Hot on the heels of MiFID II, Asset Managers are now facing the next wave of regulation; GDPR. GDPR is a European directive with worldwide reach. No matter where in the world you are transacting business, GDPR will affect you should you be coming in to contact with personal data from any European client. It’s far reaching effect creates a worldwide headache, and with fines of up to 4% of global turnover or €20M (whichever is greater) it is imperative we in the industry get our houses in order sooner rather than later.
GDPR is designed to give autonomy to individuals to decide how their data is used. Originally drafted with the digital marketing and social media industry in mind, the directive has been expanded to cover any organisation that comes in to contact with individual’s personal data. This doesn’t just mean names and addresses; it also covers visual images, IP addresses, HR records and more.
If you store, access, disclose or transfer any kind of personal data, it all counts.
Consent to access personal data must now be “freely given, specific, informed and unambiguous” so it cannot be inferred by a ‘tick box’ or ‘silent consent’. A key point to bear in mind is not just your transactional data, but also how you intend to market to your clients and potential clients in future as well as how you store, manage client’s and potential client’s data. You will simply not be able to make contact without specific authorisation come the 25thMay this year. GDPR affects your current businesses flow, but also future business flow.
An asset manager’s business now faces a number of different issues: funds are intangible, so ideal for online sales; multiple parties are usually involved; business is often international; and there is heavy use of an outsourced business model. Investment Managers, Administrators, Transfer Agents and Distributors all have their part to play.
Perhaps the most frustrating element of GDPR comes when the regulation is practiced in conjunction with MiFID II. MiFID II comes with a whole raft of regulation around data recording leading to transaction, versus GDPR regulation which has obligations for the AM around privacy and consent. Unravelling the rights and wrongs requires knowledge and expertise.
Now is the time to take a logical approach by outsourcing as many operational functions as possible. As well as the obvious functions such as infrastructure and trading, GDPR will also impact lesser recognised functions like HR and marketing. With this in mind, outsourcing operational functions to the right partners can be a logical step in bolstering compliance and freeing up time and reducing costs to focus on income in a fast-changing market can be the most effective solution to ensure a successful business outcome come May 25th.
Linear Investments have been ahead of the GDPR curve for some time now, providing solutions for those where GDPR will mean a significant change to their operations.GDPR will put huge pressure on small and medium sized funds – and even some larger entities. Reporting requirements, proof of execution value, IT infrastructure, tracking and recording data and transactions are all an issue. MifID II combined with imminent GDPR constraints on client data management will force many to look at outsourcing their operations, mid and back office, IT compliance and trading.
Outsourcing is a means of optimising the fund manager’s strategic business plan and managers should identify the outcome required from outsourcing as the first step towards finding the best solution. Outsourcing has an impact on the efficiency of a business, as well as the bottom line. Working with an outsourcing partner provides access to a larger pool of skilled resources, improved transaction quality, plus product and service innovation. It allows the manager to focus on the core function of their own business and treat partners as an extension to their in-house team for everything else.
Information Technology is also proving a challenge under MiFID II, and GDPR will further exacerbate this. Outsourcing IT requirements to Linear Investments and using an outsourcing infrastructure leaves the fund manager confident they are working within MiFID II and GDPR regulations, without the headache of sourcing and managing expensive relationships with multiple providers. This includes transaction and trade reporting, best execution, call recording, market abuse oversight (or market surveillance) as well as assisting with disaster recovery and secure storage of data.
Linear are also working with a leading 3rdparty partner to offer a comprehensive transaction reporting service to third party clients. This is a system that has been implemented, tried and tested within our own environment and will be vital to some once GDPR goes live.
In the first instance, AMs need to consider what safeguards they have in place for the transfer of data, ensure their IT requirements are compatible with data subject rights and prepare a record for processing activities. Linear Investments are well equipped to work alongside our business partners to ease the burden and assist in the changeover to a new way of transacting business.