Hay un concepto del que ahora se habla continuamente: el de la “digitalización”. Las entidades financieras están inmersas en una dura carrera, en realidad una auténtica maratón, para adaptarse a las exigencias que la digitalización implica.

Una de las últimas propuestas relativas a esta idea tiene que ver con la creación del “euro digital”, una forma de dinero que emitiría el Banco Central en un formato estrictamente digital, sin soporte físico (https://www.ecb.europa.eu/pub/pdf/other/Report_on_a_digital_euro~4d7268b458.en.pdf). Su impacto podría ser semejante al que tuvo en su momento la introducción de la moneda por los griegos, una innovación que dio origen a un nuevo sistema con un conjunto de características y reglas propias diseñadas para hacer que la población confiara en él y lo utilizara en su vida diaria.

Hay algunas preguntas que rápidamente vienen a la cabeza para poder entender y definir el alcance del cambio:

  • ¿Cómo se verán afectadas las entidades financieras?
  • ¿Podrán los clientes minoristas acceder directamente a estas monedas? Si éste fuera el caso, ¿perderán los bancos la función de intermediarios financieros?
  • ¿Cuál será la infraestructura y el diseño funcional de la nueva forma de dinero?

Se estima que se tomará la decisión acerca de si se emite este tipo de moneda hacia mediados de 2021. A partir de ese momento surgirá el proyecto de implementación que podría durar un mínimo de 2 años.

La experiencia en otros grandes programas de adaptación a una realidad cambiante, como la transición de las referencias LIBOR en el que Projecting ha colaborado tanto en UK como España, permite anticipar un esquema de líneas de trabajo (“workstreams”) que habrán de incluirse en la estructura del proyecto de implantación:

  1. Legal: El euro digital plantearía diversas cuestiones legales, involucraría nuevos documentos y políticas legales, así como revisar los existentes.
  2. Negocio: Qué áreas están afectadas. Este punto ayudará a identificar los actores (“stakeholders”) clave que estarán involucrados en el proyecto.
  3. Contabilidad: ¿Supone algún cambio a la hora de contabilizar?
  4. Operacional: Desafíos importantes pueden surgir alrededor de la nueva infraestructura requerida. Hay que identificar qué sistemas y procesos están afectados, qué nuevos desarrollos y tecnologías serán necesarias. Ambas formas de dinero (las existentes hoy en día, así como el nuevo euro digital) convivirían, implicando que los procesos y sistemas para ambas tendrían que coexistir y confluir.
  5. Cumplimiento y blanqueo de capitales: Los pagos usando euro digital deberán respetar las normas de lucha contra el blanqueo de capitales y evasión fiscal.
  6. Comunicación: Qué mensajes hay que enviar a los clientes fuera de la organización (a través de la página web, carta, telefónica, …)
  7. Riesgo cibernético: Desafíos técnicos conllevan riesgos cibernéticos. Revisar la gestión de los mismos formaría parte del proyecto.

Los actores del sistema financiero deben estar preparados para este cambio y prever en la medida de lo posible sus impactos, así como planificar en que consistiría el gran proyecto de integración, implementación y adaptación a esta nueva forma de dinero.

[:en]data/ˈdeɪtə/ [noun]

  1. Facts and statistics collected together for reference or analysis;
  2. The quantities, characters, or symbols on which operations are performed by a computer, which may be stored and transmitted in the form of electrical signals and recorded on magnetic, optical, or mechanical recording media.

How important is your data? Is it important enough to have a data manager? What about a Chief Data Officer? Do you have a data governance policy? Do you outsource all or some of your data governance? Who supplies your data? Who migrates your data? Who inputs your data? Who checks your data? Who reads your data? Who uses your data?

Do you ask these questions often? If you don’t, somebody somewhere should be and also, more importantly, someone should know the answers. It should also be inherent in your training schedules now.

This year no one escaped the intrusion of the GDPR. I say intrusion, as there was a surge in emails that gave everyone an opportunity to cleanse their inboxes of the databases that you didn’t want to be on any more but couldn’t be bothered to unsubscribe from. It was literally an act of purification, or was it? Has it worked? The act was not intended to stop commerce, yet it may have had exactly that effect in the short term. Many shops and advertisers rely heavily on the through traffic or click bait. Medium term, as an unintended consequence the spam and junk emails returned to similar levels quickly proving that data is alive and well as a commodity.

No doubt Cyber Monday made sure we got the latest on-line bargains, but your inbox will bear the consequences unless you opted out of mailing lists – but was that at the forefront of your mind when looking at 50% off?

In financial services, however, there has been an unprecedented focus on the security and governance of data and not just personal data. Many companies are now planning or implementing governance structures which previously were the domain of investment, operations, compliance and finance departments. So, do you know the answer to the questions at the top of the article? Are you doing anything about it if you don’t? Will auditors focus on this in the next year, if they haven’t already? Given the levels of risk and fines, it seems likely and you need to know where your company stands in relation to the data regulations.

Projecting have expertise in data and we know the answers to the questions through our experience and track-record of delivery on regulatory projects.[:es]data/ˈdeɪtə/ [noun]

  1. Facts and statistics collected together for reference or analysis;
  2. The quantities, characters, or symbols on which operations are performed by a computer, which may be stored and transmitted in the form of electrical signals and recorded on magnetic, optical, or mechanical recording media.

How important is your data? Is it important enough to have a data manager? What about a Chief Data Officer? Do you have a data governance policy? Do you outsource all or some of your data governance? Who supplies your data? Who migrates your data? Who inputs your data? Who checks your data? Who reads your data? Who uses your data?

Do you ask these questions often? If you don’t, somebody somewhere should be and also, more importantly, someone should know the answers. It should also be inherent in your training schedules now.

This year no one escaped the intrusion of the GDPR. I say intrusion, as there was a surge in emails that gave everyone an opportunity to cleanse their inboxes of the databases that you didn’t want to be on any more but couldn’t be bothered to unsubscribe from. It was literally an act of purification, or was it? Has it worked? The act was not intended to stop commerce, yet it may have had exactly that effect in the short term. Many shops and advertisers rely heavily on the through traffic or click bait. Medium term, as an unintended consequence the spam and junk emails returned to similar levels quickly proving that data is alive and well as a commodity.

No doubt Cyber Monday made sure we got the latest on-line bargains, but your inbox will bear the consequences unless you opted out of mailing lists – but was that at the forefront of your mind when looking at 50% off?

In financial services, however, there has been an unprecedented focus on the security and governance of data and not just personal data. Many companies are now planning or implementing governance structures which previously were the domain of investment, operations, compliance and finance departments. So, do you know the answer to the questions at the top of the article? Are you doing anything about it if you don’t? Will auditors focus on this in the next year, if they haven’t already? Given the levels of risk and fines, it seems likely and you need to know where your company stands in relation to the data regulations.

Projecting have expertise in data and we know the answers to the questions through our experience and track-record of delivery on regulatory projects.[:]

The 2018 FCA Platform Review interim report highlighted that the challenges of the costs and charges reporting requirement due in January 2019.

Those of you trawling through Waterstones best sellers and bargain books (other book shops are available) may not have stumbled on the FCA Business Plan 2018-19.

You may be under the impression that after the excitement of MiFID II and GDPR, there is a lull. Indeed, there appears to be a period of grace but this, unfortunately, is a false dawn. The business plan outlines some 12 reviews, 8 publications and numerous other activities across all financial services.

Some of the “highlights” include the proposed Suitability Review 2019. A follow-up version of the highly successful 2017 review.  (Is it me or do we seem to be following the same naming convention as the FIFA video game?)

The thematic priorities, which will have diverse methods of addressing and review, are:

  • Culture and governance
  • Financial crime and AML
  • Data security, resilience and outsourcing
  • Big data and fintech
  • Treatment of existing customers
  • Pensions
  • High cost credit

Key priorities within these themes are finalising the rules of the Senior Managers and Certification Regime and monitoring the roll out of technology and resilience as part of the Open Banking and the second Payment Services Directive (PSD2) (with the ability for third party providers to access a client’s data and make payments, this will be an important test of the security of this directive).

Introspectively, the FCA are also testing and applying RegTech and advanced analytics to the approach to regulation which may open the door for firms to move to similar schemes. Also, the FCA will be creating a Memorandum of Understanding with the Information Commissioner’s Office. This may lead to a focus in certain reviews and questionnaires on data security.

We have not heard the last of MiFID II either and, although to date, a collaborative approach has been taken, we may see considerable more depth to the monitoring, particularly transaction reporting and the inconsistent approach to research costs.

So, enjoy the summer’s fine weather, holidays and sport and look forward to the next year or two’s regulation with a spring in your step and a passport in your hand (Brexit allowing of course).

As more details become available on each of the areas, we will publish a short pragmatic guide on what they mean and what you will actually need to do.

With a couple of months to go until GDPR becomes law, how far up (or down) the Information Commissioners 12 steps are you from compliance?

We would like to give some practical guidance and advice, as well as share our experience to date. Projecting aren’t compliance experts (and don’t pretend to be) but our experience recently has demonstrated that, as with most other compliance projects, the practical application of the regulations requires an operational brain with a compliance awareness and that’s where our clients have been utilising Projecting.

So, here are our top tips:

  • Having a clear Data Policy that covers clients, employees, and vendors
  • Communicate clearly with all of these groups on their rights and data retention procedures
  • Take the opportunity to assess and clean up personal data repositories and anywhere else you keep personal data internally
  • Use this as a marketing opportunity to affirm data security with your clients
  • Document your impact assessment fully, i.e. in and out of scope regulations
  • Be clear about being a data controller, data processor or both
  • You may never get an exhaustive list of the business areas that are impacted, and which functions, but keep communicating and importantly, training, and you will reduce the risk of gaps · Utilise the Information Commissioners website (ICO)
  • Don’t be distracted by some of the esoteric impacts suggested, e.g. business cards – stay principle focused

So, we haven’t provided all the answers, and would never hope to, but rather than be as prescriptive as a management consultant, we want to share the pragmatic and not the enigmatic. As with all regulatory projects, we hope that this will assist in putting context and focus on the GDPR project you are undertaking.

And it won’t surprise you to know that we are covering all of the above in our own, internal, Projecting GDPR project!