COGNIZANT 20-20 INSIGHTS Embracing Digital Convergence amid Regulatory-Driven Overhauls With the deadline for the EU s General Data Protection Regulation (GDPR) fast approaching, and other incoming regulations on the horizon, banks and other financial services institutions should use their regulatory and digital programs to drive a stepchange in value across their ecosystems. Cognizant 20-20 Insights February 2018
Cognizant 20-20 Insights Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 2
EXECUTIVE SUMMARY By any measure, the EU s General Data Protection Regulation (GDPR) is a ground-breaking piece of legislation with profound implications for companies worldwide. It applies globally, affecting any organisation that interacts with the data of an EU resident. These pervasive implications mean GDPR impacts internal and external stakeholders and requires actions across people, process and platform (both data and technology). But is targeting GDPR compliance enough on its own? We believe the answer is no. Put simply, GDPR demands not just regulatory compliance, but strategic organisational change. Therefore, financial institutions (FIs) should approach GDPR not as a stand-alone compliance issue, but as a change that creates major opportunities to generate higher value through the smart use of digital technologies and thinking. In 2018 alone, the second Payments Services Directive (PSD2), Markets in Financial Instruments Directive 2 (MiFID II), upcoming European Commission s proposed e-privacy law and revisions to UK s Open Banking agenda are all set to revolutionise the industry s journey to enactment. Approaching any of these regulations in isolation risks missing out on their areas of commonality. The main theme that links and aligns them is the need to apply a range of digital technologies in smart and integrated ways. So what we re seeing is two forms of convergence: regulatory convergence, as new regulations coalesce in terms of impact and imperatives; and digital convergence, as banks and financial services organisations combine new technologies artificial intelligence (AI), machine learning (ML), blockchain, robotic process automation (RPA) and more both to protect customers more effectively, and also to transform their own organisations to be leaner, more effective and more efficient. (To learn more about digital strategy at banks, read our white paper, How Digital 2.0 Is Driving Banking s Next Wave of Change. ) The message, therefore, is clear: The optimal way to approach these imminent rules is as an interlinked array of new regulations, and then respond through digital convergence that creates higher business and regulatory value. Organisations that approach digital, regulatory and technological convergence appropriately (see our six-step approach in the sidebar, next page) will simultaneously build compliance and customer trust, and thrive in the modern digital age. It is a one-time golden opportunity to accelerate and escalate the creation of business value through digital. This white paper further enumerates how this can be realised and maximised. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 3
Quick Take A Six-Step Approach to Linking Regulatory and Digital Convergence 1. Conduct a business impact assessment of forthcoming regulatory changes. 2. Clarify the changes required to deliver the firm s digital vision. 3. Merge the set of requirements to deliver both goals in line with customer-centricity. 4. Conduct a gap analysis of the as-is IT estate against the target to-be state, for greater clarity and simpler data governance. 5. Plan a roadmap for the digital transformation program. 6. Launch an implementation program for completion within the regulatory deadlines. GDPR S KEY MILESTONES & IMPACTS ON BANKING AND FINANCIAL SERVICES The first step for responding properly to GDPR is to understand the regulation itself, the scale and nature of its impacts and its interrelationship with other regulatory changes. Equipped with these insights, FIs can ensure not only that they are GDPR-compliant, but that their operating model is future-proofed for an increasingly open and digitally-enabled market ecosystem. GDPR aims to unify and strengthen data protection and privacy for all individuals in the European Union (EU). Its goals include giving citizens and residents greater control over their personal data and creating a single region-wide regulatory framework. Figure 1 (next page) shows our proven methodology for addressing all of these impacts in a single program. The changes required by GDPR can be categorised into the following main areas: Appoint a data protection office (DPO) and set up a robust governance process. A DPO must be appointed to advise the data controller/processor and employees, monitor regulatory impacts and compliance, and act as the contact point for the supervisory authority. Transparently demonstrate consent and honor erasure. Firms must have a single view of the customer, review existing personal data consent agreements, obtain explicit consent for data collection, and provide for sharing, rectification or erasure of data on request. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 4
Metadata Management Legal Cognizant 20-20 Insights The post-gdpr environment will also bring a number of important benefits for example, greater clarity and simplicity to data governance, a single lead authority and a one-stop shop for reporting. And the unified customer view required by GDPR will help to improve customer-centricity. Cognizant s GDPR Methodology Technology Data Architecture Data Data Management & Security Process Consent & Rights People Governance & Oversight Management, Commitment and Education Performance Management Objection Data Quality Assurance Automated Decision-Making Erasure Incident Management Governance & Oversight Portability Organisational Governance Legitimacy & Rights Data Management & Security Data Architecture Master Data Management Data Transfer GDPR Readiness Framework Content Management Security Integration Architecture Rectification Process and Controls Consent Lifecycle Management Risk Management Policies & Standards Restriction Information Access Strategy & Approach Assessments/ Deep Dives Organisational Design Covering People & Processes GDPR Assistance Services Journey Mapping & Data Analysis Technology Enablement Delivery Mobilisation, Execution & Oversight Tools & Accelerators We are currently working with clients across various stages of GDPR implementation. We are on our own compliance journey, applying the changes required for GDPR through a digital lens. Figure 1 Introduce new categories of personal data. The regulation introduces new categories of personal data such as IP address and social and mental state. It is imperative that organisations understand their own use of personal data maps. Enable data subjects to exercise rights. Under EU rules, data subjects have the right to file a subject access request (SAR) and obtain from the data controller a copy of their personal data, together with an explanation of the categories of data processed. Therefore, controllers must ensure third-party processors are subject to adequate contractual agreements, and must approve any changes in protocol made by processors. Lay out a process for incident/breach handling. Breaches must be reported within 72 hours, and the regulator requires biannual compliance effectiveness audits and comprehensive record-keeping. Compliance management must be active rather than passive. The post-gdpr environment will also bring a number of important benefits for example, greater clarity and simplicity to data governance, Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 5
The common thrust of all these regulations is to enable better, safer, more efficient and more open use of digital technologies and data. a single lead authority and a one-stop shop for reporting. And the unified customer view required by GDPR will help to improve customercentricity. Yes, There Are Overlaps GDPR s obligations and opportunities are influenced and overlapped by several other current or forthcoming regulatory initiatives. Foremost among these is PSD2, which is set to revamp Europe s payments landscape by requiring banks to allow third parties to access their customers account information through application programming interfaces (APIs). Other incoming regulations include Open Banking which introduces open API standards for UK banking and the New Payment Architecture (NPA) in the UK, which will use the Bank of England s Real Time Gross Settlement (RTGS) service for net settlement of payments. Meanwhile, the e-idas has been enacted and MiFID II the EU s revised Markets in Financial Instruments Directive launched on 3 rd January 2018. And the EU has also released a draft towards a new e-privacy Directive. The common thrust of all these regulations is to enable better, safer, more efficient and more open use of digital technologies and data. It follows that an approach based on just one aspect of the evolving regulatory environment is not enough. While important, GDPR is just one new regulation among many and firms need to be cognizant of that. DIGITAL CONVERGENCE: COMPLETING THE JIGSAW Just as a number of regulatory initiatives are converging to create a new supervisory and compliance environment for FIs, several strands of technology innovation are converging to advance digital enablement. The good news is that by harnessing these complementary technologies to drive digital transformation of their organisations, firms across the industry can simultaneously achieve better regulatory compliance and higher business value. The evolving technologies can be divided into two main groups the first comprising robotic process automation (RPA) and narrow AI like chatbots, 1 and the second consisting of advanced AI (e.g., machine learning). Alongside these, blockchain is emerging as a transformational technology, heralding a revolution in how companies and individuals interact and conduct transactions. (See the full array of blockchain white papers on our website.) Use of RPA and AI is growing across the financial services, driven by a rising tide of innovation both by fintechs and also incumbent institutions. (By way of context, multipurpose industrial robot shipments in China an automated manufacturing powerhouse are projected to hit 150,000 this year, up fourfold from 2013. 2 ) As in other industries, banks and financial services firms are harnessing the exponential growth in data to power advanced AI-enabled automation, in order to augment human capabilities and create smarter, more productive and more effective processes at lower cost. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 6
While many of these innovations began with a primary focus on cost-efficiency, the benefits in terms of regulatory compliance are now also becoming increasingly evident. In the face of regulators growing demand for fast, comprehensive and accurate reporting, robotics and AI enable financial services firms to respond without large investments or heavy manual processing. (For more, read our blog on the topic, How Banks Can Use AI to Reduce the Regulatory Compliance Burdens. ) Use of machine learning and chatbots is expanding to provide enhanced and more personalised customer experiences at scale. These technologies, also known as smart virtual personal assistants (SVPAs), learn proactively from every human interaction, and are increasingly able to respond appropriately to customers subtle and even subconscious emotional signals and nuances. Usage of RPA can potentially enable banks to achieve better quality and efficiency. Moreover, a key driver will be the expansion of chatbots beyond their initial consumer applications and into enterprise and employee collaboration, yielding corresponding gains in efficiency, effectiveness and compliance. Meanwhile, blockchain, the smart, decentralised, trusted and highly-encrypted way of transacting and interacting, is poised to power the next disruptive wave of digital business. FIs have grasped the scale of the impending change blockchain is poised to unleash. In our recent research study of 1,520 executives representing 578 financial services firms, 91% of respondents said they believe blockchain will be either critical or important to their firm s future, while 48% said it will fundamentally transform the industry. 3 Digital Convergence: Amplifying the Business Benefits While these strands of digital innovation may have originated as distinct areas of technological evolution, their real power in banking and financial services lies in combining and integrating them to transform what the industry does and how it does it. The fact that these technologies are also pivotal to meeting the challenges and opportunities of GDPR and other regulations means the business case for leveraging them to drive enterprise-wide digital transformation is not just compelling, but unanswerable. While Reducing Time to Market Figure 2 (next page) illustrates how we see these technologies coming together. By positioning regulations and compliance as an input to digi- By positioning regulations and compliance as an input to digital convergence rather than an output of legacy processes, and harnessing the power of emerging technologies to optimise this convergence across the organisation, firms can turn regulation from a cost burden into a positive driver of business value. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 7
How Digital Convergence Enables Regulatory Compliance and Generates Business Value Predictive Models & Synergies Machine Learning & Chatbots Regulations & Digital Convergence Robotics & AI Strategies for Data Analytics & Self-Learning Compliance Blockchain Seamless Ledger & Payment Processing Business Benefits Figure 2 tal convergence rather than an output of legacy processes, and harnessing the power of emerging technologies to optimise this convergence across the organisation, firms can turn regulation from a cost burden into a positive driver of business value. Additional value is increased still further by the impact of digital convergence on speed to market for new products and services (e.g., by using tools that enable the business and technology estate to more effectively collaborate), as well as on other key aspects ranging from customer experience and loyalty to internal collaboration, productivity and employee engagement. And Embedding Digital as a Way of Life In this way, firms can reap the maximum business benefits from GDPR while remaining fully customer-focused and -centric, and delivering a seamless end-user experience that will keep customers loyal and satisfied. But that s not all. At a higher level, firms that achieve this will be able to fully embrace the new reality of digital as a way of life that increasingly pervades the global customer and business ecosystem, from individual consumers to the biggest multinationals. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 8
Value Maximisation: An Illustration Business Value Time to Market With digital convergence: a journey redefined Regulatory and Compliance Initiatives Without digital convergence: a typical journey Gain in business efficiency & effectiveness, lower time to market and enhanced customer experience Figure 3 A ROADMAP FOR THE FUTURE Our distinctive point of view on the linkage between digital and regulatory convergence has resulted in a unique framework one that can help FIs shape more effective regulatory strategies while delivering digital at scale. It is based around the three key dimensions of time to market, compliance and business value (see Figure 3). The Six-Step Approach We believe FIs should unify and address the CxO agendas for delivering digital at scale in conjunction with regulatory and compliance agendas by institutionalising the six steps outlined on page 4. This is a great mechanism to drive a step change in value across their ecosystems. 1. Undertake a business impact assessment across the whole range of current and forthcoming regulatory changes, by aligning with the organisation s mission and vision. 2. Overlay this assessment with the changes required by the firm s digital transformation, with a view to enhance time to market while reducing costs. 3. Combine these sets of changes to establish a single set of organisational and system requirements to deliver against both goals. 4. Assess the as-is IT estate/organisation against the target to-be state, and conduct a gap analysis for what s needed both to comply with regulations and boost organisational performance. 5. Use the outputs from the gap analysis to plan out a roadmap for the digital convergence. 6. Launch an implementation program timed for completion within the deadlines set by the regulations. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 9
FOOTNOTES 1 The Expanding Role of Chatbots in Enterprise Collaboration, Cognizant, July 2017, https://www.cognizant.com/whitepapers/the-expanding-role-of-chatbots-in-enterprise-collaboration-codex2575.pdf. 2 https://www.strategyand.pwc.com/trends/2016-manufacturing-trends 3 L. Varghese, F. McCraw, Financial Services: Building Blockchain One Block at a Time, https://www.cognizant.com/whitepapers/financial-services-building-blockchain-one-block-at-a-time-codex2742.pdf. ABOUT THE AUTHOR David Paris Head of Governance, Risk and Compliance, Banking & Financial Services, UK&I David Paris is Head of Governance, Risk and Compliance for Cognizant s Banking & Financial Services Group in the UK. He has over 30 years of experience as a financial services industry professional, having worked in both major financial institutions such as Deutsche Bank, Reuters Instinet and Wells Fargo Bank, as well as in major services and technology vendors. David has worked extensively in Europe, Asia and the U.S. in senior management and consultancy roles in risk, operations and technology across both banking and securities businesses. He can be reached at David.Paris@cognizant.com Linkedin: www.linkedin.com/in/ david-paris-6862513/. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 10
Cognizant 20-20 Insights Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls 11
ABOUT COGNIZANT Cognizant (NASDAQ-100: CTSH) is one of the world s leading professional services companies, transforming clients business, operating and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innovative and efficient businesses. Headquartered in the U.S., Cognizant is ranked 205 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant. World Headquarters 500 Frank W. Burr Blvd. Teaneck, NJ 07666 USA Phone: +1 201 801 0233 Fax: +1 201 801 0243 Toll Free: +1 888 937 3277 European Headquarters 1 Kingdom Street Paddington Central London W2 6BD England Phone: +44 (0) 20 7297 7600 Fax: +44 (0) 20 7121 0102 India Operations Headquarters #5/535 Old Mahabalipuram Road Okkiyam Pettai, Thoraipakkam Chennai, 600 096 India Phone: +91 (0) 44 4209 6000 Fax: +91 (0) 44 4209 6060 Copyright 2018, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means,electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners. Codex 3180.2