Extensive change has been happening and continues to happen in the world of compliance. Major new regulation has been ‘landing’ for several years now and with SM&CR being extended to all financial services firms, the regulatory net is spreading wider than ever. And, with the introduction of the Directory plus the current consultation on Operational Resilience, the direction is for more, not less, regulation. Overlay this with the operational challenges created by Covid-19 and firms face unprecedented pressures.
As firms adapt their business models and compliance teams redesign their processes in line with these regulatory demands and operational challenges there has been an equally powerful, change in the demands asked of firms supplying regulatory software to UK financial services. However, before I expand on these changes, let me explain a little bit more about these pressures.
The market challenges
The regulatory change has increasingly been introduced over the last few years, starting with Mortgage Credit Directive (March 2016), Markets in Financial Instruments Directive II (MiFID II, January 2018) and Insurance Distribution Directive (IDD, October 2018). Running through this has been the Senior Manager & Certification Regime (SM&CR) regulation which came into force for banks in March 2016, Insurers from December 2018 and the rest of financial services in December 2019.
To compound matters, earlier this year, dual regulated firms the new Directory were required to submit details of key regulated staff, i.e. individuals holding a Certified Function under SM&CR, directors who are not performing Senior Management Functions and other individuals who are sole traders or Appointed Representatives (including those within ARs where they are undertaking business with clients and require a qualification to do so). Solo regulated firms are required to do the same by March 2021.
Running alongside all this has been the General Data Protection Regulation (GDPR - May 2018). GDPR may not have had quite the same impact as the other regulation on compliance, but it has had a major impact on their IT teams as they work out the practical impact of the GDPR regulation and their responsibilities regarding the information they hold, their relationship to that information, (i.e. data owner versus data processor), and adjust their management of the information in line with the new rules. Not exactly headline news, but GDPR has had a significant impact on IT.
Finally, the proposals in the FCA's current consultation Operational Resilience make it clear that it expects firms to understand their vulnerabilities and invest in protecting those vulnerabilities. The FCA goes on to make clear that this includes any partners which firms outsource the provision of systems and processes to.
Alongside this the FCA, aware of the increasing cost of compliance, has been focusing on and promoting Reg Tech (a new field in financial services which utilises information technology to enhance regulatory processes and reporting). The vision is that managing regulation and reporting on performance against that regulation should harness technology to simplify and reduce the cost of compliance.
Combined, these regulatory changes and the aspirations of Reg Tech (a new field in financial services which utilises information technology to enhance regulatory processes and reporting whilst reducing the costs of compliance), ask serious questions for the firms providing regulatory software.
Software suppliers’ ability to recognise these challenges and come up with clear and cost-effective answers will define which suppliers financial services organisations should partner with over the next few years.
Software supplier’s responses
In a competitive market, software suppliers have no choice but to ‘front up’ to these challenges. But what differentiates the average from market leading suppliers are three things; the understanding of these challenges, the commitment to producing a pragmatic response and the quality of solution in overcoming these challenges. Taking each in turn;
Understanding the challenges
It is easy for software suppliers to read the new regulation, make their own interpretations of what these rules mean in practice and adapt their products and functionality accordingly. The real challenge is to go far deeper and actively engage with both customers and trade bodies to understand how different financial services firms are interpreting the new rules and the challenges it’s creating for them specifically. All firms have different operating models, different mixes of IT systems, different compliance and IT standards and so on. Good software suppliers need to demonstrate a true, empathetic understanding and be brave enough to challenge through real practical experience, asking the questions and be ready to accept the multiplicity of answers they will inevitably get back.
This is particularly the case in a post GDPR world as organisations, faced with rising internal IT costs, are increasingly attracted to cloud based regulatory software solutions. However, with this increased level of interest, software suppliers are faced with increasing expectations, as they must take on the responsibilities of data processors. The FCA's focus on Operational Resilience is beginning to magnify this focus even further.
As a result, suppliers face an increasing level of scrutiny about their cloud/hosting capabilities and their own internal processes, standards and controls. This is in addition to requests for increased functionality for end users. Long gone are the days of ‘install it on the customer’s site and walk away’! That is why it’s not about the software product anymore. Firms buying regulatory software are now interested in the solution and, as such, are as interested in things like the management team, regulatory understanding and expertise, implementation experience, post-implementation support, product road-map and infrastructure security and standards. The increase in both the size and complexity of firms' 'IT due-diligence' questionnaires prior to purchasing software is testament to this!
“The real challenge is to go far deeper and actively engage with both customers and trade bodies to understand how different financial services firms are interpreting the new rules and the challenges it’s creating for them specifically."
Producing a pragmatic, ‘whole supplier’ response
If software suppliers think deeply about these market driven challenges, it will inevitably lead to challenging themselves on a regular basis. These internal challenges will range from the quality of their regulatory expertise, i.e 'do we really understand what the regulation is trying to achieve?’, their products, i.e. ‘are we delivering intuitive functionality underpinned by the latest, industry standard technology?’ and, finally, their infrastructure, i.e. ‘are our data hosting and internal security processes meeting the highest standards?’
Inevitably, these challenges will cause internal tensions, however the best software suppliers understand these challenges cannot be ducked and that these tensions are the signs of the reinvention necessary to stay at the front of the industry in support of their customers. Whilst tough, the prize for software suppliers is greater trust from customers gained through a demonstration of holistic understanding of their specific challenges resulting in a willingness to listen to suppliers’ suggestions for innovative ways to deliver the regulatory compliance customers need in a friction-less, almost incidental, way.
Relevant and Proven Solution
And, at its simplest level, when launching new products and delivering product upgrades, continual focus needs to be given to;
True practical understanding of what the software must actually deliver in very real and practical terms.
‘Ease of use’ i.e. the software must be easy to use for every type of end user, e.g. employee, line manager, central team and senior manager. Importantly, the software must be sufficiently intuitive that it can be navigated by end users even if they only log into the software on an occasional basis.
Operational dashboards, i.e. management oversight at the ‘touch of a button’ plus simple drill down to case / incident level.
Regulatory reporting, i.e. producing exactly what the regulator requires in a single click.
Finally, all this needs to be done whilst keeping the price at an attractive level to potential purchasers!
Make no mistake, these factors pose real challenges for software suppliers in the ‘regulatory space’. However, I am in no doubt that the quality of the response to these challenges will separate the good, and ultimately, successful software suppliers from the ‘also-rans’.
To succeed, suppliers will need to take a long-term view, to develop their relationships with customers and trade bodies as much as their product and be prepared to invest heavily in their infrastructure, their internal processes and, last but not least, their people.
As Bill Shankly, the famous Liverpool FC manager fifty years ago, once said; ‘this is a marathon, and you can’t sprint marathons’. And to use a another reference from sport, success will be an accumulation of thousands of small things over a sustained period of time.
In my view, that is what financial services firms should look for in their regulatory software suppliers.
Although updated for this blog, the original contents were published in T&C News in April 2019 - click here to read the full article.