Top 10 Moments in Financial Markets 2017 – Leading Point
What an eventful year 2017 was. It’s hard to narrow it down to a handful of moments, but I believe the below were pivotal moments with a high degree of impact on Financial Markets in the mid-term.
- 10 years since the financial crisis – reconstruction of the global financial machinery
Last summer marked a decade since the global financial crisis – what has changed (for the better) in financial markets in that time? The 2017 narrative focussed on incumbents vs challengers; legacy models declined, business models became forward-thinking and began to use tech to enhance customer experience. We saw the honest beginnings of how customers could really start to control their money, and also concreting the concept of financial inclusion. Conversely, 2017 saw serious, high-profile data breaches with Uber and Equifax losing client data to hackers; businesses striving to meet requirements of GDPR before May ’18 deadline to ensure customer privacy, enhance data protection and making a move on digital identity (watch this space).
- Open Banking – the Cathedral and the Bazaar, the Regulation and the Business, Tech and Partnerships
In February, the UK government confirmed the PSD2 timetable – a promising step. Banks must share all the data they hold on customers with competitors (if the customer so wishes). The concept of Payment Information Service Providers (‘PISP’) & Account Information Service Providers (‘AISP’) was born. This is posited to help customers get the best deals. In October, start-up Fintech Bud shared the stage with HSBC UK – paving the way for collaborative relationships between incumbent banks (the ‘CMA 9’) and agile start-ups who realise their vision via technology. Changing the face of banking, the likes of Starling Bank, Monzo, Revolut, Yolt and peers created a splash in the market. The digital-only challenger Starling Bank launched their beta version in March, offering a current account experience without branches or a banking license. It’s Jan ’18 – the compliance with PSD2 may have happened, but the real revolution in open banking (‘the bazaar’) has only just started. Looking at neat API maps here is very different from traversing the terrain with complex dynamics at play.
- Bitcoin and Blockchain
Satoshi Nakamoto created bitcoin as a stateless Digital Currency nine years ago, but in 2017 it gained traction and cryptocurrency markets dominated the public imagination. This set the tone for a competitor, Ether – an ERC20 token on the Ethereum blockchain. Tech commentators felt the need to predict the ‘crash’ of bitcoin – it went up to a high of $19,055 on 11 December; today it sits at $9,700. Distributed Ledger Technology definitely saw more than an uptick in 2017 – Global Blockchain Benchmarking Study by Garrick Hileman showed that the Banking and Finance industry has the largest number of identified DLT use cases. Is Bitcoin really delivering on these promises? We think not. But there is for sure a revolution underway in the way we interact with money, store value, and build ecosystem trust.
- Data Knowledge Graphs
In October, Thomson Reuters used Big Data management principles and Machine Learning techniques, to create their Knowledge Graph – a trusted data source and model for customers to leverage, build their enterprise solutions on top of, and benefit in new, connected ways from the breadth of their open platform – imagine leveraging 2 billion relationships for a comprehensive view: “The largest Big Data challenge our customers face today is managing, and making sense of, their unconnected data” said Geoffrey Horrell of Thomson Reuters in an excellent presentation at EDM Council. It is possible to make a start before perfecting Data Governance and Data Quality.
- Interest Rate Rise by MPC – first since crisis and stress testing
To meet the 2% inflation target, the Bank of England Monetary Policy Committee (MPC) at its meeting on 1 November voted by a majority of 7-2 to increase Bank Rate by 0.25 percentage points, to 0.5%. The 2017 stress testing results for UK’s top banks included a scenario in which the banks would deal with a seven year downturn and increased pressure from FinTechs. Are we good? The open banking revolution and its impacts on SME financing could potentially cause a greater ripple in incumbent banks.
- Brexit – busy with legal entity bingo as worst-case scenario looms
There is uncertainty in financial services due to the, as yet, unknown terms of the Brexit Deal the UK will strike on 29 March 2019; this has caused many CEOs to plan for the ‘worst case scenario’. Legal entities and potential staff moves dominated the headlines. The banking industry was pushing for as much clarity as possible, rather than be left with a ‘cliff-edge’ or ‘chaotic’ Brexit. London sought to retain its status as Europe’s financial capital, but the possibility of regulatory ‘equivalence’ was not quite the ‘passporting’ the industry has enjoyed to date. 2017 could not confirm nor deny what the future would be, while we continue to await the deal terms.
- The Budget from Philip Hammond / Patient Capital
The Budget included a commitment to shore up the UK’s position in technology and innovation post-Brexit. It also set out plans to establish a dedicated subsidiary of the British Business Bank to become a leading UK-based investor in “patient capital” across the UK – something written about a lot in the financial press in 2017. HM Treasury’s Patient Capital Review was a framework to support innovative firms to access the finance, needed to scale up. Xavier Rolet, who stepped down from LSEG in November, was a staunch advocate of SMEs. LSEG’s ‘1,000 Companies To Inspire Britain’ set to drive long term investment in SMEs. Xavier explained; “What they [SMEs] need is long-term ‘patient’ capital, like equity, where people seek investment to grow their business either through individual investors, on capital markets, or through crowdfunding and peer-to-peer platforms.”
- Insurance Industry’s Moment of Truth – Ogden Rate Reform
20 March 2017 saw the PIDR (Personal Injury Discount rate) otherwise known as the Ogden Rate reduced by 3.25 percentage points from 2.5% to -0.75%. The 2001 discount rate influences the lump sum paid to successful personal injury claimants; it was set with reference to the return rate of index linked gilts (ILGs). After several years of campaigning, and borne out of the historically poor performance of the UK economy, the PIDR was reduced to below zero to provide an uplift in compensation: otherwise, the capital sum awarded to the claimant, if invested, would underperform against inflation. This had a shock effect on the market with billions of additional costs in premiums and compensation rises expected. In September, the insurance industry won a major victory by persuading the government to reform the Ogden Rate. It provided some breathing space while the disruptive effects of InsureTechs start to bite, and LMG progressed the London Market Modernisation agenda.
- Passive vs Active Investment
There became a divided camp in 2017 with some insightful commentary in the FT. The ETF market soared with players such as BlackRock leading the way, their operational costs being inherently lower than active fund management – Smart Beta became a rising trend with lower management costs and competitive expense ratios – will this consolidate in 2018? Did active asset management take a real blow? The figures suggest a move towards more of a balance between passive and active investment. In October, borne out of the rise of passives, Fidelity UK announced a new ‘fulcrum’ variable fee model based on performance. The manager would charge a higher fee when delivers outperformance net of fees, but lower if performance meets or is below benchmarks. A step forward to value active management and reduced management fees. 2018 will see these developments play out.
- MiFID II – Major Regulatory Overhaul
Last and not the least. 2017 was the year gifted to the Financial Services industry, as the MiFID II implementation deadline was extended to 3rd January 2018. Capital Markets saw their biggest regulatory overhaul yet, to create a more transparent and accountable industry. Now it’s gone live, the market is scrambling to ensure it will pass the tests in: best execution, information to clients, surveillance, monitoring, governance, reporting, and transparency. Billions in capital and effort were spent achieving a compliant state, and it looks likely efforts will continue well into 2018, even 2019. What wholesale changes will MiFID II precipitate and what will be the unintended consequences? 2018 promises to be a fascinating year.
Did you feel strongly about any other moments that should have made this list?
Please comment and share below freely.
Thank you.
Rajen Madan
#LeadingPointFM #FinancialCrisis #FinServ #CustomerExperience #FinancialInclusion #DataBreaches #GDPR #CustomerPrivacy #DataProtection #DigitalIdentity #PSD2 #RetailBanking #Data #OpenBanking #SatoshiNakamoto #bitcoin #DigitalCurrency #cryptocurrency #ERC20 #Ether #Ethereum #blockchain #BigData #MachineLearning #KnowledgeGraph #Fintech #Brexit #Deal #PatientCapital #HMTreasury #PIDR #OgdenRate #InsureTech #smartbeta #LMG #MiFIDII #CapitalMarkets #Compliance #Operating Models #BestExecution #DataGovernance #DataQuality
Rules of Data
On 24 October, it was reported that the Financial Conduct Authority launched an investigation into the US credit checking company Equifax; almost 700,000 Britons had their personal data misappropriated between mid-May and July this year. The FCA gave evidence on this matter to the Treasury Select Committee on 31 October because of the significant public interest. The FCA has the power to fine Equifax, or strip it of its right to operate in the UK, if it is found to have been negligent with its customers’ data. With European Union governments formally stating that cyber-attacks can be an ‘act of war,’ data protection cannot be taken seriously enough. The Equifax data breach is by no means a solitary data breach – several large organisations such as Dun & Bradstreet, Verifone, Whole Foods, Deloitte, DocuSign, Yahoo! are already part of the mix.
The Government is aligning domestic data legislation with the European Union in an effort at continuity, despite our plans to leave the EU. The Data Protection Bill, is proof that the Government seeks to keep the UK au courant with the newest data law of EU provenance.
The number of internet users is now close to 4 billion. Businesses continue to move their products and services online in order to service their customers. Data continues to grow exponentially and will persist in its travel far and wide – enabled by technology proliferation. The EU’s General Data Protection Regulation (‘GDPR’) has been precipitated by acute necessity. Companies need to review and revise their approach to privacy, security and governance of their data. A holistic, data protection framework is needed that is centred on the customer and encompasses their interactions, experience, sentiment, along with those of advocacy groups, shareholders, and regulators. This is a non trivial exercise and requires interventions at the mindset, policy, information governance & security and process levels, along with enabling technology.
Businesses are heading in the right direction with GDPR, but there is still a long way to go. Implementing this change with the right spirit is fundamental to building trust with customers and partners. Leading Point’s experience helping organisations with these requirements suggests that while significant compliance hurdles exist, a risk-based approach that focuses on five core areas, will be instrumental to success.
1. Give your customers control over their data – a mindset change
Bearing in mind the territorial scope of the GDPR – across the current 28 EU member states, plus, anyone dealing with the EU, most teams within organisations will benefit from the ethos behind the Regulation. A mindset shift from owning your customers’ data to stewarding your customers’ data is required. Give your customers control over their data. Any legal or natural person processing data must believe in the spirit of this sea change – the need
to assume responsibility for stewarding your customers’ data and to provide them with confidence in your processes. GDPR expands on the list of ‘rights’ each data subject is afforded: the right to be informed, the right to
access data records, the right to data erasure, to name a few. Tone at the top matters immensely.
2. Achieve Data Protection by Design
Which department is leading your organisation’s GDPR compliance efforts? A cross-functional team will help in deploying a holistic data protection framework. To start with, the focus must be on classification of the data, its
supply chain and its governance. Therefore, leveraging existing data management initiatives to embed data privacy requirements can really help in ‘data protection by design’. In practical terms, companies need a clear picture on: ‘what types of data do they hold on their customers;’ ‘which types of data is sensitive and requires enhanced security levels;’ ‘who has access to customers’ sensitive data;’ ‘where is this data processed and distributed;’ ‘how does it flow;’ ‘what is its quality;’ and ‘are their checks and controls in place around its flow and access’? The rules are more stringent now, as companies establish the depth of customer data – their interactions, experiences, sentiments – what impressions are left in an organisation’s data stores. The definition of personal data and its inherent breadth has been redefined – ‘Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.’ And so the notion of data minimisation is born. We believe that while there are increasing numbers of quick-fix GDPR solutions in the market, achieving data protection goals is less about technology, and more about energising the organisation into becoming 100% data aware.
Building trust in your data will allow for effective process and controls for data protection, security and governance.
3. The Art of the Process
Focus must be on the ‘process’ exercise – visibility of customer journeys – which processes interact with customer data and the ensuing data lifecycle. Knowing which functions have client-facing processes and ensuring these are
adapted is called for. Threading through specific processes for data collection, data storage, data sharing, access requests and breaches is the focus. Having a command of what happens to personal data, who is involved in gathering it, and responding to Subject Access Requests is important, not least because you will have only a month to respond and cannot routinely charge the current £10. What steps to take in the event of a data breach, how to manage contracts which hold personal data: these are all explicit in the Regulation. For all data processors, we must double down on education and training – on policies, on data governance, on processes and new rules of data. This means highlighting a consistent approach to the different scenarios. Surely the best protection is a body of staff that is wholly informed?
4. Integrating data protection with a risk-based approach
By taking an inventory of obligations to customers via existing contracts and business agreements, organisations can start to manage their stated responsibilities linked to customer data and its management and use. This is a
quick-win.
Data classification and governance exercises will highlight the sensitivity, breadth and depth of data, the access and use of the data held. Data flow will highlight the data processors and third-parties and internal functions involved. Data quality will highlight where data management controls are required to be shored up. In turn, this will flag up priority remediation exercises on customer data.
The aforementioned ‘process’ exercise will highlight key customer-facing process changes, or a requirement to deploy specific data processes referenced by GDPR. Organisations can road-test these processes against the required process turn-around times. For example, data breaches must be reported within 72 hours, and as mentioned above, data subject access requests – one month. Involve your customer services team actively with data protection and security breach scenarios – this will build memory and promote mindset change.
The overarching governance in an organisation will be a key cog in the data protection ecosystem; the Regulation has duly led to the genesis of the Data Protection Officer. Enabling these responsibilities with existing data management governance responsibilities, and appointing data champions, can be an effective approach. Data protection is indisputably everyone’s responsibility, so the emphasis must be on organisational cooperation.
5. Cascading to Third Parties & a Cloud
Third party contracts and the framework that dictates how these are established, must wholeheartedly reflect any changes to the requisite data protection and security obligations. A compliance policy which standardises how third party contracts are established can also be a useful instrument. Data transference should be shored up with model contractual clauses, which allow all parties to clearly realise their responsibilities. We are alive to the persistent risk of cyber attacks, so it is crucial to remember that your data on the cloud is a business issue, as well as an IT issue. Are you fully apprised of where your business stores its data; on the premises, in the cloud, or both? The increasing trend to shift data and infrastructure to a public or private cloud no doubt presents an economic benefit and technology road map for some organisations. But make no mistake, organisations are accountable for their customer data content, its usage, and their security policy for cloud-based storage. Measures such as encryption, pseudonymisation and anonymisation will help, and should be employed as a matter of course, as well as remaining open to select technologies that help underpin cyber defence.
To conclude
When implementing change, evidence-based decision making shouldn’t be the only strategy; knowing which cogs in an organisation interlink cohesively in practice will greatly assist in a robust framework that threads through to
a mindset shift, policy, data, process and third parties. To reinforce an earlier perspective, data is only growing. So are data breaches and cyberattacks. The garnering of our data to feed algorithms and ‘machine learning’, borne
out of the Silicon Valley revolution, is leading to inevitable change in our lives, but we must strive for a democratic jurisdiction for our data. Organisations must give customers control of their data and the confidence in their data
management processes. Rather than penalty-based scaremongering, think of this as an opportunity to build your brand, to send a robust message to your customers and partners, demonstrating care and respect of their data.
To close, a soundbite from the Information Commissioner’s Office: ‘Data protection challenges arise not only from the volume of the data but from the ways in which it is generated, the propensity to find new uses for it, the complexity of the processing and the possibility of unexpected consequences for individuals.’
Leading Point Financial Markets brings compelling value in the intersection of Data, Compliance, Governance and Operating Model Change initiatives.