With just a month to go until the General Data Protection Regulation (GDPR) is implemented throughout Europe in May. We look at how the new regulatory regime will affect the nascent Digital Advice industry. Some of the upcoming regulatory changes issued from the EU and its commissioners should be positive for fintech asset managers.
With a clear focus on transparency, robo-advisors should look forward to the new era of information portability and openness.
The digital advice sector has from inception attempted to gain a competitive edge with clear transparent product engineering and pricing, but it won’t all be plain sailing and there may be headwinds ahead.
The GDPR is the most important change in how we handle and manipulate data ever. Here in the United Kingdom, it appears as an overdue replacement of the Data Protection Act (DPA), which is now two decades old and comes from a time when the fax machine was considered cutting edge and data storage usually involved a cupboard and some paper. The ICO (Information Commissioners’ Office) couldn’t have foreseen the rise of the information economy and the rapid technological advances of the last twenty years.
The key points of the upcoming Directive can be summarised as Open, Portable and Accurate.
Robo-advisors or those wishing to enter the space will have to think carefully about data access. Customers and prospects (in fact any EU citizen) will be able to request access to all the data that is held on them. Complying with this will not only require well designed and comprehensive processes and systems, but has the potential to be operationally intensive and expensive. Retail clients would also be able to ask that a robo concept provide any personal data held on them to a rival advisor! This must of course be done quickly and accurately.
The GDPR may then play havoc with a firm’s client retention estimates if all data is portable and clients can move to a rival proposition with little effort. The new regulatory regime also requires that any data held is:
“Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay”
These steps are great for the consumer, and the data protection to be enjoyed from May by all EU citizens is unparalleled in history. But for firms developing new technologies and hoping to provide financial services at lower and lower cost. There could be a struggle with the expense of implementing compliant processes. Particularly as the guidance on how the new regime will be implemented and full details of the regulatory hierarchy have yet to be released.
Here at RiskSave we are looking forward to 22 May and seeing how the industry adapts.
