banking risk in the digital age - parker...
TRANSCRIPT
Banking Risk in the Digital AgeMay 2016
parker-fitzgerald.comQuarterly Outlook
1
Scott vincent ceo & Founder, parker fitzgeraldI’m delighted to introduce Parker Fitzgerald’s Quarterly Outlook. This is the first in a regular series of forward-looking reports, examining some of the key challenges that the financial services sector faces as it continues to evolve in a world of rapid technological, operational and regulatory change.
These reports will provide insights from our
senior team of economists, former regulators
and technical experts and are underpinned
by research from our recently announced
strategic partnership with University College
London (UCL).
This first Quarterly Outlook focuses on the
emergence of FinTech and the impact of digital
transformation on both the banking sector and
the risk management function. In this report we
examine how the risk profile of organisations
changes as they adopt new digital business
models and the evolving regulatory landscape
in response to innovation within the industry.
This includes viewpoints from leading
economist Dr Gerard Lyons, Paul Rippon,
the deputy CEO of the new challenger bank,
Mondo, Dr Colin Lawrence, former regulator
and adviser to the Bank of England, and
Michael Soppitt, Digital Risk specialist.
I hope you enjoy these insights and viewpoints
and I look forward to sharing further Quarterly Outlook reports later in the year.
Scott Vincent CEO and founder, Parker Fitzgerald
Digital risk needs to be a priority for boards, regulators and policy makers
2
CALCULATING THE ECONOMIC IMPACT OF TECHNOLOGYFor the bulk of the post crisis era, regulation has dominated the banking and wider financial services sector environment. It remains important, but now there is a new central issue to focus attention on: technology and the digital world.
While technology has always had an influence
on banking, the current phase is dramatically
different, in both its scale and pace of change.
The banking sector is in the early stages of a
digital transformation.
The combination of technology and digital has
the potential to change everything. It provides
access to new products and services and
changes the way traditional things are done.
In an industry like banking and finance, where
the barriers to entry can sometimes be high,
this is transformative and disruptive at the
same time.
The digital economy is estimated to be about
5.3% of global GDP and accounts for 12.4%
in the UK1, making it the largest internet
economy in the world, followed by South
Korea at 8% of GDP and China at 6.9%. The
average in the rest of the EU is 5.7%. While
the biggest use in the UK is for online retail,
the willingness of people here to embrace
the digital economy suggests it may be able
to make greater inroads elsewhere, such
as finance. Perhaps therefore it is also no
surprise that the UK, led by London, is at the
forefront of the ‘FinTech’ revolution, combining
financial expertise with technical innovation.
1 Boston Consulting
The banking sector is in the early stages of a digital transformation
12.4%Digital economy as proportion of UK GDP
3
For banks, the biggest challenge may be that
digital allows multiple competitors to emerge in
different areas. From a regulatory perspective
the issue is what impact this has on the stability
of the financial system. Provided regulators
do not protect the incumbent with too high
a regulatory barrier to new entrants, while
safeguarding customers through a minimum
regulatory threshold, then a larger number of
finance providers should help the stability of
the system. Thus it is to be encouraged.
It will undoubtedly destroy some of the old ways
of doing things, while at the same time forcing
banks and others to reinvent themselves in
the face of new products and new, smaller,
more nimble competition. There are a number
of areas where these disruptive impacts are
likely to be felt, including the following:
● Sustainability of profits and earnings for incumbents: New entrants, including tech
companies and big internet providers have been
enviously eyeing profitable parts of banking,
including the payments system (which is guarded
closely by the banks, as access to this would
provide a rich vein of information on how people
receive and spend money that could be used in
many other ways and is estimated to account
for between 37% to 40% of bank revenues).
● Job losses: Staffing levels in European
and US banks are unlikely to return to
their pre-crisis peak and further losses are
expected as a result of competitive pressures
and branch closures brought about through
digital transformation. Some financial services,
however, may be ‘distinctive’, to use the word
of Deputy Governor Andrew Bailey, meaning
that the customer would find it hard to replace
without an unacceptable loss and cost.
● Tax receipts: The financial services sector
is a major and vital source of public revenues,
particularly for the UK where the tax contribution
totalled £66.5 billion in 2015, representing 11%
of total tax receipts2. This total incorporates
contributions through corporation tax, the
bank levy, VAT and employment taxes. Any
significant change to banks’ profitability and
staffing levels is likely to have a major impact
on public finances and will represent a serious
challenge to public policy makers.
● New data challenges: In finance, assessing
risks properly is key and information is central
to this. Perhaps therefore it is no surprise
that financial services allocate a greater
proportion of spending to IT, followed by the
telecommunications industry. Information is
king, especially if used in the right way. Think
of the future potential application to banking
of artificial intelligence software that exhibits
human-like intelligence.
It may help provide new, innovative solutions
to, as yet, unmet client demands. Banks will
not only need to retain this edge in information
access, but now they will also need to think
more about how to use it, because of the advent
of big data, and also about how to store it
because of the regulatory environment. This will
force banks to allocate more resources to the
storage and analysis of client and market data.
2 City of London Corporation Research Report: Total Tax Contribution of UK Financial Services Eighth Edition
4
Responding to these disruptive effects will be
a major challenge. Where should banks invest
their resources, as the technology space
is vast and fast moving? Surveys of where
financial firms wish to invest in the digital and
technology area suggest mobile technology
tops the list, and in a survey by Oxford
Economics this was followed by business
intelligence, cloud computing, collaborative
technologies, telepresence technology and
only then social media, although this can help
bring brand awareness and customer loyalty.
Of course, one size will not fit all. Not just
in terms of banks, but also across different
product areas. There are some parts of the
financial industry where costs and profit
margins are high, and in which technology
can be the catalyst for change, increasing
competition, lowering margins, ensuring greater
productivity and lower costs for the consumer.
Examples might include retail banking and
discretionary wealth management.
An age old adage has been to cut out the middle
man. Seen in other industries it is now impacting
finance. Digital is allowing new platforms to
emerge across a host of areas, such as peer-to-
peer lending. There is increased business risk.
Banks should identify the areas most at risk, as
well as those where there is a competitive edge
that might be exploitable by early movers.
While user-friendly client systems and increased
automation bring change, they also raise
issues such as access to information and the
security of financial transactions. This is already
evident in terms of the increased attention on
cyber security. Regulations, too, will change,
as technology forces the business model to
change. An important part of the new supervisory
approach is business model analysis.
Banks should embrace change. If positioned
correctly from a strategic perspective, greater
technology should provide banks with an
opportunity to transform financial services.
Dr Gerard Lyons is a senior
adviser to Parker Fitzgerald and
Chief Economic Adviser to Boris
Johnson, the Mayor of London.
Understanding where banks should invest their resources is critical, given the pace of technological advancements is complex
For banks, the biggest challenge may be that digital allows multiple competitors to emerge in different areas
5
A CHALLENGER BANK’S PERSPECTIVE ON THE FINTECH REVOLUTIONPaul Rippon explains the opportunities and risks arising from launching a new UK digital bank, Mondo, which will provide customers with personal current accounts on their smartphones.
The concept of Mondo was developed by
a group of individuals who felt that current
technological innovation and greater digital
connectivity could transform retail banking and
address some of the longstanding frustrations
that customers experience with their personal
current accounts.
In a digital world of Uber, Netflix and Facebook,
personal banking feels remarkably analogue
and unresponsive in comparison. For instance,
the management of your current account can
involve long and inconvenient phone calls or
queues in branches, transactions can take days
to appear on statements and obtaining an
up-to-date balance is often difficult.
Both high street and challenger banks are
responding to this challenge and many providers
have moved to incorporate more digital services
in retail banking. We feel, however, that there are
limitations to models which rely on integrating
digital banking with legacy IT systems or from
purchasing off-the-shelf packages.
Here at Mondo, we are building a core digital
banking system from scratch. This approach
allows us to utilise the latest modern technology
and put all our focus into designing a product
that caters to the needs of today’s consumers.
We plan to launch later this year on obtaining
our full banking licence, which is currently
being considered by the PRA and FCA.
We are building a core digital banking system from scratch
6
Of course, launching a new retail bank into
the marketplace is not free of challenges or
risk. Arguably the number one challenge for
us is to ensure that we develop a product
that consumers actually want and would
use. Mondo has therefore put considerable
focus and energy into the design and testing,
including the process of receiving feedback of
our ‘Alpha’ version ahead of our full launch.
We believe the importance of this process
reflects broader trends in the sector. One of
the major ways that technological innovation
or FinTech is making an impact, is through
the disaggregation and disintermediation of
financial services. Over the past few years,
you have seen that the most successful new
entrants in financial services (for example,
FundingCircle or Nutmeg) are those that focus
on doing one thing really well. Mondo’s focus
is to ensure that our ‘one thing’ – the provision
of a smartphone-based personal current
account – is as good as possible before
we consider expanding. This represents a
significant opportunity and challenge for us.
As a new market entrant, we face a range of
other operational and business risks. As a
mobile-only banking provider, cyber-security is
something we take incredibly seriously. Mondo
has invested heavily in internal expertise to
ensure the robustness of our systems, which
has been subsequently validated by external
parties. As well as systems security, there is
also the issue of customer security. For this,
we have developed new features to combat
fraud and ID theft, such as a phone app to
freeze and unfreeze your account, and we will
continue to ensure that we are on top of any
emerging cyber threats to provide the highest
levels of fraud and identity protection.
As a prospective bank, we are subject to a
high level of prudential regulations and the
usual risk management concerns in respect
of capital and liquidity. We are in very strong
position in terms of capital. To date, our capital
raising has been incredibly successful, with
our latest crowdfunding campaign raising £1
million in just 96 seconds. In terms of liquidity,
we are adopting a conservative approach to
managing our assets and liabilities.
The most successful new entrants are those that focus on doing one thing really well
£1M/96seconds
Capital raised by crowdfunding in just
7
Our lending is limited to the provision of
customer overdrafts, with the rest of our deposits
being placed with the Bank of England. We
have the advantage of low operational costs,
with no significant overheads associated with
an expensive branch network, which means we
do not have to participate in high risk lending.
Obtaining a banking licence is a significant
undertaking that we take incredibly seriously and
so far we have completed the ‘pre-application’
stage and submitted our banking licence. There
are undoubtedly, and understandably, barriers
to entry for prospective new challengers in
the retail banking sector, whether they are
considered FinTech or conventional.
Despite these risks and challenges, there
are many reasons to be very excited about
the opportunities ahead for Mondo and those
introducing technological innovation into
banking. The digitalisation of financial services
and the emergence of FinTech has the potential
to completely transform the sector on a global
basis. Much of this innovation is currently taking
place in the UK and, in particular, London.
From Mondo’s perspective, being based in
London offers unparalleled advantages due
to its position as a global financial centre, its
regulatory and market infrastructure and its
ability to attract the brightest talent.
Perhaps one of the most exciting aspects of
Mondo’s product offering is that it is completely
scalable. While we are very much focused on the
UK market at present, there may be opportunities
to expand to Europe and elsewhere in future.
We consider this ‘scalability’ to be an important
aspect of FinTech and we fully expect a ‘Google
of banking’ to emerge at some point in future...
and naturally we hope it is us.
This will of course depend on effective
coordination of international financial
regulations and removal of cross-border
restrictions in banking and financial services.
We would encourage policy makers to provide
more leadership and support for UK firms in
order to ensure these opportunities are seized.
Paul Rippon is Deputy CEO of
Mondo, a new UK digital bank
www.getmondo.co.uk
The digitisation of financial services and the emergence of FinTech has the potential to completely transform the sector on a global basis
8
WHAT DOES THE FINTECH REVOLUTION MEAN for THE RISK PROFILE OF BANKS?
1. Digital DisruptionInvestment in financial technology (FinTech)
has grown exponentially from just $2 billion
in 2010 to $19 billion in 20151. At the current
rate of growth this could exceed $100bn within
the next 10 years. Yet so far only 1% of the
consumer banking wallet has been disrupted
by new digital banking models2. We estimate
that the loss of traditional banking revenue
through digital disruption will rise to 30% by
2026. When compared with other digitally
disrupted industries such as music and travel
booking, this figure could easily exceed 50%
before it plateaus.
To date, nearly three quarters of FinTech
investment has been focused on user
experience, driven by a consumer demand for
convenience and connectivity. The change in
consumer behaviour, coupled with increasing
pressure on profitability, has also led to
incumbents replacing much of their physical
assets with automation. This has resulted in an
industry-wide reduction of full time employees
(FTE) by c.25% since the global economic
crisis3. Digital disruption will only continue to
facilitate this trend. We predict FTE figures to
fall by a further 30% over the next 10 years.
1 CB Insights: The Pulse of FinTech in Review, March 2016 2 Citi GPS: Digital Disruption, How FinTech is Forcing Banking to Tipping Point, March 2016 3 Business Insider: UK Banks Cut Jobs, July 2015
$19bGlobal FinTech investment in 2015
$100+bGlobal FinTech investment expected by 2020
9
Operational rationalisation at this scale has
already been achieved across much of the
Nordic region. Operating with a similar cost
to income ratio, the European banking system
could add 40% to pre-tax profits4. Yet even
this addition to the bottom line would not be
sufficient to counter the potential revenue loss
through disintermediation.
To stem the threat to revenue, banks must
become innovative before FinTech companies
get the scale to truly compete. Banks have
responded promptly to the challenge,
developing various strategies to leverage
process automation, partner ecosystems,
outsourcing and IT agility to bring innovative
services to market at speed.
Many firms have also begun working directly
with new start-ups and FinTech providers
through so-called ‘Innovation Labs’. Through
collaborations, banks hope to control change
to ensure they are the net winners of digital
disruption. In this new interconnected and
modular financial economy, services will no be
longer delivered by just one organisation, but
by many different firms operating across the
value chain.
This new look banking enterprise requires
a review of enterprise risk. Technology
integration and increased connectivity
will expose firms to a new set of threats.
Managing these risks will require a detailed
understanding of constituent technologies
such mobile, cloud, security and big data.
This must be combined with a broad
knowledge of business processes, regulatory
issues and risk management. The mandate
and skillset is distinctly different from the
traditional roles of Chief Risk Officer (CRO) or
Chief Information Security Officer (CISO) and
in response to the skills gap, we will see the
rise of the Digital Risk Officer (DRO). By 2017
a third of all organisations will have a DRO
responsible at an executive level for managing
the risks across the digital business5.
So what are the challenges the DRO will need
to bring to the board?
4 Citi GPS: Digital Disruption, How FinTech is Forcing Banking to Tipping Point, March 20155 Gartner: Digital Business Innovation Risk Will Bring About the Rise of the Digital Risk Officer, June 2014
Banks must become innovative before FinTech companies get the scale to truly compete
10
2. Strategic Risks 3. Financial RisksSelecting the right business model is key. From
outsourcing, to technology and partnership
selection, an evaluation of the benefits and
risks is required. Whilst on the one hand
outsourcing may limit costs, provide access
to skilled resource and enable flexibility and
agility, it also brings the challenge of integration,
control and third party risk management. Firms
will also need to assess their digital strategy
against more than 250,000 pages of new
regulation and legislation to ensure a viable
and sustainable digital operating model.
Reputational risk will be closely coupled with
these decisions, from ensuring regulatory
compliance to selecting complementary
partnerships. New external factors, such as
social media, also pose a reputational risk.
Twitter has been shown to be a powerful
predictor of stock market sentiment and
individual Tweets can significantly impact
stock price values6.
In 2013 the business magnate Carl Icahn
announced his Apple position over Twitter,
causing the Apple stock to rise $17bn in market
capitalisation within minutes7. In 2015 Hilary
Clinton vowed to take on the pharmaceutical
industry, which sent the 144 member Nasdaq
Biotechnology Index down 4.7%8.
The financial risks of becoming a digital
enterprise are significant and the adequacy of
a firms’ IT architecture to support the operating
model will be key. Over recent years RBS,
Barclays, the Bank of England and most recently
HSBC, have all been subject to major IT outages.
In 2014 RBS was fined £56m by the FCA for
the incident, with the cost of remediation also
expected to stretch into the millions9. Incidents
such as these not only have a financial impact
but strengthen the position of new entrants
who offer a counterpoint to traditional banking.
Banks are already making large investments in
new IT infrastructure. In 2017, European banks
are expected to spend 21.9% of their IT budget
on new investments, this compares to just 13.7%
four years ago10. Transitioning legacy platforms to
new infrastructure is in itself fraught with risk and
will require careful consideration and planning.
Digital architectures, once implemented, also
create new financial risks that must be managed.
The speed of data transmission, the ease of
service switching, straight-through processing
and increased connectivity, will all impact the
bank’s ability to manage its capital position
and control liquidity. A run on the bank, like
that seen during the financial crisis, could
happen in minutes without the right controls.
This risk threatens not just the firm, but the
industry and the financial system itself.Transitioning legacy platforms will require careful consideration and planning
11
4. Operational RisksThe impact of digital transformation for
operational risk will be significant. As firms
transform, it will become increasingly important
to avoid mismatches between the vulnerabilities
of the sector, the business model and the risk
management capability. Digital transformation
shifts the balance from traditional operational
risks to new risk types such as cyber security,
digital conduct and fraud. These risks build on
traditional risk definitions and require firms to
evolve their risk framework to improve controls
and policies, governance and culture. Digital
disruption is already impacting fraud, with the
cost of losses through mobile channels costing
companies 3% of revenue on average11 and by
2018 mobile is expected to account for 54% of
total online sales, an increase of 184%12.
Compliance programmes such as PCI and PII
will continue to be important, as will the use of
analytics and information sharing services such
as the Fraud Intelligence Sharing System (FISS)
provided by the UK Cards Association. The
growth of the digital ecosystem will continue to
work in favour of the fraudster. Social media and
an exponentially growing volume of data, creates
rich pools of information for criminals to utilise.
In the two years to 2015, the cost of social
engineering fraud has already doubled to $1bn
as a result13. Interconnectivity will also increase
the attack surface of the digital enterprise – a
major challenge for organisational security.
Today’s attack strategies employ patient multi-
step processes that blend social engineering,
exploits, malware and evasion into on-going
co-ordinated attacks.
The JP Morgan breach in 2014 is but one
example, resulting in the compromise of
84 million accounts. Mitigating this type of
threat requires more than an IT solution. It
encompasses issues of management and
ownership across the IT, operational and third
party domains. Understanding anomalous
user behaviour will also be critical, with 75% of
security risk attributed to just 1% of users. To
combat this the DRO will need to rely on new
advanced analytical tools. Risk and regulatory
technology (RegTech) such as this will become
increasingly important. Unlike FinTech, RegTech
is not in competition with the banks’ supply
chain but integral to it – helping to mitigate the
unique risks that digital disruption creates.
As well as protecting the bank, the DRO will also
need ensure that technology-led improvements
do not adversely impact the customer. The FCA
already requires firms to identify consumer biases
and avoid taking advantage of them. In a digital
world, customer biases can be exacerbated
by the ‘framing effect’ in which people react
differently depending on how information is
presented. Banks must therefore analyse how
customer biases impact digital decision making.
Furthermore, digital environments change
the paradigm of financial conduct, but once
understood can also enhance conduct risk
mitigation. Each bias is predictable and their
drivers are known, so it is possible to design
digital channels that avoid consumer bias and
to adapt monitoring mechanisms so they can
detect when consumer bias is a problem.
12
ConclusionPolitical, economic and regulatory ambition
will ensure that digital disruption is here to
stay. In August 2014, the Chancellor of the
Exchequer, George Osborne, announced the
UK Government’s goal to make the UK the
‘global capital of FinTech’. The FCA, through
Project Innovate, is actively addressing many
of the regulatory barriers to digital innovation.
This has been supported by new regulatory
policy such PSD II, XS2A and legislation from
the European Commission aimed at creating
a Digital Single Market.
For incumbents, digital transformation will be
critical for survival, but managing the digital
risk will be critical for success. Successful
firms will need to operate alongside new
FinTech, service providers and suppliers of
capital and infrastructure. This will create new
sets of risks that extend across the strategic,
financial, operational and regulatory domains.
To ensure sustainability of earnings and return
on equity, firms will need to proactively identify
these risks and develop appropriate mitigation
strategies. These challenges will extend
beyond the historical experience of many risk
practitioners and will require a fundamental
upskilling across the business, including
new board level representation to provide a
consistent and unified approach to digital risk.
For those organisations that overcome these
challenges, the opportunity is significant. It will
not be possible to generate the quantum of
pre-crisis profits, however through optimisation
and by limiting the impact of disintermediation,
we estimate that European banks could add
40% to their pre-tax profits in the next 5 years.
Michael Soppitt is a Director
within Parker Fitzgerald’s Global
Digital Practice.
6 Business Insider: The ECB says Twitter can Predict the Stock Market, July 20157 Forbes: Does Social Media Affect Capital Market, September 20138 Bloomberg: Clinton’s Tweet on High Drug Prices Sends Biotech Stocks Down, Sep 20159 FCA: FCA Fines RBS, Natwest and Ulster Bank Ltd £42 million for IT Failures, Nov 201410 Celent: IT Spending in Banking, A Global Perspective, February 201511 Pymnts.com: Rising Mobile Commerce Fraud Costing Retailers, February 201512 Verifi: Mobile Channels Risk. Booming M-Commerce Comes with Elevated Risk13 BBC: Vishing and Smishing: The Risk of Social Engineering Fraud, January 2016
Digital transformation will be critical for survival, but managing the digital risk will be critical for success
40%Potential addition to European banking pre-tax profits in the next 5 years
13
DIGITAL INNOVATION: THE REGULATORY HORIZONWhile financial regulators often struggle to keep pace with rapid technological change, it is clear that innovations in financial technology and the growth of FinTech are increasingly on the radar of global and national regulators.
This comes at a time when they seek to
manage concerns about financial stability,
payment infrastructures, cyber security, data
protection, privacy and wider conduct risks.
It is clear, however, that there is currently no
global comprehensive regulatory framework
in place for the digital revolution, with many
international regulators still learning about
FinTech and how innovation impacts on
financial stability and benefits consumers.
Some initiatives are very focused on the
FinTech sector itself, such as the FSB’s
consideration of financial stability ramifications
and the FCA’s initiative to explore how FinTech
works in a sandbox. Other regulators, such
as the OCC, are more focused on linking any
digital transformation with a broader scope of
financial services innovation which might or
might not involve FinTech.
It is not desirable for any financial institution to invest heavily in any digital infrastructure without ensuring that it is consistent with the EU regulatory guidelines
14
Some key current and future regulatory
developments are illustrated below:
1. The Actions and Intentions of the Regulators
• Financial Stability Board (FSB) Measures:
In February, the Financial Stability Board (FSB),
led by Mark Carney, announced that they
are looking at the potential financial stability
implications of emerging financial technology
and ensuring that global regulatory frameworks
can manage any systemic risks that may arise
from technological advancements. The FSB are
expected to outline further details on this shortly.
• FCA Project Innovate and Regulatory Sandbox:
Given the UK Government’s desire for the
UK and London to be the leading FinTech
centre in the world, it has launched initiatives
to incorporate the digital financial sector into
the legislative and regulatory framework.
The FCA’s Project Innovate and Regulatory
Sandbox are attempts to provide new FinTech
companies with sufficient support to achieve
regulatory authorisation.
• HKMA FinTech Facilitation Office (FCO):
FinTech is driving innovation in financial services
globally and changing the nature of commerce
and end-user expectations for payments and
financial services. And in order to support the
sustainable development of the FinTech industry
in Hong Kong and to keep the public confidence
in FinTech services and the banking system, it
is crucial for the banking sector to maintain a
high level of cyber security and data security.
In terms of regulatory compliance, there is a
significant amount of legislation in place or
currently being developed at EU level. The
EU has implemented critical frameworks
for the adoption of digital markets and
payment systems. PDS2 is the DNA of the
digital payments directive, the Single Digital
Market of the EU sets out three pillars on the
implementation of the entire digital market
whilst MIFID II is focused on securities trading
and will set up compliance frameworks on
activities including High Frequency Trading
and the transparency of Dark Pools. Finally,
the EU Data Protection Act is focused primarily
on privacy issues.
It is, therefore, not desirable for any financial
institution to invest heavily in any digital
infrastructure without ensuring that it is
consistent with the EU regulatory guidelines.
Given the rapid pace of technological change
and the process of learning by international
regulators with regards the potential impacts of
digital innovation, the precise future regulatory
landscape will be difficult to predict. Banks
and financial firms, however, should have
appropriate digital risk strategy and control
systems in place, thereby ensuring they are well
positioned for current and future regulations.
This will mean that all aspects of operations
comply with sensible standard risk practice,
such as good governance, transparency,
disclosure, flexibility and efficiency.
15
• Office of the Comptroller and Currency (OCC):
In a document advocating safe financial
services innovation (March 2016), the OCC
includes digital-based products as one of
many innovations in lending and security
markets. The key requirement is effective risk
management and control frameworks;
‘At the Office of the Comptroller of the Currency
(OCC), we are making certain that institutions
with federal charters have a regulatory
framework that is receptive to responsible
innovation along with the supervision that
supports it.’
2. Digital Compliance
PSD2/XS2A:
The Payment Services Directive II defines the
architecture of the payment systems in the EU by
enhancing consumer protection, introducing strict
security requirements and promoting innovation.
Key Considerations:
• New rules designed to open up access of
payment account information to Third Party
Providers (TPPs). These types of providers,
which have already offered services to
consumers for some time, without being
regulated, are defined and regulated by PSD II.
• Customers are allowed to give permission
to retailers to use their bank details. This
direct connection between retailers and banks
is enabled by an Application Programming
Interface (API) for which the European
Banking Authority (EBA) has been given
the responsibility for defining the Regulatory
Technical Standards (RTS).
• Prohibition to use the same payment
instrument within more than one limited
network or to acquire an unlimited number of
goods and services.
• ‘One-leg’ transactions (where the payment
service provider of either the payer or the payee
is outside the EEA) and transactions in any
currency (not just EU Member States currencies)
come under regulations relating to transparency
and the supply of information to users.
• The rules introduce and define the concept of
‘stronger customer authentication’ and require
Payment Services Providers to apply strong
customer authentication when accessing their
online account or initiating a payment transaction.
16
MIFID II:
The delayed Markets in Financial Instruments
Directive II (MIFID II) is a comprehensive piece
of financial services legislation, extending
transparency and competition in Financial
Markets and especially trading activities. This
looks set to impact on technological innovations
in financial markets, as the Directive contains
provisions to regulate high-frequency algorithmic
trading and dark pools, by placing effective
systems and risk controls to ensure its trading
systems are resilient and fair.
Network and Information Security Directive:
The European Parliament and the Council
reached an agreement on December 2015 (still
to be finalised) on the Commission’s proposed
measures to increase cyber security in the EU.
This new Directive is the first piece of European
legislation on cyber security aiming to make
digital environment more trustworthy. Under
this regulatory initiative, Member States are
required to adopt a national strategy that sets
out concrete policy and regulatory measures
to maintain a level of network and information
security. This includes designating a national
competent authority for information security.
Dr Colin Lawrence is Head
of Strategy & Research at
Parker Fitzgerald.
Single Digital Market:
This is an EU initiative, aimed at removing
the complexity and multiplicity of current EU
regulations creating a single digital market and
enable cross-border e-commerce to flourish.
The Digital strategy was adopted on 6 May
2015 and includes 16 initiatives to be delivered
by the end of 2016 based on 3 Pillars:
• Pillar I: Better access for consumers and
businesses to digital goods and services
across Europe.
• Pillar II: Creating the right conditions and
a level playing field for digital networks and
innovative services to flourish.
• Pillar III: Maximising the growth potential of
the digital economy.
EU Data Protection Regulations:
The key theme of this regulation agreed by the
EU at the end of 2015 is to ensure:
• Privacy
• The ‘right to be forgotten’
• The design of monitoring and control systems
to cope with burgeoning innovation such as big
data usage with predictive analytics.
Indeed, each firm must perform a ‘Privacy
Impact Assessment’ which is a design of a
framework to ensure that the intention of usage
of data pertaining to privacy is not altered
(i.e. with predictive analytics). In the event of
non-compliance the new regulations include
provisions for fining companies up to 20 million
Euros or 4% of their total global annual revenue.
17
About the authors
Dr Gerard Lyons is a senior advisor to
Parker Fitzgerald, and is a member of the
Advisor Board. Since January 2013 he
has been the Chief Economic Advisor to
Boris Johnson, the Mayor of London. Before that he spent
27 years in senior roles in The City, at Chase Manhattan,
Swiss Bank Corporation, DKB International and at
Standard Chartered. His publications include The Europe
Report: A Win-Win Situation (2014), London: The Global
Powerhouse (2016) and The Consolations of Economics,
which was a Daily Telegraph Book of the Year and
released in paperback by Faber & Faber (2015). He has
testified to committees of the US Senate and Congress
and of both Houses of the UK Parliament, and has spoken
at the EU-China Forum in Beijing, as well as at other
international fora, including the Institute of International
Finance, and at many high profile events in the City.
Paul Rippon is co-founder and Deputy
CEO of Mondo. A banker, entrepreneur
and learning coach, Paul has over 23
years’ experience working in the UK and
Ireland’s financial sector across six banks and building
societies. He has held a variety of roles, covering most
aspects of retail banking in particular risk and operations.
As an entrepreneur, he has co-founded businesses across
agriculture, manufacturing and digital services. Paul has an
MBA, is a qualified banker holding the ACIB and is a Fellow
of the Chartered Institute of Bankers. For the past 14 years
he has coached hundreds of students at the ifs University
College across a variety of subjects, most recently for the
MSc in Banking Practice and Management.
Michael Soppitt is a Director within Parker
Fitzgerald’s Global Digital practice. He
has over 15 years’ experience advising
leading financial institutions on technology
strategy relating to cyber-security, data privacy and fraud
analytics. Michael’s primary mandate is to help clients
adapt their risk management capabilities to support new
digital business models. This includes how new technology
can be leveraged to increase the efficiency and integrity of
the risk management function.
Prior to joining Parker Fitzgerald, Michael held several
leadership roles at Santander, Lloyds Banking Group and
American Express. Michael holds an MSc in human-centred
computer systems and a BSc in neuroscience from the
University of Sussex and is a visiting lecturer at Warwick
University on the topic of Digital Risk.
Dr Colin Lawrence is Head of Strategy &
Research at Parker Fitzgerald, overseeing
the firms’ Strategy and Research practice.
He is also the Chairman of Parker
Fitzgerald’s Global Regulatory Network. A recognised
expert in all areas of financial risk management, Colin
has more than 30 years’ experience in financial services
and strategy consulting. From 2008 to 2013 Colin was the
Director of the Risk Specialist Division at the Prudential
Regulatory Authority (PRA), and senior adviser to the
Deputy Governor of the Bank of England on a number
of systemic issues. Additionally, Colin has held senior
positions in academia (Columbia University, Cass Business
School, City University of London) and was formerly
the Vice-Chairman of the International Professional
Risk Association, PRMIA. Colin holds a BA and MA in
Economics from The Hebrew University in Jerusalem,
and a PhD in Economics from the University of Chicago.
About Parker Fitzgerald
Parker Fitzgerald is a specialist management
consultancy focused exclusively within the
finance sector.
The firm provides strategic advice, assurance
and consulting solutions to the world’s leading
financial institutions, in all areas of risk
management, regulation and financial technology,
leveraging a global network of senior industry
practitioners and recognised technical experts.
Additionally, Parker Fitzgerald reports on various
matters for regulatory authorities and central
banks in the UK, Europe and US.
Disclaimer The information contained in this document has been compiled by Parker Fitzgerald and includes material which may have been obtained
from information provided by various sources and discussions with management but has not been verified or audited. This document also
contains confidential material proprietary to Parker Fitzgerald. Except in the general context of evaluating our capabilities, no reliance may
be placed for any purposes whatsoever on the contents of this document or on its completeness. No representation or warranty, express
or implied, is given and no responsibility or liability is or will be accepted by or on behalf of Parker Fitzgerald or by any of its partners,
members, employees, agents or any other person as to the accuracy, completeness or correctness of the information contained in this
document or any other oral information made available and any such liability is expressly disclaimed.
© 2016 Parker Fitzgerald
Parker FitzgeraldLevel 18
Heron Tower
110 Bishopsgate
London EC2N 4AY
+44 (0) 20 7100 7575
www.parker-fitzgerald.com
Parker Fitzgerald
Parker Fitzgerald