After Europe's powerful new data protection law, the GDPR, hit the statute book in May 2018, things went quiet for a while: for seven months, no major firms were hit with anything like the multi-megabuck fines we'd been warned about.
Was GDPR, some commentators asked, a toothless beast?
In January, it became clear the answer was 'no', as Google was fined €50 million by the French data protection regulator CNIL for having allegedly opaque data collection policies and not seeking user consent for ad personalisation. Google is appealing that fine, but its issuance is a strong sign that the new regulatory environment is a robust one with the capability to hit bottom lines extremely hard.
In the capital markets sector, it makes it all the more essential that regulatory technology currently being harnessed to ensure GDPR (and indeed MiFID II) compliance is fully fit for purpose. Amongst the most critical of those technologies are those designed to ensure the data at the heart of finance and investment operations can be logged, stored unchangeably and audited in perpetuity - allowing regulators to prevent the rogue trading, market abuse, manipulation and mis-selling that once dogged the sector.
In other words, it is vital that your transaction data is "immutable" and secure - that is, unmodifiable by insiders, hackers or malware.
The RegTech sector has not been backward in coming forward with ways to keep data immutable. But with many ways of ensuring immutability - using encryption and hashing schemes, for instance, or blockchain-based distributed ledgers – it’s important to make sure it’s the right fit for the many different types of businesses innovating in today's capital markets.
Regardless of which technological approach you take, if you are supporting compliance and risk management, one key question to ask yourself is this: when a regulator demands it, how will you show them that investment, securities or trading data, say, has not being touched, changed or modified? How do you actually demonstrate immutability is in action in your front, middle and back office setups?
One key way is to have certified, trusted components at their heart. Which is why we have been partnering with best of breed digital security systems vendors - providing solutions ranging from encryption appliances, full-disk encryption storage, key management and distributed ledger technology, to name a few – that can provide that critical level of confidence.
When coupled with the Radianz Cloud and its add-on service that enables enhanced security to be applied to sensitive data by encrypting that data in transit, solutions such as these enable companies to address the regulatory requirements securely and immutably, avoiding unnecessary risks.
In this emerging space, we’ve learned that customers running their own blockchain-based, trusted, distributed ledgers across multiple regulatory jurisdictions also value secure, managed, private hosting services in multiple data centres around the world.
But immutable RegTech should not be thought of as a box-ticking buy for compliance's sake - it should also fuel the growth of your business.
That should be no problem with blockchain and other immutable storage solutions, however, because the data trustworthiness they engender has the potential to fuel faster, more secure and lower cost transactions, too.
Find out more about our Radianz services for financial markets.
