With the focus of attention on the snap general election, and how to make a success of Brexit, there is a danger that firms of all sizes will be distracted from other pressing issues and this could have a severe impact on business.
Digital innovation and the implications from new regulatory requirements is a case in point. All firms are innovators, whether it is the development of sophisticated automated advice propositions, or the smaller scale introduction of digital processes to improve client communications, advisers, distributors and providers are embedding technological innovation in the way they operate.
But how many of us stop to consider how we will deal with the future regulation that will be coming into force in 2018, or fully understand what the implications will be? Even holding client data – something we all take for granted – is going to be subject to new European Union data privacy regulation and will continue to be even after Brexit.
The EU General Data Protection Regulation (GDPR) will be in force by May 2018. It will apply to firms who process data about individuals in the context of selling goods or services within the EU. Here, in the UK, the Information Commissioner’s Office (ICO) is the lead supervisory organisation tasked with the responsibility of implementing GDPR. The penalties for falling foul of the regulation can be severe. The ICO can impose fines of up to 4 per cent of total global turnover. It is no surprise that this is concentrating minds in many boardrooms.
And this is not the only regulation that applies. The Second Payment Services Directive (PSD2) must be implemented by January 2018. Cited as an important step towards a Digital Single Market in Europe, PSD2 aims to increase competition in the payments industry, bring into scope new types of payment services and enhance consumer protection. It has wide-ranging implications across the industry and particularly for FinTech.
Related to this is eIDAS, which oversees identification for electronic transactions within the EU. This regulation includes the electronic identification and trust services for processes like the electronic transfer of funds and other services.
Each are important in their own right, but it is going to be crucial to understand the inter-relationships between these regulations and the inter-play with the UK government’s digital transformation strategy. This is one of the key themes that the Tax Incentivised Savings Association (Tisa)’s newly formed Digital Innovation Policy Council is going to be focusing on, along with standards for the sharing of data.
As digitalisation expands so, unfortunately, does the threat from cyber crime. A point recognised by the FCA chief executive officer Andrew Bailey who, towards the end of last year, talked to a Treasury Select Committee about the trade-off between innovation to increase competition and security. Mr Bailey warned that it would be a mistake if something that appeared to be very good from the point of view of the consumer opened up the system to threats.
Cyber security is something all firms need to treat seriously. A recent report from the government’s National Cyber Security Programme highlighted that in 2016 at least one security breach was discovered by 46 per cent of all British businesses. It is not just the financial cost of an attack on customer data, the damage caused to reputation can also be debilitating, especially for smaller-sized firms.
There is plenty for firms to get to grips with as digital innovation becomes more prevalent. The regulatory implications will become clearer in time, but prudent organisations will be getting ahead of the game to ensure they understand the risks and are adequately prepared. Playing catch up could be very costly indeed.
David Dalton-Brown is Tisa director general
