research & insights from Apiax

Regulatory overview: MiFID, GDPR, Fidleg and more

Share this resource

Removing barriers to global business

View Solution Provider Profile

Connect with Apiax

by Apiax
| 13/03/2020 16:22:36

Digital compliance tools that help master MiFID II, GDPR, FinSA and FinIA

In recent years, the number of regulations has skyrocketed across major industries worldwide. Only in the financial industry alone, over 50,000 pieces of legislation have come into force in the past decade – and more turbulence is expected to come. (Thomson Reuters Cost of Compliance 2019). There is no doubt that regulation will continue to shape the business environment and cause many sleepless nights ahead, especially for those engaged in cross-border activities.

On our Regulatory Radar, we highlight important pieces of legislation that Apiax covers as part of its digital compliance toolkit, whether in wealth management, asset management, data protection or tax.

Complying with ever-changing regulations means adapting to dynamic market conditions. The broad scope of application along with rule ambiguity often trigger uncertainty across organisations. In such a business environment, it is easy to overlook or misinterpret key topics and business-critical regulatory requirements. This is particularly true in a cross-border context with many overlapping, sometimes contradictory, rules and international standards.

Insufficient compliance measures, inconsistent application or action taken too late may all have devastating, long-term consequences – both monetarily and reputationally.

Why go digital?
Apiax’ technology enables entire organisations to better understand and comply with international regulation.

Apiax transforms paper-based legal opinions into digital compliance rules. These rules can be delivered ready-to-use, developed by recognised compliance experts. They can also be amended internally to reflect the organisation’s own risk appetite and code of conduct.

In either case, the digital format supports clarity and implementation of, otherwise, complex regulatory requirements. Automation also creates the ideal conditions for compliance by design.

"Now that we have digitalised compliance knowledge,
it can take on various different forms.
Read the interview"

The second Markets in Financial Instruments Directive (MiFID II Directive) is a reinforced effort to standardise the levels of investor protection, transparency and supervisory powers across the European financial market. The ruleset governs the way in which financial instruments are being traded as well as the compliance measures required market participants.

Born out of the financial crisis in 2008, MiFID II aims to boost market confidence and promote competition between EU markets. Rolled out in 2018, the initiative reshapes European capital and generates commercial and operational knock-on effects for investment firms and wealth managers.

Common MiFID II implications include client categorisation requirements (e.g. professional client definition), client order handling requirements, pre and post trade transparency requirements as well as best execution frameworks.

With the broad scope of application and changes in market infrastructure, financial institutions struggle with complex and labour intensive adaptation, affecting multiple business units. For firms reliant on manual resources, complying with the new guidelines can be particularly challenging. Both large and small financial institutions are still relying on legacy systems that do not fully support all MiFID II implications and ultimately expose the organisations to risk.

"Relevant and defined MiFID II requirements are part of Apiax’ compliance rules, designed to support wealth managers and asset managers. Delivered digitally and alongside other industry-relevant regulation, MiFID II rules can be integrated into the internal workflow (to support implementation of compliance by design) or be accessed through user-friendly applications for a 360 degree view of the regulatory requirements."

FinSA and FinIA
The Financial Services Act (FinSA, FIDLEG (German), LSFin (French)) and Financial Institutions Act (FinIA, FINIG (German), LEFin (French)), are both part of the Swiss financial market architecture. Together, the directives bring a new set of investor protection requirements to Swiss financial services providers that better reflect the local circumstances.

FinSA is based on important EU directives (such as MiFID II, Prospectus Directive and PRIIPs) and concerns the offering of financial services and distribution of financial instruments. By law, providers of financial services are required to provide retail clients and professional clients sufficient explanations and advice to help make informed investment decisions. FinIA relates to the authorisation conditions and supervisory regimes for portfolio managers, managers of collective assets, fund management companies and securities firms.

The objective of these initiatives is to create competitive conditions in the market as well as improved client protection through transparency.

"Both FinSA and FinIA are part of Apiax’ ready-to-use compliance rulesets designed for wealth managers and robo advisors. Presented along with other case-relevant regulation, the fit-for-purpose compliance rules reflect all relevant business activities. Organisations can also implement their own risk appetite and CSR guidelines into the workflow, using the same rule-based principles."

The General Data Protection Regulation (GDPR) was approved by the European Union in 2016, replacing the previous Data Protection Directive. At that point, organisations were given two years to prepare for the coming GDPR principles.

When the law was enforced in May 2018, consumers started noticing changes in their dealings with companies. Terms like “opt-in”, “marketing consent” and “cookies” quickly became part of every business interaction. Behind the scenes, however, were years of preparation to ensure aligned GDPR compliance throughout organisations – and the efforts are still ongoing.

The purpose of GDPR is to EU standardise rules relating to the storage and usage of consumer data. It empowers consumers to gain awareness and control over their personal data and how it is being stored and used by organisations.

Although implemented in the European Union, GDPR impacts all organisations with a global operation. Companies based outside of the EU can expect to comply with GDPR regulation if they offer products or services to EU customers.

Given the broad scope of application, organisations are still struggling to fully align and supervise the efforts to comply with the new standards, exposing the organisation to risk.

"GDPR is part of Apiax’ compliance solution related to privacy and data protection. Designed to equip compliance and data protection officers with fit-for-purpose and case-relevant rulesets, the digital rules come curated by experts and always up-to-date with current legislation."

Personal Data Protection Act
The Personal Data Protection Act (PDPA) is concerned with the handling of consumer data in Singapore. Born out of growing concerns among individuals, the act includes sector-specific legislative and regulatory frameworks.

Designed to ensure a national baseline standard, PDPA takes into account the concepts of consumer consent to the storage and usage data, organisations’ declaration of data purpose and reasonableness.

Along with protecting consumers, the aim of the regulatory initiative is to strengthen Singapore’s competitiveness and position as a trusted, world-class hub for international business.

"The Singapore Data Protection Act is reflected in Apiax’ tailored compliance rules relating to privacy and data protection. In conjunction with other international data protection standards, such as GDPR, the rules offer a 360 degree view of the regulatory requirements involved in each particular case or business activity."

See original insight: