The 2018 regulatory agenda is in motion, with Packaged Retail and Insurance based Investment Products (PRIIPs) going live on January 1st, and Markets in Financial Instruments Directive II (MiFID II) and Markets in Financial Instruments Regulation (MiFIR) taking effect on January 3rd. Looking forward, the compliance deadline for General Data Protection Regulation (GDPR) is May 28th, and although pushed back from a 2019 deadline, compliance with the Fundamental Review of the Trading Book needs attention this year.
With so many regulations on the agenda, we looked at their data management requirements and the increasingly critical need to take a strategic to compliance during a recent A-Team Group webinar, Data Management Requirements for the 2018 Regulatory Agenda.
An early poll of the webinar audience asked which regulation delegates expected to be the most onerous in terms of data management at their organisation. Some 44% said the MiFID II and MiFIR hangover, 41% GDPR, 10% preparing for FRTB, 2% Benchmark Regulation, and 2% PRIIPs.
The webinar speakers – Dessa Glasser, principal consultant, Financial Risk Group (FRG) and former CDO at JP Morgan Chase; Kelvin Dickenson, vice president of compliance solutions at Opus/Alacra; and Chris Casey, global head of regulatory and reference data at Bloomberg – noted similar priorities. Dickenson commented: “MiFID II will remain top of mind in 2018. Even if firms were ready on the compliance deadline, in 2018 they will be questioning whether their solution is working ell and doing what it is intended to do.” Casey added: “Many of the firms we are working with didn’t have enough time to complete testing as a result of late additions to MiFID II and new connections to data sources such as the Derivatives Service Bureau, so there is still work to do.”
Glasser selected GDPR as the toughest challenge in 2018, on the basis of its extensive reach and significant penalties for non-compliance.
Looking at the data requirement for 2018, the speakers acknowledged an ongoing rise in volumes of data, the introduction of more external third-party data, and the resulting need for improved data control and lineage. The speakers went on to discuss best practice approaches to this year’s regulatory requirements and a variety of technology solutions.
They concluded that the 2018 agenda requires firms to stop talking about a strategic approach to compliance and take action. Dickenson commented: “This is critical going forward. Data requirements of different regulations can be brought together, and a strategic approach can replace regulations in silos that duplicate work and can drive customers away.”
An audience poll showed 40% of respondents taking a strategic approach, 20% implementing such an approach, and 11% with no plans for a strategic approach. Similar percentages said a strategic approach is on the agenda, nothing has yet been done, or a strategic approach is being planned.
Indeed, plans aplenty, but who should lead the strategy programme and what are the goals? Casey said: “People often say the chief compliance officer should lead the strategy, but this role is limited in what control is has, so there needs to be buy-in from the chief technology officer and chief data officer too. A successful strategy includes common data sources, a common infrastructure layer, high security and low level of customisation.” Or, as Dickenson put it: “The only person who can own the strategy is the chief compliance officer. This officer is best at deciphering what needs to be done, but worst at execution, so needs to work in partnership with the chief technology officer, chief data officer and chief risk officer.”