive analytics due to the creation of a trusted source of centralised information.
- High fines for breaches/non-compliance
- Limited access within the EU to start-up technologies unable to afford the cost of GDPR compliance
- EU-wide multi-jurisdictional scope could raise the risk of conflicting interpretations
- Potential compliance conflicts with other regulations including KYC, AML and other financial crime measures that take a different view of data privacy
- Larger data management burden for data controllers and processors
Appendix 1: European Regulators
|EU||Article 29 Working Party (WP29)|
|European Data Protection Supervisor (EDPS)|
|Austria||Austrian Data Protection Authority (DSB)|
|Belgium||Commission for the Protection of Privacy (CPP)|
|Bulgaria||Commission for Personal Data Protection (CPDP)|
|Croatia||Personal Data Protection Agency (AZOP)|
|Republic of Cyprus||Office of the Commissioner for Personal Data Protection|
|Czech Republic||Office for Personal Data Protection (UOOU)|
|Denmark||Danish Data Protection Agency (Datatilsynet)|
|Estonia||Estonian Data Protection Inspectorate (DPI)|
|Finland||Data Protection Ombudsman (Tietosuojavaltuutettu)|
|France||Commission nationale de l’informatique et des libertés (CNIL)|
|Germany||Bundesbeauftragete für den Datenschultz und die Informationsfreiheit (BfDI) (Federal)|
|Datenschutzkonferenz (DSK) (independent)|
|Greece||The Hellenic Data Protection Authority (HDPA)|
|Hungary||National Privacy and Data Protection Authority (NAIH)|
|Ireland||Data Protection Commisioner (DPC)|
|Italy||Italian Data Protection Authority (Garante)|
|Latvia||Data State Inspectorate (DVI)|
|Lithuania||State Data Protection Inspectorate (VDAI)|
|Luxembourg||National Commission for Data Protection (CNDP)|
|Malta||Office of the Information and Data Protection Commissioner|
|Netherlands||Personal Data Authority (PDA)|
|Poland||General Inspector for the Protection of Personal Data (GIODO)|
|Portugal||National Commission for Data Protection (CNDP)|
|Romania||National Supervisory Authority for Personal Data Processing|
|Slovakia||Office for Personal Data Protection (PDP)|
|Slovenia||The Information Commissioner|
|Spain||Agencia Española de Protección de Datos (AEPD)|
|Sweden||The Swedish Data Protection Authority (Dataprotektionen)|
|UK||The Information Commissioner’s Office (ICO)/td>|
ASG enterprise data intelligence solution plus policy-driven content services solution to manage the lifecycle of personal data and capture consent
1View Solutions – Our proven software allows companies with complex multi-siloed infrastructures to practically and very efficiently consolidate all their business data and events. Enabling them to truly deliver regulation requirements and begin to compete with the newer, internet designed companies with fully integrated operations.
Acin Limited – Acin provides industry standard Risk & Controls libraries to manage operational risk across financial services firms
Alyne – At Alyne, we pride ourselves on excellence and expertise – being the Mission Control that confidently guides the organisations that we work with. Alyne’s RegTech solution provides organisations with extensive capabilities in managing their cyber, governance, risk management and compliance processes through a software as a service platform. The Alyne software covers a number of regulations, such as: Abgabenordnung / German Tax Code, Australian Privacy Principles, ASD Protect Essential Eight, BAIT, BDSG, BDSG 2017, BSI Grundschutz, COBIT 4.1, COBIT 5, COSO, EU Directive 95/46/EC, Fed Guidelines IS, FIN-FSA OpRisk, Finnish Personal Data Act, GOBS, HGB, ISO 22301:2012, ISO 31000:2009, ISO/IEC 27001:2005, ISO/IEC 27001:2013, MaRisk BA (10/2012), MaRisk BA (09/2017), MAS TRMG, NIST Cyber Security 2014, NIST Cyber Security 2018, OWASP TOP 10 2013, PCI DSS v3.1, PCI DSS v3.2, PSD2 Security Measures for Operational and Security Risk, SGB, TKG, UK Cyber Essentials, UK FCA Financial Crime: A Guide for Firms, UK Privacy Act 1998.
Appway – Appway builds software for today and innovates for the technology of the future. With over 15 years of industry experience, Appway guides the leading financial institutions, both big and small, as they build sustainable and scalable solutions that quickly adapt to changing conditions. Headquartered in Switzerland with offices around the globe, Appway’s award-winning software suite serves over 420,000 users worldwide. More than 225 institutions rely on Appway to improve internal efficiencies, engage customers across all channels, and keep ahead of regulations.
AQMetrics – AQMetrics enables simple, reliable and cost effective risk management and regulatory compliance through the use of technology. Our cloud platform uses smart technology to integrate risk and regulatory solutions, allowing our clients stay compliant with existing and emerging regulations. We are focused on delivering trusted solutions to leading asset managers, investment managers, fund administrators globally. Aqubix Ltd.
Arkivum – Arkivum is the trusted software and service partner for long-term data lifecycle management and digital preservation. We serve organisations around the world in data-intensive, regulated markets, including pharmaceutical, life sciences and healthcare, financial services, higher education and heritage. Arkivum provides an end-to-end, managed service to deal with the complexity of preserving your data securely for the long-term, while guaranteeing 100% data integrity and immediate access to your data so that you can bring your archived data to life. Our vendor neutral technology means you can use Arkivum across your existing platforms and various deployment models, and you own your data at all times as there is no data lock-in.
ASG Technologies – Compliance, GDPR/CCPA, Regulations, Data Governance, Data Lineage, Data Privacy and more
BLX Limited (trading as RegBot) – At RegBot we are a team of experienced regulatory lawyers, traders and technology experts working to develop disruptive technology to end business disruption. We develop modular, end-to-end client solutions that we call “bots”, and deliver automated compliance embedded in the normal workflow of a bank or financial entity (either sell-side or buy-side). Our bots may be installed on premises or in the cloud, are fully auditable and keep full timestamped records to evidence compliance. Our MiFID II bot works as a lawyer in a box that automates compliance tasks, generates notifications to all relevant stakeholders, including clients, keeping you fully compliant, optimising business timing and maximising business opportunities. And it’s GDPR compliant too!
Capnovum – cloud-based Joint Learning platform that combines regulatory monitoring, collaboration and communication tools with project management capabilities and best practice processes
Citihub Consulting – Citihub Consulting is a global, independent IT advisory firm with deep domain expertise across every layer of the technology stack – from business applications and data platforms down to core infrastructure. Our consultants have decades of experience helping clients promote best practices in every IT discipline. From IT strategy, architecture and solution development, through to cost optimisation, risk assessment and implementation – our trusted experts deliver the right results for your business. Our long regulatory heritage spans both technology and business sponsored engagements covering Dodd-Frank; GDPR and the execution and delivery of multiple MiFID II workstreams. These covered everything from trade and transaction reporting; clock synchronisation; algorithmic trading; cost & charges and research unbundling. We have a relentless commitment to quality execution, integrity and client success. Our commitment to delivering the right results for our clients has never changed, even as the business has continued to grow over two decades.
Collibra – enterprise-wide data governance solution to automate data governance and management, paired with GDPR specific professional services and a GDPR accelerator
Compact Solutions LLC – Compact Solutions have provided solutions for over 15 years in the data transformation and management fields. We have a global reach with headquarters in Chicago, IL USA and operations in four countries including US, United Kingdom, Poland and India. Our Solution MetaDex is the most granular data lineage solution available on the market. It accesses every transformation that has occurred to the data throughout the enterprise and offers automation for up to date data lineage for regulatory compliance (BCBS239, CCAR, DFAST, etc.).
Compliance Solutions Strategies – Providing the following RegTech solutions: AIFMD, CPO-PQR, EMIR, Form ADV, Form PF, GDPR/Cybersecurity, MiFID II, Position Limit & Substantial Shareholding Disclosures, Post Trade Compliance, PRIIPs, Rule 38a-1 & Rule 206 (4)-7, SEC/Reporting Modernization/LRMP, SFTR, Solvency II, VAG, GroMiKV, CRR & Solva.
Confluence – As a proven leader for over 20 years in data aggregation, management and reporting, Confluence offers solutions to the global fund industry to support asset managers and their administrators with performance, regulatory reporting, and investor communications. By taking disparate data sources from providers such as custodians, index providers and accounting systems, then centralizing and aggregating the data, output in various information formats is available to both internal and external consumers including portfolio managers, boards of directors, regulatory agencies, and investors.
CUBE – Founded in 2011 by RegTech pioneer Ben Richmond, CUBE was early to recognise how extensive and voluminous financial regulation would become. We understand the huge costs and risks associated with managing regulatory change compliantly, and we have purpose-built an automated end-to-end regulatory intelligence and change solution, underpinned by AI and Machine Learning. CUBE serves multi-jurisdictional Tier 1 and 2 financial institutions, including global banks, wealth managers and insurance companies. Two million staff in 160 countries currently consume regulatory intelligence, and manage regulatory change initiatives, powered by CUBE. With offices in London, New York and Melbourne, CUBE has 100+ staff globally, including specialist regulatory experts and 24/7 support.
Custodia Technology – A truly global 360° life cycle solution and support provider for voice + data capture and aligned communication compliance technologies, Custodia services highly regulated global market participants managing emerging communications and collaboration technologies within ever changing compliance landscapes. While compliance requirements expose trading organisations to regulatory burdens and barriers preventing the adoption of emerging modalities of communications and collaboration technology, Custodia enables organisations to provide their regulated users with cutting edge communications and collaboration tech while meeting compliance regulations head on and gaining a clear competitive advantage in the market.
The Cyber Consultants (Evidology) – end-to-end compliance management system targeting principles-based legislation
Datactics – Datactics specialises in data quality and matching software for firms operating in the financial sector to help comply with data-driven regulations including BCBS239, FATCA, MiFID II and FSCS. The company provides user-friendly tools with hundreds of built-in data rules to help financial institutions get their data in order and quickly respond to new standards. Solutions provide intelligence into the underlying quality of data as well as helping reduce the complexity and cost of onboarding entities into a Legal Entity Master through high-performance fuzzy-matching technology and connectivity to external data sources such as Dun & Bradstreet, Companies House, Bloomberg, Thomson Reuters etc.
emagine – Business and technology consulting, innovation and RegTech/FinTech ISV for the financial sector. emagine was founded in 1988; in 2018, we generated over 125 million euros in revenue. emagine’s key strength is our deep knowledge and understanding of the environment in which our capital market clients operate. emagine’s Fintech Practice combines decades of expertise and latest & greatest – but proven financial technology to manage regulatory-driven trading optimization change. Our clients range from IBs, Brokers, Market Makers, Asset Managers, FX & Commodity trading participants, etc… Some of the fields we help our clients with : – Regulatory Compliance for Trading (Time-as-a-Service : local hubs global distribution, EMEA, US/CAN, LATAM, APAC), monitoring/alerting and full compliance reporting on mandatory KPIs – Network monitoring and latency optimization analytics, – Self-evolving IT & Trading/event driven Performance Analytics – Desktops/Servers, Apps, Networks, Trading (AI/Machine Learning).
Enfusion (Integrata) – cloud-based, multi-tenant investment management system
Exate Technology – data middleware system built from scratch to apply GDPR rules through a data privacy and data protection platform
Fenergo – a leading provider of Client Lifecycle Management, AML/KYC Compliance and Client Data Management solutions for investment, corporate, commercial and private banks.
Gresham Technologies – Gresham is a leading software and services company that specialises in providing real-time data integrity and control solutions. Gresham’s award-winning Clareti software platform has been designed to provide financial institutions with complete certainty in their data processing. Clareti is a highly flexible and fully scalable platform for ensuring the integrity of data across an enterprise. It is designed to address today’s most challenging financial control, risk management, data governance and regulatory compliance problems. Listed on the main market of the London Stock Exchange (GHT.L) and headquartered in the City of London, its customers include some of the world’s largest financial institutions, all of whom are served locally from offices located in Europe, North America and Asia Pacific.
Harmoney – Harmoney has built the one-stop shop for digital onboarding and compliance management. We manage all workflows and interactions between the client, the front-office and compliance on one single platform.These 3 stakeholders have each their own access and workflows, but all with one goal in mind: no more paper work.
The platform will be customised to your client acceptance workflows and compliance procedures. Harmoney ensures the full client due diligence (KYC, PEP, UBO and AML, Mifid or IDD checks) for private and corporate clients, even the most complex ones. All stakeholders can rely on trustworthy client data, including full audit trail and reporting facilities.
In comparison with other onboarding solutions, we implement the compliance procedures of the financial institutions or insurers themselves. We don’t impose a standard forced work stream; we are fully customisable. Harmoney is a digital end-to-end onboarding, but also available as specific modules like AML risk based approach or UBO registration.
IMVS Limited – To provide innovative solutions to business problems and constantly look to improve products and services in order that our customers continue to deliver high quality cost effective service to their valued client base. IMVS is a business solutions provider not just a product provider. The realistic target market for IMVS does not lie at the top end of the market, the opportunity for growth at IMVS lies in the small to medium Private Client Wealth Managers with FUM ranging from £50m to £1.5b. There is a significant minority part of the sector dealing with the management of assets for the private investor, legal trusts and small “self administered” pension funds, it is this part of the market that APA is designed to address. We use a technology architecture that allows us to deliver the flexibility and speed of change required by the market that over the past 10 years has seen an ever increasing demand on compliance and regulatory requirements which we can deliver cost effectively. The UK Investment Management business deals with assets of approximately £6.9tn (2016) with Discretionary Private Clients attributing £479bn (2016). The UK is the second largest asset management centre in the world, after the United States and in front of Japan. From a systems perspective, at the higher end of the market is dominated by a small number of key global suppliers many of which still maintain and support legacy systems together with a proportion of in-house built solutions.
Insightful Technology – Through our SaaS platform Soteria, we provide financial organisations around the world with the ability to compliantly capture, analyse, store and surveil business communications and market data in real-time, regardless of the source, and in a single, global and hierarchical view. We also provide Data Integrity through tokenised 3rd party verification for Duty of Care and Evidential Weight.
Our Artificial Intelligence, Business Intelligence, and End-to-End Workflow capabilities include Proactive Monitoring and Alerting, Analytics and Reporting, the functionality to immediately create Trade Reconstructions with containerised Regulator Login Access, and also the ability to pre- populate 3rd party solutions such as CRM systems or Best Execution Templates, with accurate Voice-to-Text transcriptions, translations and notes. Using Soteria, we not only drive compliance, surveillance and risk mitigation on a global scale but also business efficiency.
Our mobile voice recording technology which underpins ‘Truphone
Mobile Recording’ is currently used by 10 of the top 12 tier 1 global banks, and we have over 180 other financial organisations, including
buy- and sell- side firms, using Soteria throughout their front, middle and back office departments. Soteria can also be implemented by other regulated industries, including government agencies and legal institutions.
iPushpull – secure data sharing and collaboration platform connecting data in real time between desktop applications, cloud services, databases, third party platform
Kompli-Global – Kompli-Global uses a combination of advanced AI-driven technology and human expertise to identify and alert organisations to the ‘bad actors’ who are seeking to utilise their company to launder the proceeds of financial crime Our services reduce your exposure to fraud, mitigate against personal and corporate prosecution, protect the company’s brand’s reputation and make true regulatory compliance a cost effective reality. Kompli-Global has developed the world’s first truly multi-jurisdictional, multi-lingual due diligence search platform that discovers comprehensive and accurate adverse and negative information that goes far deeper than just the news & media. We enable you to uncover material information otherwise unavailable or too time consuming to find. Information that is essential to meet regulatory compliance such as 4MLD & 5MLD If you’re using traditional search engines, you could be missing >90% of the story.
KyoLAB Limited – KyoLAB helps businesses engage with their client via popular mobile social media like WhatsApp or WeChat in a compliant way, providing audit trail and means for dispute resolution.
La Meer Inc. – La Meer offers the GRACE suite of web based hosted model solutions for Operational risk management, operational due diligence, compliance management, client compliance, AML, GDPR, MiFID II, Trade Monitoring, IT Risk and Vendor Risk Management.
MPI Europe Limited – As financial sector specialists working at the intersection of regulatory driven and technology enabled change, we understand that the business challenges you face today demand effective solutions based on experience, expertise blended with innovation in ideas and technology. MPI provide skilled people with relevant experience to work with you, as well as MiFID, KYC/AML, machine learning/search, data and accounting standard solutions with partners to address these challenges, including major regulatory, risk, technology and data projects.
MYRIAD Group Technologies Limited – Established in 2004 and based in the City of London, the Company has a strong track record of delivery on its three platforms: CODUDE, Embus and MYRIAD. We have some of the biggest Financial Institutions in the World as Clients and work very closely with each of them to generate low-cost, high value-added solutions for Network and Vendor Management; for Client Onboarding and CLM; and for due diligence and questionnaire management.
Novabase – Symetria helps Financial Institutions address both current and future regulatory reporting requirements, effectively deal with regulatory changes and ultimately, reduce operational costs.
Ocucon – Pixelate is a web-based software programme for blurring sensitive data (i.e. license plates, faces) in CCTV footage in order to for companies to easily comply with GDPR. Ocucon Pixelate significantly reduces redaction times via its easy-to-use, cost-effective, web-based portal.
Pontus Networks – PontusVision Open Source GDPR IT Solution, one of the world’s first open source GDPR platforms
Privitar – Privitar provides data-privacy software for organisations seeking to improve services and experiences through the use of advanced analytics and data science. We help organisations engineer privacy-preserving data operations that protect sensitive information while retaining data utility. Our software accelerates and automates privacy-safe data provisioning, helping our customers get more business value from their data, generate data-driven insights, and drive innovation. Privitar products create opportunities by allowing broader use of valuable information assets for collaboration and sharing, whilst reducing the risk associated with storing, processing and using sensitive data, due to data breaches, regulatory penalties and the misuse of data.
Provectus – automated blockchain-based out-of-the-box-solution
Scaled Risk – Scaled Risk: The Enterprise Regtech Data Platform. We are a RegTech software company providing the Financial Services Industry with a one stop shop, agile, real-time, consistent and auditable big data platform. Our platform is used by the Financial Software Industry to efficiently solve their risk and regulatory issues. Currently used by Financial Authorities, CIB, Asset Managers, Custodians, Retail Banks and even Corporates for: MiFID II, FRTB, Basel III and GDPR (control) – KIID/ PRIIPs (reporting) – French anti-bribery law – Sapin 2 (compliance application) – Trade Repository & Analytics (application) – Credit & Liquidity Risk (SaaS application). To do so, we use cutting edge technology that allows consistency, flexibility, data traceability and high volumes. Our software takes the best of legacy systems and big data platforms to enable rapid and flexible application development to cope with ever-changing regulations data schema, models and rules changes.
Shield FC – Shield is an innovative end-to-end trade and eComm platform covering the relevant scope for MiFID II, GDPR, Dodd Frank and the new wave of regulations. In addition to archiving and protecting the original files from all communication channels (voice, chat, email, text messages, OMS, documents etc.) as per compliance, Shield also uses big data capabilities and advance analytics to automatically correlate and cross reference the data across all platforms. With a quick and easy Google like search, Shield is designed as a user friendly solution for financial compliance teams to manage, search and perform investigations. We already assist European customers including Tier 1 banks to structure their communication data and be prepared to the growing amount of inquiries from the regulators and from customers.
Solidatus – Solidatus focuses primarily on the increasingly regular and critical theme of data lineage. An organisation can only begin to consolidate its data when it understands that data’s provenance. Detailed and complex data lineage can be represented in a visual form in Solidatus. This provides a richness and depth of information that other reporting processes cannot. Regardless of whether it is being used for AML, CCAR, BCBS239, FRTB, GDPR or MiFID II, Solidatus supports organisational efforts to maximise the impact efficiency of implementing regulation, improving operational transparency, reducing risk as well as costs. Solidatus enables regulated businesses to move from being reactive to proactive in their efforts to be compliant. The tool was developed to help understand how data flows through the data landscape by providing the most intuitive, flexible, data lineage, visualisation solution. Solidatus is uniquely engineered to build end-to-end data models more efficiently and effectively. The data economy of organisations is growing year-on-year, increasing the demand on businesses to understand and control change in order to minimise risk and manage costs. The unique collaborative mechanism built into the core of Solidatus helps organisations improve their data economy. Easily accessible, highly scalable and secure, it allows businesses to quickly develop a data landscape, crowdsource metadata and analyse how that data is used.
TeleMessage Inc -The TeleMessage Mobile Archiver effectively addresses compliance, regulatory, eDiscovery response requirements and reduces risk across a variety of industries. TeleMessage captures mobile content, including SMS, MMS, Calls and Chats from corporate or BYOD mobile phones. Messages are securely and reliably retained within TeleMessage servers or forwarded to an archiving data storage vendor of your choice.
Trunomi – Trunomi unlocks the power of customer data using consent and data rights management. The Trunomi platform enables businesses to request, record and immutably prove the legal basis for processing personal data and comply with the highest standard for global data privacy (EU GDPR, ePrivacy Regulation, PSD2). For the customer we provide control and transparency over how their personal data is used. Trunomi turns regulation from a burden to a competitive advantage and is an enabler of the evolving personal information economy for a more flexible, transparent, empowered and customer-driven world. Trunomi has filed six patents for our technology and have raised over $9 million in Venture Capital funding. Veridate Financial
Verint – Through its acquisitions of Verba and Nxtera in 2017, Verint is the only FinTech/ RegTech vendor in the market providing a holistic financial compliance suite integrating proactive, active and reactive compliance capabilities. The extensive Verint portfolio offers proactive compliance, omnichannel compliance recording and archiving, speech search and transcription, automated verification and assurance solutions that is augmented by an extensive ecosystem of RegTech partners.
Waymark Tech – Speed up regulatory review times, never miss an update with advanced AI, and secure your data while lowering costs with transparent, predictable pricing.
ZoneFox – compliance reporting toolbox
If you want to appear on this page please contact Jo Webb at firstname.lastname@example.org or call us on +44 (0)20 8090 2055.