PSD2, GDPR and Mifid II. The Summary of regulations and impact on investors

The post-crisis response from global regulators to make financial markets a safer place for investors has involved some tough moves for those companies in business sectors that have been obliged to comply.

It has been mainly financial services firms that have had to adapt to new regulatory landscapes, and the costs of compliance have been eye-watering.

Financial firms and others who oppose tighter controls have argued new regulations place costly and burdensome demands on companies that come at the expense of economic growth.

The counter argument is that such burdens are in place to avoid a repeat of the 2008 crisis – the costs of which make complying with regulatory demands seem like chicken feed.

But the good news is, that most companies in the financial services industries have now arrived at their methods of dealing with regulatory compliance and are quickly absorbing the costs.

And, as we'll see later, many of the regulations put in place since the crisis and those about to be put into force, have spawned a brand-new business sector that is developing fast, and likely to offer investment opportunities of its own in the years to come.

Avoiding systemic failure – Basel and Dodd-Frank

The first new rules that came into place following the crisis were aimed at ensuring the continued operability of those institutions deemed "too big to fail" should a similar threat emerge.

Senators Barney Frank (left) and Chris Dodd: President Trump is currently attempting to repeal the Dodd-Frank Act: PA Images

Through amendments to its previous Accords, the Basel Committee on Banking Supervision launched Basel III – aimed at strengthening capital requirements by increasing bank liquidity and reducing leverage.

While the Basel III regulations were a global, voluntary regulatory framework, domestic and regional regulators were also addressing the systemic failure issue.

In the US, legislation was passed in 2010 by the Obama administration named Dodd-Frank after its congressional sponsors Christopher Dodd and Barney Frank.

Regulations demanded liquidity provision, authorised the break-up of banks deemed so large and cumbersome that they posed a threat, aimed to stop predatory lending behaviour.

The most controversial of the components in Dodd-Frank legislation was the Volcker Rule that restricted bank investments, limiting purely speculative behaviour and curbing proprietary trading.

The critics

Critics were adamant that such regulatory scrutiny was destroying the balance of risk necessary for banks to flourish and increase profit growth. The animal spirit that elevated the financial sectors would all but disappear, they believed.

Among the most fervent of these critics has been the current US president Donald Trump, whose efforts to overturn Dodd-Frank and replace it with the Financial CHOICE Act, is currently being reviewed by the Senate.

President Trump is trying to replace the Dodd-Frank Act with the Financial CHOICE Act: Pic Gage Skidmore

And while the initial losses for banks in the aftermath of the crisis and during the regulatory response were heavy, the animal spirits have certainly returned during the past five years.

Of the 10 broad sectors on the S&P 500 index, ‘Financials’ has only been topped by one other sector – ‘Healthcare’ – and that by only 1.28 percentage points.

Over the past five years Financials has returned 100.71% while Healthcare has returned 101.99%.

Forthcoming regulatory changes

The Second Payment Services Directive. PSD2 explained

PSD2 was implemented in 2016 and will be enforced across Europe from 13 January 2018.

What is it?

This replaces the original PSD by bringing in elements covering new payment services and providers and puts further emphasis on customer protection from fraud and possible abuses. It also promotes further competition in an already competitive industry to help lower prices for payments and hopes to contribute to a more integrated and efficient European payments market.

Impact

With the deadline so close, the work has been done. While banks and other payments institutions may have had extra compliance costs, they've known about such costs for a long time and have planned their strategies carefully.

Competition in the European payments sector has been addressed by PSD2: Pic Shutterstock

Most institutions, rather than take on the risks and expense of building their own payments systems, have contracted out the development of such services to third-party IT service providers such as SWIFT, Stet and ACI.

This means that even operationally, the banks and other institutions really have few operational costs to consider, other than the fees charged by the payments service providers (PSP).

Breking down the General Data Protection Regulation (GDPR)

GDPR was adopted by the European Union in 2016 and, after a two-year transition period, becomes enforceable on 25 May 2018.

What is it?

This new EU data protection regulation is aimed at all companies that process the data of EU residents and these regulations are to protect the personal information of individuals, customers and clients. Addresses, telephone numbers and other personal data and, of course, bank details and medical records, as well as information on social media all come under the wing of the GDPR data protection.

Cyber attack is fast becoming the biggest threat to industry and is considered by some to be the potential next existential threat to the financial industry.

Indeed, only in July, Andrew Bailey, chief executive of the Financial Conduct Authority, said he ranked cyber-attack as the biggest and fastest-growing threat to the financial services industry.

These new rules also protect against the unauthorised use of personal data for marketing purposes.

Impact

Ensuring that your IT systems can stand up to the threat of cyber attack is a very new concern. Hackers have existed in the past, but never before in such numbers and with such malicious intent.

"Armed with limited knowledge, a laptop and high-speed internet access, the threat landscape has widened beyond the traditional ‘bank robber’," says Dean Chapman, cyber risk management executive at Willis Towers Watson.

Again, the adoption of new regulations has witnessed growth in subsidiary industries - the providers of cyber-security services.

And again, it is the considerable costs of building such defences from scratch that drive companies to seek third-party solutions from companies such as Willis Towers Watson, Protiviti and JWG.

The less malicious side of this could suffer, however. As individuals learn to be more careful about what they disclose online - ticking the "do not share my information with other companies" box on retail websites could result in the loss of cheap, targeted advertising for many industries.

Mifid II is the cornerstone of post-crisis European regulation aimed at making markets more transparent: Pic Shutterstock

The Mifid II directive summary

The Second Markets in Financial Instruments Directive comes into force on 3 January 2018.

What is it?

This is an EU data protection regulation, the cornerstone of the European regulatory response to the financial crisis. The Mifid directive is aimed at making markets and investment more transparent by bringing more securities on to exchanges and the regular reporting by brokers, banks and fund managers of trading positions and pre- and post-trade activities.

Impact

Again, rather than build up their back and middle office staff to handle the extra work required by regulatory compliance, many financial institutions have opted for the third-party solutions.

Collateral management specialists and RegTech companies have increased in number to handle the transition to Mifid II, and the banks are now ready for it.

The growth of fintech

The changing regulatory landscape has been and will continue to be a challenge for many industries.

But the biggest impact has been seen in the post-crisis era of the last decade on the financial services industry.

Rising regulatory demands have been answered by the flourishing of a new sector - fintech - which encompasses a wide range of utility-like models.

Just like the water and power utilities, these companies devise a set of standardised tasks in response to a problem and perform them identically across their portfolio of clients.

Julian Trostinsky at SmartStream says that even before the financial crisis, institutions were looking at those operations that provided identical services and consolidating them into on common application.

"Utilities weren't necessarily built," he says. "They were generated based on a business need within a specific market sector."

Conclusions

The bottom line for investors is: does the cost of becoming compliant with new regulations and the continued costs on daily operations affect the company's profits?

One off costs need not concern investors too much, and the utility solution seems to have mitigated the problem of higher operational costs, as whole departments can be outsourced.

Utility models now deliver solutions to such problems as client onboarding, reconciliations, transaction cost analysis, liquidity and collateral management and trading and execution. All subject to rigorous regulatory scrutiny.

Soon enough there will be IPOs in the sector – consolidation won't be far behind. Far from being a threat, regulation could soon lead to investment opportunities.