2017 is gearing up to be a game-changing year for FinTech in the UK and abroad, as firms begin to adapt to rapidly approaching regulatory changes. Brexit is a significant, and obvious, hurdle on the horizon. Combined with revised directives in payment services, money laundering and data, and every FinTech CEO has an invested interest to understand and prepare for these challenging regulatory changes. In this article, we look at the top four most pressing regulatory challenges facing the industry.
Revised Directive on Payment Services (PSD2)
PSD2 will shake up the way we make virtual payments by expanding the definition of what a ‘Payment Institution’ is. It will open up the bank account to third-party payment providers so they can initiate payment transactions directly from the account itself.
Overall, the implementation of PSD2 is likely to be a good thing for the UK FinTech industry. Improved access to banking data is likely to provide a market for new services, which should in turn provide growth opportunities for entrepreneurial start-ups, as well as existing firms. Expect it to be transposed into EU member state’s national law no later than January 2018
The Fourth Money Laundering Directive (4MLD)
4MLD will oblige national governments to:
- introduce central registers of beneficial ownership
- expand the definition of politically exposed persons (PEPs)
- introduce stringent customer due diligence (CDD) and know your customer (KYC) obligations.
An area not addressed by 4MLD is the disparity of Anti-Money Laundering (AML) and reporting requirements throughout the EU. 4MLD allows for interpretation of high and low risk situations to be decided by the local competent authority (for example, the UK’s FCA). Such a fragmented system could leave FinTech firms internationally uncompetitive through no fault of their own, and significantly affects their ability to scale across Europe.
This directive will be transposed into EU member state’s national law no later than June 2017.
General Data Protection Regulation (GDPR)
GDPR is expected to ‘extend the scope of EU data protection law to all foreign companies processing the personal data of EU residents’. It will also require certain public authorities to employ Data Protection Officers and make sure all firms protect data better, as well as keeping a comprehensive record of their decision making processes.
These changes – much like the 4MLD – are evolutionary rather than revolutionary. More significant for the industry however, is the implementation of a strict penalty system which could see firms fined up to €20 million or 4% of global annual turnover – whichever is higher – for falling foul of these new regulations. GDPR will be applied across the EU no later than May 2018.
Brexit and the UK’s withdrawal from the European Union
Now that the UK Government has adhered to its own self-imposed timeline and triggered Article 50, the UK expects to withdraw from the EU no later than April 2019. UK FinTech firms must still prepare for the aforementioned incoming EU regulations, as the final deadlines for their imposition and implementation will have come and gone long before the Brexit process is concluded.
How can FinTech Companies Prepare?
The next few years will be a tumultuous and change-filled time for FinTechs operating both in the UK and abroad. 2017 in particular, will be crucial. While firms undergo the careful and lengthy process of planning to ensure they remain compliant with all incoming regulations, they must also take additional steps to protect their business interests in the face of substantial uncertainty through the mid-to-long term.
The growth of RegTech as a key component of FinTech will likely be an enduring consequence of the upcoming changes. As increasingly stringent regulations demand more and more from the small to mid-sized FS firm, these firms will inevitably move to outsource their compliance requirements to save both time and money. Agile (and often automated) compliance solutions like KYC-Pro can fulfil this function, and might prove central to the building of a more co-operative relationship between FinTech and RegTech – but only time will tell