Whenever talk turns to regulatory initiatives and how RegTech can solve these challenges, it seems that we do not appreciate the real opportunity of RegTech: Transparency about your internal policies, processes and the related datascape. Yes, it may appear to be the only way to get to grips with the constant regulatory change and the enormous obligations that come with regulations like MiFID II or GDPR. But looking at how RegTech works in practice, we discover that the true value goes way beyond the solution of specific problems. And in this sponsored post, which we produced together with our partners at eccenca, we will do exactly that.
The last year has put RegTech in the spotlight and created a kind of hype about it, but many believe that 2018 could be the year we find ourselves at crossroads. With a year full of regulator challenges in the form of MiFID II, GDPR, PSD 2 and many other initiatives becoming applicable, can RegTech live up to its promise? We at Planet Compliance certainly believe so. Not only because traditional methods and spreadsheets won’t be able to deal with the immense demand for information that authorities ask for. It needs new ways to address these challenges effectively and this is what RegTech is first and foremost supposed to do. While most RegTech solutions might tackle a specific problem though, the real value goes beyond this as they are able to create an original and efficient approach. Effectively, they offer application in other uses cases that can present new opportunities and increase their attractiveness many times over.
Take, for example, compliance with the General Data Protection Regulation (GDPR). Designed to harmonize data privacy laws across Europe, it presents companies with immense challenges to ensure compliance with its requirements. However, addressing only the requirements of this particular act, means ignoring the potential to deal with future regulations in a more efficient and cost effective way.
At the bottom of the problem
Why? Well, at the bottom of most of the challenges that financial institutions face is data, or to be more precise transparency about our datascapes and the quality of the information held by organisations. Institutions hold incredible amounts of data, but this data comes from numerous sources in multiple applications, everything encoded so that only the respective source application can decode and interpret the information. That’s what makes the reuse of data so difficult and leads as a result with regard to the requirements introduced by the GDPR to a high risk of non-compliance as well.
This is the point where RegTechs like eccenca can help though: actually, most information kept in the code of applications can be described as data, and, by doing so, can be removed from the specific context of the source program, analysed and linked at data level to create single clouds of metadata, which in turn then can be used again. The trick is to make sure that data isn’t simply copied over from one application to another one and duplicated. In this way, the data is reusable for other purposes. This process adds even more value when data is shared with external sources such as trade bodies and industry associations but on a bilateral level, too, since often data standards cover only a fraction of data usage, for instance, the communication with exchanges for reporting purposes.
The RegTech Opportunity
In most cases RegTech does not only present a solution for one particular problem, but consists of value that goes well beyond the application to a single case. And GDPR is an excellent example to show how: the problem with complying with data protection regulation is that data subjects are scattered across dozens, if not hundreds of systems in an enterprise. A client of a bank could be registered for one product in one system and for another product in another system and so on. Regularly, financial institutions hold information in many places about the same client, but have no idea about what and where.
The eccenca solution collects metadata from the various systems, consolidates the information and can provide an internal map of personal data processing, always up-to-date as basis to answer subject access requests about data usages in accordance with GDPR, e.g. which information does the company hold about the client, where, why, on which legal grounds, how and when approved, and for which purpose. In this manner the solution creates exactly the kind of absolute data transparency required by the regulation, without duplicating the data itself.
If I have to go through this not small exercise, it stands to reason that you would also use the results for other purposes. On the condition that permission has been given, these insights empower a firm to gain a better understanding of their clients and, as a consequence, discover and explore business opportunities, or address other regulatory challenges. It is necessary though to appreciate and embrace these opportunities. For a firm and its culture, it requires a certain mind-set and openness towards innovation rather than the intention to find a quick fix, as it doesn’t do RegTech justice. After all, while it is an excellent way of dealing with the constant regulatory change, it is foremost an opportunity to gain a competitive advantage and see your organisation like you’ve never seen in before.
This post is the result of our collaboration with eccenca, a software and solutions company. eccenca’s next generation data management solutions are driving automation and rationalization for metadata management, data integration, analytics and data driven processes. By turning ‘strings into things’, eccenca is creating meaningful and machine interpretable knowledge graphs that allow the integrative interpretation of previously siloed data across the enterprise or even throughout value networks. To find out more, go to www.eccenca.com You can meet eccenca showcasing their data management solution at the 2018 Chief Data Officer Exchange and the Marcus Evans 4th Annual Data Quality and Consistency in Banking to find out how they use it to help with the challenges of GDPR.
Planet Compliance only publishes sponsored content from companies whose products and services we think our audience will find valuable or interesting. For additional information about we handle partnerships and content production, please have a look at the Planet Compliance Disclosure Policy, which you can find here.