The Hubbis/Apiax Survey on Data and Cross-border Compliance for Asia’s Wealth Management Community
Aug 28, 2020
There is no doubt that there are numerous and intensifying compliance challenges across Asia, as regulators in each country and globally demand ever-higher standards of monitoring and reporting, greater individual and corporate accountability, and as they roll out ever more demanding compliance audits. At the same time, the banks and other wealth management firms are trying to enhance their understanding of compliance issues and the approach to handling challenges amongst their client-facing and administrative teams. The regulators and the organisations are together emphasising more training, greater expertise, more defined and rigorous standards, better management control, and increased and targeted - investment in new technologies and digital solutions. But technology presents somewhat of a conundrum - offering state-of-the-art delivery and communication, but at the same time the proliferation of personal data and the storage of it, as well as the exchange of such data between organisations make data compliance and hygiene ever more complex and more challenging for the top management at the banks and wealth advisory firms. The proliferation of data and of data compliance protocols demand not only carefully tuned internal and external processes, but also the increasing use of digital tools and solutions; if properly selected and integrated, these can help resolve many of the age-old and newer compliance challenges around data and cyber-hygiene, but there are many false starts potentially, leading banks and other wealth management firms up dead ends. This means that they must adopt a highly strategic and immensely detailed approach to such digital solutions. Hubbis, with our exclusive partner, Swiss RegTech Apiax, conducted a short survey to elicit views from the Asian wealth management community centred on cross-border compliance challenges and on data security and hygiene. We have summarised the key findings in this short report, and set them amidst our assessment of some of the key broader compliance issues and considerations that the wealth industry in Asia should take on board.
In a global, digitised world replete with increasing layers of regulation at local, regional and global levels, vigilance is ever more essential. There are many headwinds facing the wealth management industry globally, especially the increasing levels of cross-border investment, the rising tide of regulation and the need for cyber-hygiene amidst the proliferation of digital technologies. All these factors create new risks and additional challenges for compliance.
There is a global shift to supervision based on substance over form, transparency over opaqueness, of full disclosure and exchange of information over poor transparency. Accordingly, most wise investors will want to steer clear of opaque transactions, schemes and communications, and so also the advisors, who will increasingly be caught up in the regulatory nets.
Remember – revenues first
But balance is also required for sustainable wealth management businesses; the onus of investment and staffing cannot entirely be on compliance. Private banks and wealth management firms need to balance commercial drive and objectives with client-centricity. Conduct, governance and accountability are key areas to consider, and the compliance teams need to work with the senior management and business generators to achieve a balanced perspective.
Compliance is a process, it is not a revenue generator, and it must therefore be handled in as business-centric a manner as possible. Compliance teams should see themselves as helping to provide solutions that are aligned with the commercial objectives of the businesses. They need to be engaged with the business heads and stimulate open discussion internally to find the optimal solutions.
The agile approach
Banks and wealth firms must also stay agile. Compliance professionals no longer work in a world of ticking boxes; their role is far more challenging and much more interesting than ever before. They must stay entirely current, especially as more agile technologies and methodology protocols are employed.
The industry must, therefore, embrace change, not resist it. There is a danger that private banks and wealth management firms do not place enough emphasis on compliance across all aspects of their firms, in other words, that they see compliance as a silo that might be hidden away. However, compliance is required throughout every sphere of activity internally, as compliance teams must be vigilant across all areas of a bank, and all disciplines.
Choose your solutions wisely
Digital solutions can certainly help, but they can also represent digital challenges. In an increasingly digital environment at the banks and other wealth management firms, new algorithms can help in a broad range of areas, from KYC/onboarding to AML monitoring to real-time regulatory and data hygiene information, and so forth. However, at the same time, there are also huge risks relating to data security, identity theft and so forth, so compliance experts must involve themselves in the broadest sense to help ensure that technology and software solutions are both fit for purpose and secure.
Data must be carefully managed and retained. Compliance experts need to start advising their firms to build or re-build processes for recording data, recording calls, more detailed logging of transactions and agreements and so forth. And as much of this will be digitally enabled or enhanced, compliance must be part of that digital journey.
Digital can cut both ways
Digital compliance solutions are available, but they vary in their effectiveness. The best ones are designed to plug the many compliance gaps that wealth management providers face on a daily basis, especially when trying to tread through the minefields of data security and cross-border business. And the banks and advisory firms need to recognise throughout that although designed to optimise the investment advisory process, technology and automation may also expose businesses to huge compliance risks.
How has your internal data protection related headcount changed in the past 12 months?
Increased by more than 20% 28%
Increased by less than 20 percent 6%
Remained the same 53%
How do you expect your internal data protection related headcount to change in the next 12 months?
Increased by more than 20% 20%
Increased by less than 20 percent 20%
Remained the same 54%
We have briefly summarised some of the views from our respondents on the challenges they face in today’s environment from a compliance and regulatory perspective, and some views on solutions they are adopting:
“Financial institutions (FIs) need to know/be aware of the cross border regulations so as not to run afoul of the laws of the various countries in which they wish to conduct business. FIs will need to set aside a budget for these areas, which can be costly.”
“Transfer of data to outside Singapore (or the main jurisdiction) requires an understanding of the destination jurisdiction's regulations around data privacy and protection. Sometimes we might be sharing the personal data of customers and then they subsequently withdraw their consent.”
“The ever-changing regulatory landscape, keeping up with the changes in the different countries' regulations, then monitoring the activities of representatives when they are in other jurisdictions or remotely communicating into those other jurisdictions.”
“The movement of personal data which is stored in the ‘cloud’ facilities of vendors with data centres outside Singapore/or main jurisdiction presents challenges such as requiring dedicated servers with our vendors which results in higher costs of implementation.”
“The data security of client sensitive information that may be residing on a ‘cloud’ platform or server that might be based offshore. With the pandemic situation, it makes it even more challenging to perform onsite inspections on service level agreements and data security controls.”
“Lack of clarity. The standards of data protection requirements are not uniform across different jurisdictions in this region, unlike across the EU with GDPR across those respective countries.”
“There are different data privacy rules in each APAC jurisdiction for us and the RMs to comply with. It is complex to understand how data is stored, obtained and transferred in light of conflicting regimes in APAC. And it is still unclear as to the local regulatory positions on cross border communications and marketing.”
“It is costly to subscribe to websites on cross-border regulations, so if this can be readily available at an economical cost that will be a real positive.”
“With everyone now working remotely, it makes it even more challenging to administer such cross-border activity and data protection training for our teams, or to have pertinent cross border requirements readily accessible for the RMs to conduct their business.”
“It is challenging to assess the impact of jurisdictional rules on e-banking/mobile banking platforms, especially when regulated activities and services are offered through these platforms.”
“The use of technology is increasing – for example, name screening, training, registers, transaction monitoring, searches, and sanction screening tools.”
“We are now using regulatory radar tools.”
“We are in the process of onboarding a new CRM and portfolio system and see the usage and importance of digital tools increasing significantly.”
“We have boosted the use and application of e-signature protocols internally and externally.”
Technology is, therefore, making compliance more complex and more challenging at the same time as providing digital tools to help successfully resolve both age-old and newer compliance challenges. Private banks and wealth management firms must rise to the challenges of digital KYC/onboarding, AML monitoring, the expansion of digital platforms, the migration of data infrastructure to the Cloud, Artificial Intelligence, data security, cyber-crime and the pitfalls of cross-border business activity in a world of increasing regulatory complexity.
Know your needs, understand the solutions
Compliance experts in the new world of wealth management must certainly be digitally savvy. In an increasingly digital world in which data is at ever-greater risk, compliance professionals must be in tune and up to speed on all facets of the digital solutions. They do not need to be coding experts, but they need to be aware of the implementation, uses and risks relating to technology and digital solutions.
Individual and collective responsibility
Digital solutions must be aligned to good governance at the organisational and team and individual levels. Recommendations from the regulators, for example, the benchmark Monetary Authority of Singapore, are increasingly focusing on the need digital security and good practices, good conduct and governance amongst the financial community.
Be careful not to fall into the gap between expectation and outcomes. There is a lot of technology available today, but compliance teams should be sceptical as to their efficacy and security, as by some estimates there is as much as a one-third shortfall between mission and achievement in many systems and software. But the regulators will not likely continue to accept that sort of gap, so compliance experts must beware of those risks.
In today’s world, with or without this ghastly pandemic, Asia’s wealth management industry will need to face up to the challenges of compliance across all facets of their business and operations. There are digital solutions available that will significantly enhance processes, activity and compliance around cross-border conduct and data hygiene. We must also acknowledge that there are plenty of dead-ends that banks and other wealth management firms might pursue in their quest for solutions, so taking the time to strategise on the challenges that need to be overcome and then identify the optimal solutions available are both utterly crucial to the efficient use of time and capital, and to ensure that the business end of the organisations can function in as seamless and unfettered manner as possible.
And finally, a few words about Apiax
Founded in 2017, Swiss RegTech Apiax is winning friends and clients amongst the major banks as well as amongst the medium-sized wealth management players. Apiax’s technology is designed to provide them with easy access to compliance knowledge and enable financial service providers in an increasingly regulated world to refocus on their core business objectives of providing their clients with high added value and unique experiences. Apiax’s team comprises legal, technology, and product veterans and the firm has offices in Zurich, Lisbon, London, and has recently established a new Asia hub in Singapore, which is progressing well, although perhaps not quite at the pace it would be had the pandemic not hit the world.
Key members of team Apiax, headed by four like-minded founders who in 2017 left prominent roles at UBS to create Apiax, see huge potential for digital transformation in the compliance area in Asia, where the Monetary Authority of Singapore has very recently awarded Apiax a prestigious Financial Sector Technology and Innovation (FSTI) Proof-of-Concept grant to support experimentation, development and dissemination of Apiax’s nascent innovative RegTech solutions.