The regulatory tsunami continues: Why asset managers need to take a strategic approach to compliance
By Carsten Kunkel, Head of SimCorp’s Regulatory Center of Excellence
It’s not breaking news to anyone that the financial industry globally has had to cope with a large amount of new regulations during the last 10 years. New regulations have impacted the financial markets broadly and placed many new requirements on the IT solutions that companies use to support their business.
Common to the regulatory initiatives we have seen post-2007 is that politicians and supervisors have defined and communicated ambitious timelines for the implementation of new regulations, but in most cases, they have had to update these timelines multiple times. In addition, there has been a lot of uncertainty about how regulations should be interpreted or how the market should implement certain technical details. And following the initial implementation of the regulations, incremental updates have been issued, which have placed new requirements on the IT solutions that firms have implemented to handle the regulations.
The combination of tight regulatory deadlines and incomplete requirements makes this an extremely complex environment to navigate in. This has caused many investment managers to opt for tactical short-term IT solutions to become compliant with new regulations. As anyone involved in IT projects knows, tactical solutions tend to live for much longer than initially planned, and most often they end up generating higher running costs because neither operational efficiency nor upgradability were high on the priority list when the solution was chosen.
The best example to illustrate this point is the Trade Repository Reporting requirements under EMIR, which came into force in February 2014. With the European watchdog ESMA rendering the specifics of the regulatory requirements in several major iterations since it took effect, investment managers who have chosen configurable solutions that do not require a complete or partial rewrite when having to accommodate regulatory or technical changes, have been much better positioned than those who chose a short-term tactical solution. With each new iteration of the trade reporting requirements SimCorp’s Regulatory Center of Excellence notices more interest in a standardized solution to replace tactical solutions that require quick fixes with every change.
"As anyone involved in IT projects knows, tactical solutions tend to live for much longer than initially planned, and most often they end up generating higher running costs because neither operational efficiency nor upgradability were high on the priority list when the solution was chosen.”
Impact from regulations in 2018 and beyond
As highlighted above, the importance of adopting the right corporate-wide approach to regulatory compliance is key to being able to cope efficiently with new regulations.
In 2018, investment managers will have to put a major effort into updating their MiFID II solutions to reflect both the evolving market infrastructures and the clarifications to the regulation put forward by ESMA. On top of that, insurance asset managers will need to continue to follow the developments within Solvency II and the updated requirements published by EIOPA in Q4/2017.
Another European regulation that gives headaches to the financial industry is GDPR (General Data Privacy Regulation), which will take effect and become enforceable on May 25, 2018. Being principle based, GDPR comes with room for interpretation and so far, not all aspects are fully clarified. Nevertheless, investment managers need to start acting now. At first, they need to review their data privacy strategy and potentially adjust processes to ensure proper documentation of the usage of personally identifiable information (PII) within their single processes. At the same time, they need to identify in which IT systems they hold PII and for which purpose.
Later in 2018, the Securities Financing Transaction Regulation (SFTR), which could be described as the EMIR for SFTs, is looming and will require investment managers to report SFTs to registered trade repositories. As simple as this may sound, the already known requirement of identifying each SFT with a Unique Trade Identifier (UTI) is new to the market, and a main challenge will be for market participants to figure out how to process as data points within their system infrastructure as soon as they have obtained it. In contrast to MiFID II or EMIR, investment managers face a phased go live with the initial phase expected in early 2019.
If we look forward in to 2019, the European Commission has already stated that they will be reviewing the MiFID II rules based on the data obtained throughout 2018. In other words, MiFID II is likely to follow the patterns from previous regulations, where the initial rules are being iterated multiple times over several years.
Efficiently coping with new regulations
The pattern of constantly evolving regulations constitutes an ongoing challenge for investment managers. Clearly, the basic compliance with the initial regulation is necessary, but investment managers who want to turn regulation into a competitive advantage need to take a more strategic stance.
First, they need to ensure that they continuously monitor the market for changes to regulations that are impacting their business, and as regulations often require them to liaise with other players in the market like trading platforms or trade repositories, the monitoring needs to include these players. To establish this monitoring, and ensure that the needed impact of regulatory changes on the IT infrastructure gets analyzed and defined, it’s advisable to have a dedicated team to focus on the long-term regulatory compliance. Some vendors – SimCorp’s Regulatory Center of Excellence as an example – will carry much of this task for their clients.
To truly master today’s environment of regulatory change, investment managers should adopt – and get the most out of – new requirements instead of making compliance an endless series of individual heroic project efforts. When continuous process improvement around regulatory compliance becomes a core part of a company’s DNA, it ultimately becomes a competitive advantage.