Reacting to an avalanche of regulation

In the wake of the 2007-2009 financial crisis, the global banking and financial industry has been swept over by a ‘tsunami’ of regulation, addressing money laundering, non-compliant money, customer and data protection. This has been backed by greater enforcement from regulatory authorities. 

 “The issue of undeclared money is 10 years old and has been dealt with, but what is remarkable now is that a lot of regulation is focused on client privacy and suitability, on transactional based issues and Know your Customer (KYC),” says Marnin Michaels, partner in the wealth practice Baker & Mckenzie Zurich. 

A key implication is private banks have been forced to increase their legal and compliance teams, meaning significant cost rises. This has contributed to reduced profit margins, leading to consolidation, particularly among institutions with €5bn ($5.8bn) to €15bn in client assets. “For a private bank that does not have a minimum €30bn in client assets, the likelihood of long-term survival is low,” he says. 

This prediction may be validated by expectations that regulatory costs for financial institutions will more than double over the next five years, from 4 to 10 per cent of revenues by 2022, according to corporate finance advisory firm Duff Phelps.

In Switzerland, the increased regulatory burden and cost associated with it, combined with a change in business models needed to be tax compliant, has led to a reduction in bank numbers by a third over the last 10 years, from 400 in 2008 to 270 today. Swiss banks’ cost income ratio is around $70c per $1 of revenue, according to KPMG, roughly 10 basis points higher than 10 years ago.

“This is not just a one-off cost,” says Shelby du Pasquier, partner at Lenz & Staehelin, Switzerland’s largest law firm. “Private banks can face these types of investments and recurring costs by increasing the size of operations and benefiting from economies of scale.”

At Kleinwort Hambros, part of the Société Générale group, over the past 10 years the legal and compliance team headcount has increased fourfold, estimates Paul Kearney, head of private banking.  “Part of the cost increase in compliance has fallen onto the HR and training team, to ensure we have suitable, competent individuals,” he says. “This is a good thing. It means the level of quality in the industry has moved up significantly.”

However, most costs are related to changing systems and adapting infrastructure, he explains, adding that the bank is going to “re-platform” its core banking systems, which will also allow more flexibility and use of digital services. 

“In many cases, you are building solutions you know will be short-term fixes, which will be very expensive. But if the regulation has a deadline sooner than the new platform is operational, you just have to comply,” he says, explaining that the merger of two firms KB and SG Hambros created a “large business” able to absorb the costs. 

But why are most institutions struggling to meet regulatory deadlines which have been common knowledge for a long time?

“Regulatory programmes, such as MiFID II, are multi-year programmes and had been known for years,” admits Mr Kearney, “but detailed regulations and the way each jurisdiction was going to interpret the regulation did not come about as fast. Changing core banking systems takes several years, and the two programmes often do not perfectly join up.”

Also, banks are reluctant to invest a huge amount of time and money when regulation could still change, he says. With PSD2, the EU Revised Payment Service Directive, for example, the deadline was twice postponed, as difficulties in meeting it forced the regulator to offer some flexibility.

Most firms in highly regulated industries would rather not be the first mover but want to be “in the middle of the pack, and make sure their behaviour is consistent with the average of the industry, so they can’t get hit out so easily from the regulatory perspective,” argues Baker & Mckenzie’s Mr Michaels.

The largest institutions in a country tend to take the lead and bring the industry group along, because they have no choice, as the time to get things done takes longer, he adds.

Certainly, preparation for GDPR, the EU regulation on data protection and privacy, which came into effect on May 25, has been frantic and most firms of all sizes continue to struggle with it.

The legislation, which The Economist describes as arguably “the most complex piece of regulation the European Union (EU) has ever produced”, aims to set a single common set of rules dealing with data protection, replacing the EU 1995 directive, implemented in different ways across various member states. 

The attempt to harmonise various national systems has led the regulatory authority to make compromises, and arbitrate between various interests, so that the resulting regulation is much more detailed than would have been the case otherwise, explains Lenz & Staehelin’s Mr du Pasquier.  

“It’s mind boggling. Just trying to understand what it means is daunting and has a huge impact on financial institutions in particular, forcing them to rethink their organisation, appoint a data protection officer, put in place processes that store the data, grant access to data upon request, ensure there are no leaks and put in place processes to deal with leaks.”

A common claim by tech vendors is that their tool will be able to solve any GDPR woes, says Philip Greaves, director at consulting firm Protiviti. “These pieces of software allow you to document where all the data is, in a reasonably automated way, but cannot solve the problem of finding data in IT assets you do not even know you have.” Banks have thousands of business-critical systems, all potentially containing personal data. 

While private banks do not have the same volumes as big retail banks, some of their data is a lot more sensitive and unstructured, because of the very customised service they provide, which leads bankers to collate information on individual spreadsheets or Word documents. “And the reputational damage, if some of this information got out, would be massive for them,” says Mr Greaves.

Matching up to MiFID

However, the single piece of recent regulation that has most concerned private bankers in Europe is MiFID II, the revamped version of the Markets in Financial Instruments Directive, designed to offer greater protection for investors and inject more transparency into all asset classes, whose implementation date across the EU was January 3, 2018.

While most banks focus on costs, MiFID is a great opportunity to make changes to the bank’s commercial proposition, to the benefit of both clients and banks, believes Victor Allende, executive director Private and Premier Banking at CaixaBank. 

Over the past couple of years, the Spanish bank has set up an independent advisory team, aimed at offering transparency to clients and avoiding conflict of interest, in line with the primary goals of the legislation, which also aims to providing clients with full and clear pre-and post-contract information.

“We want to grow the independent advisory service quite quickly, and our goal is to gather €3bn through the service over the next couple of years.” 

The bank has started a discretionary advisory business from scratch, which has gathered €20bn in client assets since it was launched three years ago and is expected to grow by €8bn to €9bn each year. 

“That is a huge change of business model, from non-independent advisory to an explicit fee-based business, with discretionary portfolios offering higher transparency, avoiding conflict of interest,” says Mr Allende. 

Independent advisers are paid based on the quality of the advice they provide, and not by recommending a fund to clients which may pay higher rebates. In the US, 60 per cent of private client assets are fee-based, and there is no reason why Europe should not get to those levels too, thinks Mr Allende.

While in the Nordic countries MiFid II has had no major impact yet on private banks’ pricing structure towards fee-based advice, increased transparency helps clients compare providers and the value of services provided, observes Vesa Ollikainen, head of the investment centre at Nordea Wealth Management. 

“I think increased transparency on fees and consumer protection will level the playing field and help the client better assess different providers. The ones that stay most relevant and bring value to the client will most likely benefit,” he says. 

Rather than a finished project, MiFID II should be considered a work in progress. “You need to make sure you are finding solutions to meet current client demand, but also their future expectations,” says Mr Ollikainen.

In addition to increasing automation of processes to comply with regulation, the bank fully embraced the concept of “near-shoring”, by growing its existing IT “centres of excellence” in Poland, which are also able to handle GDPR requests coming from businesses from the Nordic countries, while sharing infrastructure across the whole Nordea group. This year, the bank is moving staff from Sweden to Poland but also to other existing IT centres in the Nordics, to build “centres of excellence with a critical mass”. 

Outsourcing activities to low cost jurisdictions, with staff equipped with language and technical skills, has proved a smart move for some. Credit Suisse’s entire HR department operates from Poland, for instance.

 “Companies today are finding balance between offshore and ‘near-shore’, as the cost advantage of outsourcing to CEE, India or Asia may not be as compelling as it once was, compared to some areas of the UK, for instance,” says Kleinwort Hambros’ Mr Kearney. However, co-location is important when it comes to speaking to compliance officers, he adds. 

Regtech boost

Another major trend, partly driven by regulation, has seen private banks investing in technology to automate processes and improve efficiency. But in some cases, so-called regtech can help speed up processes.  

IT systems and compliance and legal team required major investments for MiFID II, says Erica Kostelijk, head of processes at ABN AMRO Private Banking, and programme director for MiFID II implementation. 

“We had to adjust many IT systems but, if you look at the sheer size of the legislation, you really need a lot of people to make sure it is interpreted well. It is not a black and white regulation, in most cases. It is really about understanding, interpreting and making assumptions, testing them with the market.”

There were regtech systems available to support the decision-making tree to interpret legislation, guiding firms through the whole process. “But at the time we were way ahead of regtech systems, they were of no use to us. If things were not clear, we had to make assumptions and push ahead, we could not afford to wait. I am sure other larger investment firms had the same problem. Smaller firms may have benefited,” she says. 

Regtech is particularly useful and growing when it comes to AML [anti money laundering] or KYC, says Ms Kostelijk, where IT systems help bankers go through all payments and client data and can detect anomalies.

“Regulation forces us to think about data very carefully, to understand what your data is and what you are doing with it, who has got access to it and why you need it,” says Nicky Bernard, partner and chief technology officer at multi-family office Stonehage Fleming. Also, it forces institutions to think about data as either an asset or a liability. “If you don’t need the data, then arguably it doesn’t carry value, it’s a liability and you shouldn’t have it.” 

Regulation drives institutions to think holistically across IT systems and avoid silos, says Mr Bernard. The largest multi-family office in Emea is half way through a three to five-year process aimed at modernising its whole infrastructure, to eventually build a scalable, “highly secure”, digital platform, which can be continuously updated, and work within an ecosystem of tech and fintech companies, and institutional investors, with an API connectivity capability in place. 

“In a sense, you must turn yourself into a tech company,” he says, believing that compared to larger private banks, being smaller enables them to be nimbler. 

Increased regulation is also driving firms to look for external partners to which to outsource non-core activities. 

“Regulation is a big driver of technology investments, and it really focuses people’s minds on their core activity, as the cost of running a business while being compliant is increasing,” says Maarten Heukshorst, client relationship officer at Pershing Emea. For all their non-core activities, firms are looking at whether to build infrastructure in-house or, if they do not have sufficient scale, to outsource to external providers. 

“Having a centralised set of data enables firms to run a much more efficient business and generate higher revenues,” he says. “Also, it allows them to better manage information, and mine and analyse data, allocating resources to benefit from those trends.” 

When it comes to complying with regulation, the main issue is that wealth managers have made investments, but these have been largely in people, which is very expensive, argues Mark Trousdale, chief marketing officer at InvestCloud. He stresses the importance of investing in a centralised, digital data warehouse able to “talk” to other systems digitally, managing both structured and unstructured data.

“You need to put information somewhere securely, where you can go back and audit it, whether it is for actual auditors inside financial account contacts or whether it is for GDPR compliance.”

What prevents institutions from making tech investments is the assumption that these are cost prohibitive. “Compliance is considered as a cost centre, especially to front office people. Firms are not looking at the longer term and are failing to make a robust cost benefit analysis,” he adds. “Banks are not used to thinking about data management as a driver for profitability, they are driven to invest in technology only when the regulator is telling them to do it or once their profitability is threatened,” he says. 

But there are also other factors which banks are looking at in their digital transformation programmes. The push towards transparency imposed by regulators and the trend towards fee compression in wealth management are key drivers for tech investments which can no longer be ignored.   

Adapt and thrive?

Regulation is a headache for most wealth managers, but can it offer some form of competitive advantages to those institutions which can implement it more effectively than others?  

“Regulation is a burden, a huge cost, and is putting huge pressure on both the front and middle office. I am not sure than any regulation can be sold as offering any form of competitive advantage to one bank over another,” says Shelby du Pasquier, partner at Lenz & Staehelin. “However, over time distinction will be made between those institutions that behave responsibly and responsively and those which will be named and shamed.”

In today’s commoditised environment, banks need to look at different ways of positioning themselves to customers. And regulation may offer this new opportunity, believes April Rudin, founder of financial services marketing firm The Rudin Group. “Everyone wants to be a client of a strong and compliant financial services institution,” she states. 

Banks have been hiring compliance officers at breakneck pace to keep up with new regulations, she adds. “But they need to embrace a 21st century solution for a 21st century problem.”

A bank using state-of-the-art technology can position itself as being “head and shoulders” over other financial services institutions. “What regtech solutions powered by AI allow private banks to do is to take out the mundane and routine tasks that are associated with the job, leaving advisers to the job they need to do best, which is interacting with people,” says Ms Rudin. 

While modernising infrastructure is a very expensive process, in the long term it can lower costs, adds Nicky Bernard, chief technology officer at Stonehage Fleming. “But you don’t want to waste money automating certain functions where you need human intervention.” 

Political mindset

Wealth management firms are struggling to finds ways of being compliant with regulation in a way that is least intrusive to high net worth clients, says Julie Patterson, head of Investment Management, EMA Regulatory Centre of Excellence at KPMG

MiFID II is a great example of this tension, as it does not make any distinction between the retail market and the private wealth world. Wealth managers, who are generally allowed to provide more bespoke services, are obliged to adhere to rules such as standardised disclosures, which is annoying HNW clients.

“I think there is a flaw in the structure that does not allow the HNW world to offer bespoke disclosures to match client’s needs,” says Ms Patterson, wishing for the return of a private client classification, in addition to the retail and institutional segments. 

Increased regulation has also created another strain in the wealth management space. As the cost base increases, from a commercial point of view it makes more sense to have bigger firms to achieve scale. But clients still want to go to a smaller firm, where they feel they are getting personal service.

“The core theme for wealth managers is how do you carry on giving the bespoke service when you have got more and more things you need to provide in a standardised way?”

Unlike in the US, where there is currently a review of post-crisis legislation and a pulling back of some rules, there is no sign of any easing up of European regulation, says Ms Patterson, citing the sustainable finance proposal as another piece of legislation requiring more disclosures. 

“You need a fundamental change in the political mindset around financial services. We are seeing more disclosure coming up and no rationalisation.”