How new regulatory requirements are changing the banking world

What are InCore's current top priorities in Compliance & Risk Control?

Dealing with cyber risk remains a prominent issue at InCore. We need to consider how we are using our resources to best manage these risks.

A further challenge is to evaluate FinTech companies that use creative tools to support the implementation of regulatory-driven processes and thus make consulting easier and more efficient.

The implementation of FIDLEG and MiFID II will bring about major changes in the areas of pre-execution, execution and post-trade. This results in a need for action at various levels.

To what extent will new laws or regulatory requirements change banks' business models in the near future (e.g. through the EU GDPR, PSD2 or others)?

My impression is that we are in the midst of structural change, because the new laws meet new technologies. As a banker you know about the fundamental changes of new technologies. But it is difficult to see the concrete effects for the bank itself.

Take payment transactions, for example: the emergence of payment apps such as Twint, Apple Pay or Samsung Pay has confronted banks with a new reality. Is this a danger because the «execution of payments» service is becoming less lucrative for a bank? Or is it an opportunity because the bank possesses the customer interface or valuable customer information that serves as a starting point for a large number of lucrative transactions? And what are the implications for banks' deposit business as a result of a possible abandonment of payment transactions, and what happens to income from foreign currency transactions?

From a compliance perspective, how do you assess the developments in the blockchain area? Where do you see dangers and potential for the banking world from more regulation, and why?

Blockchain is based on an ingenious concept. Instead of an intermediary (bank, clearing office), payments are processed directly between buyer and seller via the internet.

The advantage of this processing method is that attacks by cybercriminals hardly impair the function of the system thanks to the decentralized storage of identical data.

The disadvantage is the open network architecture, which makes it almost impossible to adequately control access to the system - which from a compliance point of view is a «no go» or at least a major challenge.

Do you see potential for reducing the net regulatory burden and compensating banks' compliance expenses through positive direct or indirect effects? If so, in which areas, and why?

By introducing new regulatory requirements, I also see opportunities to reduce the bank's risk situation. New rules can help to identify new risks. I admit that there are laws or circulars that overshoot the mark. On the whole, I see every regulatory change as a wink to achieve something good for the bank or to optimize existing processes.

In order to implement new rules in the best possible way while saving costs and time, we at InCore maintain a compliance community with our client banks. In this community, we discuss practical solutions and have them worked out so that everyone benefits from cost sharing while maintaining a high degree of influence.

We won't be able to avoid standardization and industrialization of the compliance function - and that's good, because it's done for the benefit of quality and costs can be kept stable in the long term.

You can read the full interview with Barbara Schreier and two representatives of the consulting firm PwC here (original in German, source: Finnova AG Bankware).