SteelEye chief executive Matt Smith finds that firms’ increasing use of third parties to store and manage data is creating tricky issues over data ownership.
In a financial services industry where many software vendors capitalise on the data they store for clients, we can’t help but ask: who owns the information? Is it the firm whose data it is, or the vendor storing it? Now, this may seem obvious. Surely it should always belong to the financial firm, yet many vendors actually charge their clients to access, use and export their own information.
The Covid-19 pandemic has posed huge data challenges for financial services businesses, impacting many firms’ ability to manage their regulatory obligations. Aside from the almost overnight acceleration to a cloud-based environment, the pandemic has introduced a variety of industry-wide challenges around how to capture, store and analyse the vast volumes of data produced by a remote workforce, which has forced digitalisation in many areas.
While this rapid digital acceleration will undoubtedly have a positive long-term impact on the industry, it has come with moves by some vendors to amend data policies for clients – changing how data is stored, accessed and priced.
In an increasingly complex financial landscape, where data volumes continue to snowball, some software vendors are seeing the commodification of their clients’ data as the direction of travel, with the revenue-generating potential too tempting to ignore.
For years, industries across the globe have witnessed the acceptance and adoption of data-led solutions, borne out of the need to support business operations and drive growth. With this evolution, companies have shared their data with numerous third-party platforms as vehicles for innovation.
This is something we have seen a lot within the regtech space, where banks, brokers, asset managers and hedge funds have deployed third-party technology solutions to solve key compliance challenges.
Financial firms have become even more dependent on their regtech vendors over the last year as day-to-day compliance operations have been challenged by remote teams and evolving communications channels. But even pre-pandemic, the landscape was growing in complexity with increasing regulation, new ways of communicating and conducting business, and changing market structures all driving regtech adoption.
To capitalise on this dependency, we have now seen some vendors make changes to data policies and pricing structures. Some have restricted how and when their clients can use their data and charge for data exports.
Others have reduced the standard data-storage timeframe from five years (a minimum retention period under most record-keeping regulations) to two, meaning their clients have either had to upgrade to a premium service to meet their requirements or pay to extract their data in order to change service provider.
The irony is not lost – regtech solutions that exist to help financial firms meet regulatory demands don’t meet the minimum requirements. For example, MiFID II requires records to be kept for at least five years, therefore it is surprising to see some firms reducing their minimum storage duration to just two years, which falls short of the regulatory requirement.
These legacy vendors are charging for each year of data storage beyond the initial two years, increasing the cost of compliance by forcing firms to purchase a premium package. Ultimately, this is adding complexity to an already complicated and costly space.
Data should be free, easily available and there to add value. No one would go to the dry cleaners, pay to have their clothes cleaned and then also pay to take their clothes out of the shop. So, why do we accept this in the software world?
The regtech space exists to support financial firms in meeting their regulatory obligations and data should be seen for what it is: an important organisational asset that can help solve a wealth of operational and compliance challenges, but also provide a valuable company insight.
The ability to use and analyse data in real time is one of the most important drivers for a competitive advantage today due to the importance of speedy decision-making. The data that firms are already storing for compliance purposes covers a broad spectrum of valuable data points, from communications and transaction details to market data, news and more. That data can also enable this decision-making.
Without seamless access to this information, businesses are missing the opportunity to better understand company performance, identify opportunities, respond to regulatory and market changes, and address business risks.
While every firm is at a different stage of data maturity – some are fully tech-enabled, while others are in the midst of transforming their technology infrastructure – the industry undoubtedly realises the value that exists in their compliance data and should question how their vendors are storing and commoditising data which, ultimately, does not belong to them.
It is imperative that firms consider the value of their data and what it can provide to their organisation. It is ineffective to use data for a singular purpose like reporting or for entry into a surveillance platform. It wastes the potential of what compliance can do. The solution is quite simply for firms to ask their vendors how they can access, analyse and export their data, and whether it will incur a cost.
Financial firms have traditionally adopted a siloed approach to compliance, prompted by different implementation deadlines of EU regulations like MiFID II, European Market Infrastructure Regulation and Market Abuse Regulation. This has resulted in firms supporting multi-point solutions with duplicate data stores, when in reality most regulations require overlapping data.
This has meant regtech has historically been merely viewed as a means to an end. Having said this, firms are beginning to recognise the value of their own data and want access to data analytics, moving beyond just compliance.
While many businesses emerge out of lockdown and financial markets recover, firms should demand more from their vendors and examine the motivations behind these new, restrictive policies. We believe data belongs to the financial firm using the software. Firms should be able to access their data when they need it and be empowered by the value it can yield for their business.
Matt Smith is CEO of compliance technology and data analytics firm SteelEye
© 2021 fundsTech