The times they are a-changing…. and that process of transformation is now well under way, with the onset of MIFID II regulations followed by the introduction of GDPR in May, both of which will directly affect the pensions industry. Nino Sheikh-Thompkins, Head of Financial Services Propositions at Paragon Customer Communications, outlines what businesses should do to ensure they do not fall foul of new legislation
The imminent introduction of the General Data Protection Regulation (GDPR) represents the most impactful change to data privacy laws in many years. And while its requirements are undoubtedly exacting, the opportunity exists for pro-active organisations to use this to build a more trusting and open rapport with their clients.
The regulation has brought an increased focus on:
- How and why customer data is stored;
- How that information is utilised;
- What happens in the event of a data breach
Security is a key factor, particularly in light of recent high-profile data breaches which have doubtless made for uncomfortable reading, and expensive outcomes, for companies not fully prepared for the new legislation.
Increasingly sophisticated cyber-attacks by those seeking to access sensitive financial information have resulted in the requirement for a rapid and effective response in the event of a data breach.
If the worst does happen, preparation is key. Such incidents can cause colossal reputational damage, and therefore having a tried and tested solution in place to limit the impact of a breach is vital. This ability to communicate quickly and effectively with customers will not only help organisations comply with the new regulation, it will also reassure clients that the problem has been identified and that steps are being taken to rectify it, ideally before they read about it in the media.
The legislation sets a tight deadline within which to react to a breach – businesses must inform the relevant regulatory body of a notifiable incident within 72 hours, or face fines of up to four per cent of global turnover or €20m, whichever is greater, and inform their customer base of a serious breach without undue delay.
Data audit, use and storage
Of course, security is not the only issue covered by GDPR. Organisations are required to be aware of how and where customer data is stored, what data is kept and why, how long it is kept and whether or not it is passed on to third parties – and if so, whether they are also secure and compliant.
Establishing and documenting the legal basis for communication with an individual (which will differ by the type of communications) and therefore ensuring an appropriate and valid reason for holding their data, will be key.
Under the regulation, data must be kept up to date, with the correct level of permission given – consent for marketing communications must be freely given, specific, informed and an unambiguous, affirmative action. Pre-ticked boxes or older consent (default is 2 years) is no longer sufficient and companies must refresh this consent in order to comply.
It is worth considering the form that customer communication may take. Some clients do not wish to receive emails but may be happy to see a printed newsletter. Similarly, they may have a preferred time to hear about their pension. This may be on their commute to work, or it may be on a weekend when they have more time for a leisurely flick through emails.
Specialists such as Paragon Customer Communications have sophisticated tools at their disposal that can create tailored customer correspondence based on online activity to ensure messages are received at a receptive time, using preferred channels.
The impact of MIFID II
New regulations already in force are those imposed by MIFID II. At around 7,000 pages long and seven years in the making, this reworked version of the EU’s original Markets in Financial Instruments Directive seeks to transform Europe’s financial industry at its core, offering greater protection for investors and injecting more transparency into all asset classes, thereby restoring investor confidence.
It is extremely far-reaching, affecting many forms of the financial sector, including banks, fund managers, exchanges, trading venues, brokers, high frequency traders, pension funds and retail investors. Equities markets, fixed income commodities, currencies, futures, exchange-traded products and retail derivatives are all covered by the legislation.
Another interesting requirement is that payments for the research used to make investment decisions and commission will have to be split. This will have repercussions for asset managers, who until now have been able to combine the cost of research and reports into the overall trading fee, usually paid for by investors. However, under a process called unbundling introduced in the new legislation, they will have to budget separately for research and brokerage services.
The aim is to remove any perceived conflict of interest at the heart of trading that affects fund managers’ clients, pension funds, savers and retail investors. It will also give long-term investors the opportunity to ensure brokers are getting the very best deal for their clients.
With the introduction of MIFID II and GDPR, this is undoubtedly a time of huge change for the financial sector. However, with sufficient planning and expert guidance to identify potential gaps in provision or security, businesses can be fully prepared for the effect of these changes and ensure they remain fully compliant.
Paragon Customer Communications is an innovative, award-winning corporate communications provider, combining generations of experience with the latest innovations in technology and smart data. The company helps ensure businesses remain compliant and meet the challenges of today’s communication landscape. For more information visit: www.paragon-cc.co.uk