There will be no shortage of new rules and regulations for financial institutions to implement and apply in 2018. Examples include MiFID 2, PRIIPS, PSD2, and the new EU data protection regulation. Also worth noting is the impact of the new IFRS 9 accounting rules, although the task of monitoring and adapting to such regulations lies within different areas of financial institutions.
Insurance firms will not be able to rest easy this autumn, since the EU legislation on insurance distribution may well have a bearing on the way they do business and their product distribution strategies.
All these new regulations share certain common features: they impact almost all areas of a bank across the board (legal counsel, legislative compliance, business, technology, etc.) and reach far beyond a simple obligation to adapt to and abide by the rules, calling for strategic reflection on how institutions position themselves in their core markets and their future business models.
They will also raise the question as to how traditional financial institutions will handle FinTechs and the extent to which they will be competitors or allies. The new regulatory initiatives concerning these new entities (such as the sandbox arrangements already up and running in certain member states) alongside PSD2 represent an opportunity for both them and other more traditional players.
Lawyers have an essential role to play in the process to fall into step with these new rules. Contracts between institutions themselves (above all between the creators and distributors of financial products), as well as those binding institutions that form part of the same group, will have to be thoroughly reviewed, in light of the expectations of the regulatory authorities in regards to the outsourcing of critical functions.
Needless to say, agreements with clients (be it framework payment services agreements, or agreements for the provision of financial services) are in need of a wholesale overhaul in which, more often than not, issues concerning the application of different rules and regulations will overlap. Personal data processing-related issues will come to the fore.
Various jurisdictions have already fallen behind in the process to transpose these regulations. While understandable given the political circumstances in certain countries, not to mention the inherent technical challenges posed by embarking on so many legislative amendments at once, the fact remains that this state of affairs has left the institutions obliged to observe such regulations in a position of legal uncertainty that cannot be left to linger for too long, above all in view of the complexity and huge costs associated with adapting their in-house processes and IT systems to these new regulations.
Only a few short months remain before these new regulations take effect and law firms, legislative compliance practice areas, and their advisers are working flat out to ensure that institutions adapt in time. It looks set to be an intriguing end to the year.