By Rob Fulcher, Head of Business – Americas, CUBE 

Regulatory overlaps are an ongoing, perplexing and often time-consuming anomaly. They occur where multiple market regulators act disjointedly in their attempt to address a market failure, thereby imposing different regulatory requirements with contradictory or overlapping obligations. For financial institutions, this can be problematic: which regulation should take precedence? Will they face punitive action for neglecting one obligation in favour of another?

Following the global financial crisis of 2008, a swathe of new policies and acts came into force with a view to protecting the system and essentially preventing another market crash. Inevitably, this led to a host of new regulations, some of which created overlaps and inconsistencies. In turn, this leads to inefficiencies and misunderstandings as businesses endeavour to comply with all and every regulation, often finding themselves at a stand-off.

Financial institutions – especially the compliance team – are desperate for regulatory clarity. However, in many cases, it is not forthcoming. Regulatory clarity is not, it seems, high on the regulator’s agenda. A recent report by CUBE, RegTech for Regulatory Change, in association with Burnmark, explored the evolving landscape of regulatory overlaps. We now delve deeper into this topic to ask, ‘what is the solution?’

GDPR, PSD2 and MiFID II – to collect or protect data?

One notorious regulatory overlap that causes consistent headaches for financial institutions is that between GDPR and PSD2.

While GDPR gives individuals greater control over their data and restricts the freedoms of organisations to share it, PSD2 imposes data sharing requirements on financial service providers. It is up to the banks to ensure that correct policies and procedures are in place so as to comply with both pieces of legislation. This is not often an easy task considering their almost diametrically opposite aims.

The same can be said for the regulatory rules that surround both MiFID II and GDPR – two pieces of legislation filled with inherent contradictions. While the former focuses on consumer protection through transparency and retaining more information about the investor community; the latter is concerned with data protection and limiting the access to investor data if so desired by the owner of the data and giving investors the right to be forgotten.

Data privacy and AML – data sharing can only go so far

Data is a commodity – compared often to crude oil. For financial institutions, data is not only part of ongoing business functions, but it also holds potential for manipulation, misinformation or illicit activity. Surprisingly, the value of data has only truly been realised in recent years. In turn, we have seen a swathe of money laundering and data protection activity – leading to new and amended regulations to bolster data protections and simultaneously impose supervisory requirements to avoid money laundering. Global banks are finding it challenging to comply with one without compromising on the other.

Multinational banks often find themselves walking a tight rope between trying to meet data privacy requirements and simultaneously meeting those surrounding anti-money laundering (AML). For example, banks in the US are forbidden from sharing Suspicious Activity Reports (SARs) with foreign branch counterparts due to disclosure restrictions, thereby making it difficult to implement a group-wide compliance program.

Regulatory overlap in the US

The US has a long-established, complicated and often fragmented regulatory structure. Significant and costly overlaps exist across the board, especially between the Office of the Comptroller of the Currency (OCC) and the Federal Reserve System’s data collection activities, along with its supervision and examination activities. Consumer protection is conducted by six US regulators, which naturally results in overlaps, duplication and confusion.

 

Similarly, the US Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC) and state securities regulators oversee securities and derivatives markets, leading to similar concerns of overlaps and fragmentation. Swaps and security-based swap products face the supervision of SEC and CFTC and market participants have made it known that this leads to significant market and operational challenges.

The answer

Regulatory overlap is not new – nor is there a clear solution. We have occasionally heard tales of compliance team members writing to regulators to request clarification, often to no avail. In the meantime, financial institutions must take steps to implement all relevant regulations where they can and mitigate risks where they are not able.

Regulatory technology (RegTech), especially automated change management platforms such as CUBE, highlight overlaps and alert compliance teams where issues or inconsistencies arise. For now, this is the most effective means of managing unclear regulations.

Ultimately, the answer lies with financial regulators themselves. While uncertainty exists, regulators must issue guidance and expectations in order to standardise approaches across the industry. The ideal outcome is undoubtedly founded in collaboration: regulators across sectors, industry and jurisdictions should collaborate to ensure that legislative changes are consistent and do not tread on the toes of the other. With the emergence of new technology – and related new regulation – many regulators are calling for a joined-up approach and looking to work together in their supervisory goals. Perhaps collaborative, unambiguous financial regulators aren’t so far away after all.

Author Bio:

Rob has 20 years’ experience in financial services sales and management. Following his early sales career at Euler Hermes, a global credit insurance business, Rob went on to establish a 15-year career in GRC. Initially working in London at Complinet, a compliance and risk business, Rob subsequently relocated to New York. In 2010, Complinet was acquired by Thomson Reuters and Rob played a pivotal role in growing GRC revenues, especially relating to regulatory change management. As Head of Sales Americas for CUBE, Rob re-built the sales team and consistently out-performed all other regions.

 

This is a Sponsored Feature.