It is fair to say that change has become the norm within financial services today. The last few years have seen businesses invest on multiple levels in understanding the steady stream of regulation we face and then adjusting their propositions and processes to ensure they comply with this. And as the pressure to invest in new technologies and digitisation intensifies, so too does the battle to serve the client.
As one of the panellists at the PAM Digital Forum in London last week, I spoke to a number of wealth and investment management firms – many of whom are engaging more through digital channels and all of whom will be impacted by the regulation that has been designed to protect clients in this increasingly digital world.
Having spent much of the last year ensuring compliance for the impending MiFID II (the Markets in Financial Instruments Directive), the industry is now faced with the prospect of GDPR (the General Data Protection Regulation). While on the surface the two measures are contradictory – the first ensures firms have adequate client records in place, while the second monitors the impact of this data on client privacy and security – both centre on the client and aim to bring a cultural shift through which we can meet their changing needs, while protecting them at every turn.
With less than a year to get GPDR-ready, it is surprising that fewer than half (48%) of the firms at last week’s forum said they are prepared for this new regulation. With an estimated 1.5 million people likely to be affected by data breaches before 2020 and almost limitless penalties for businesses that do not comply, the financial and reputational risk GDPR poses to an industry that is focused on renewing consumer trust is immense.
So, why have so many been slow to adapt to this new wave of regulation? From my discussions with businesses, it is clear that much of this is due to the siloed approach that many take when dealing with change and implementing digital strategies, new technologies and processes. Looking back over the on-going stream of regulation over recent years, the businesses that have integrated this changing compliance across the breadth of their organisations, their propositions, staff behaviours and consumer journeys have emerged as the most successful. Regulation cannot be siloed – so we must be fluid and take a consolidated, business-wide approach in adapting and implementing it.
Most firms today have a digital strategy and there has been a clear shift over recent years in the way in which they manage this. Previously the domain of an IT or project team, for many, digital should be part of a company’s DNA and core to the way in which they operate and interact with clients. And with CEOs now accountable for protecting their clients and their businesses from cyber risk, it will remain firmly etched on the boardroom agenda.
Amongst our own clients, it is clear that the businesses that have been quick to consolidate every strand of client-centric and regulatory-driven activity have created an agile environment through which they can adapt to the changing customer expectations and industry requirements. Not only does this approach drive efficiencies, but it empowers these businesses to understand the drivers for client engagement, making for a more commercial, compliant and innovative environment.
Conversely, many of those firms that have been slower to adapt to these multiple changing forces are weighed down by legacy systems and operate with distinct teams with equally distinct responsibilities – be they the client, the employee or the proposition. With the PAM Digital Survey showing that only one in ten (13%) wealth managers have a unified client and employee portal, it is clear that these silos result in businesses often doing the same work twice, in isolation and without consideration of the impact of these drivers on each other.
Yet the way in which technology and humans can interact with each other is fundamental to a business’s sustained success. GDPR aims to embed a secure culture within every business with which a customer interacts – and that goes far beyond technology. With Verizon’s recent Data Breach Investigations Report (DBIR) citing that just ten vulnerabilities were responsible for 85% of actual client security breaches, small steps can make a big difference in protecting the client and changing the culture in which we operate – whether through training, increasing awareness and adjusting hardware permissions. And awareness goes beyond employees. Clients need educating on how to stay safe, and with the new regulations requiring an increase in the client data and a shift in the way in which we manage that data, the two must work hand in hand to be effective. With GDPR due to affect every business globally that holds or uses European personal data, businesses must engage across jurisdictions – making the need for strategic direction to come from the top and filter across multiple layers of a business greater than ever.
Agility comes naturally to smaller, newer entrants, but there is much that larger, more established firms can do to drive change. We see many wealth and investment managers taking a ‘two-speed’ approach to digital, for example, with their IT departments focusing on core, mainstream activity and separate teams focusing on faster, innovative capabilities. The distinction between teams and activities need not be detrimental – as one wealth manager says, this can create a ‘poster child’ for innovation for the business, driving employee engagement at all levels.
As new technologies and digitisation make for a more innovative and interactive way of serving clients, there is no doubt that regulation will continue apace. And as the financial service industry continues to fight for consumer trust, the need to comply and focus on the client has never been greater. Working collectively to integrate change will not only ensure compliance at all levels, but it will drive scale, agility and efficiencies – and engender a culture in which innovation and progression will thrive.