The 4 game changers of 2018

How will banks react to sweeping new changes in regulation aimed at consumer protection?

Banking alert | 9 January 2018

2018 is a big year for banks and, more broadly, for the financial services industry. The first half of the year sees four game changing regulations come into force:

1.    IFRS 9: International Financial Reporting Standard 9

2.    MiFID 2: Markets in Financial Instruments Directive

3.    PSD 2: Payment Services Directive

4.    GDPR: General Data Protection Regulation

All four regulations introduce sweeping reforms and will undoubtedly cause many a sleepless night for regulatory risk and compliance departments. More fundamentally, however, is how banks react to these four key reforms on a strategic level.

Stay up to date!

Subscribe to recieve Deloitte Malta banking alerts

Contact us

IFRS 9 (D-Day: 1 January 2018)

The International Financial Reporting Standard 9 (IFRS 9) is the new gold standard for banks’ financial accounting and reporting. IFRS 9 transforms the way banks calculate impairment provisions and classify and measure financial instruments, and both increases and streamlines data collection and reporting requirements.

Yet, the impact of the new regulation goes beyond technical changes to accounting practices, or the new responsibilities and obligations that will be imposed on banks’ risk and finance functions. At a strategic level, banks will need to rethink how to allocate capital within the context of risk appetite and portfolio strategy, and strengthen credit product design, approval, and monitoring processes.

All the while, banks will need to keep an eye on emerging FinTech start-ups attempting to absorb market share through alternative lending opportunities.

MiFID 2 (D-Day: 3 January 2018)

Dubbed “perhaps the biggest regulatory change to European financial markets since the financial crisis” by The Economist, the Markets in Financial Instruments Directive is a veritable behemoth in financial services regulation.

Laden with granular requirements, the 1.5 million paragraphs of written rules call for an increase in transparency across all major tradeable asset classes, establish a unique 20-character alphanumeric code – the Legal Entity Identifier (LEI) – to account for all market entities participating in a trade, bolster reporting for over-the-counter (OTC) derivatives to open up obscure markets, and require entities to report up to 65 separate data points on every trade to regulators.

That’s quite a mouthful, and we’ve only just skimmed the surface. Indeed, International Banker reports that European and American banks are investing up to $20 billion on technology, including experimenting with technologies such as blockchain, to come up to the speed with the new rules.

The objective? Strengthening product governance, fighting market abuse and raising the bar on transparency. All with the aim of building trust and enhancing investor protection.  

PSD 2 (D-Day: 13 January 2018)

Next, enter the FinTech disruptors. The revised Payment Services Directive (PSD 2) promises to reshape the payment services industry by recognising new categories of third-party payment service providers (TPPSPs) that were previously treated with a light regulatory brush but which had very limited access to market.

At the core of the new requirements is the obligation on banks to ensure access to customers’ online payment accounts to two completely new categories of TPPSPs: payment initiation service providers and account information service providers. To meet this objective, banks are required to implement secure technical communication structures and targeted application programming interfaces (APIs). PSD 2 also increases the application of two-factor authentication as a security baseline for all payment methods, and takes measures to strengthen consumer protection for unauthorized debits and overcharging.

Yet perhaps the biggest risk banks face is with treating PSD 2 as a simple tick box exercise. PSD 2 compliance effectively opens the floodgates for competition from young, ambitious FinTech start-ups. Left unaddressed at a strategic level, banks risk losing a significant percentage of payment-related fees and revenues to simpler, customer-centred money management platforms and money transfer applications.

Naturally, this is all good news for consumers. While MiFID 2 enhances investor protection, PSD 2 regulates previously under-regulated pockets of industry and creates a platform for competition.  

GDPR (D-Day: 25 May 2018)

Whereas PSD 2 facilitates (secure) access to data, the General Data Protection Regulation (GDPR) is in the business of protecting it.

Fundamentally, the GDPR represents a shift in privacy legislation in favour of consumers in three ways. First, it introduces seven new core individual rights for consumers, including the right to be forgotten, the right to withdraw consent from the processing of personal data, and the right to be informed on how data is utilised. Second, it introduces more onerous obligations on businesses for the collection and processing of data. Third, it adds teeth to enforcement, empowering supervisory authorities to intervene.

Failure to comply with the new regulation is indeed daunting, with potential fines stretching up to 4% of annual global turnover or €20 million, whichever is greater.

Even here, GDPR compliance is as much an opportunity as a threat to banks. Research shows that consumers are increasingly concerned about how businesses store and use their data, and consumers are more willing to engage with businesses they trust and perceive to offer greatest privacy protections.

How we can help

  • IFRS 9 IT solutions, transformation, and regulatory impact assessment. Assistance with your IFRS 9 transformation whether you adopt to take a manual approach, or implementation of the Finevare– a comprehensive IT solution developed by Deloitte to support banks in their transition to IFRS 9. If your IFRS 9 transformation is close to completion we offer assistance in assessing the impact on your credit risk models and ICAAP framework.
  • MiFID 2 health check and transformation. Assistance in analysing the impact of the new regulation on your business, prioritisation exercise, and development and implementation of an action plan to ensure full compliance with MiFID 2.
  • PSD2 readiness assessment. Assistance in undertaking a current state assessment and formulation of a regulatory and strategic action plan for full compliance with PSD2.
  • Business research and strategy. Assistance in undertaking market research on the evolving competitive environment, both locally and regionally, and facilitating the discussion on strategic priorities. Assistance with documenting your business model and strategy.
  • End-to-end GDPR services. Assistance in all facets of GDPR compliance, ranging from detailed gap analysis and diagnostic exercises to lifecycle mapping and implementation.
Did you find this useful?