Print this article
GDPR – Far From An EU-Only Issue For Wealth Managers
Wendy Spires
28 March 2018
The Facebook/Cambridge Analytica scandal has put the spotlight on data privacy concerns as perhaps never before. It has also brought the soon-to-be-implemented General Data Protection Regulation into the public consciousness in a way one would never have expected for what is a highly technical and quite arcane piece of European Union legislation.
The affair has also highlighted just how far-reaching the GDPR is, granting as it does massively enhanced data privacy rights to all EU citizens wherever their information is being gathered and held around the world. Arguably, only America’s FATCA legislation comes close to the vaunting ambition of the GDPR to impose supranational rules.
It is gratifying, then, that this publication and our sponsor recently opted to hold a thought-leadership event on the GDPR in Switzerland – a European country which remains staunchly outside the EU (albeit while having to play by many of its rules in order to secure trade agreements). As innumerable businesses globally may be about to find out to their very great cost, from 25 May the GDPR will have entirely changed the game on how European individuals’ personal information can be gathered, stored, analysed and used for commercial purposes. Fines for non-adherence to its sweeping rule changes will amount to a staggering €20 million ($24.8 million) or 4 per cent of annual turnover, and any business, anywhere in the world that deals with EU citizens’ data could be hit.
EU legislation with extraterritorial scope
As the attendance of this event proved, the thirst for knowledge about the GDPR is by no means limited to Europe and wealth managers of all kinds are rightly eager to hear from experts on the topic, particularly as it pertains to financial services.
Sharing insights in Zurich earlier this month were Micha Bitterli, partner and head of managed services at Deloitte; Dr Ariel Sergio Goekmen, member of the executive board at Schroder & Co Bank; Jürgen Pulm, head of private banking for commercial and private banking services at RBS; and Robert Roome, global head of product at WDX – the sponsor of the event.
Naturally, the panel discussion focused heavily on the dangers of firms not being ready for the GDPR in technological, operational and cultural terms. Dr Goekmen at Schroder & Co Bank warned, for example, of the perils of failing to tell clients how their information is being used and of data pools going undetected within organisations. The experts also explained how “data processors” might effectively exist within large organisations that are “data controllers”, creating another layer of risks for financial institutions to contend with.
Benefits as well as dangers
However, the benefits that the GDPR could create for wealth managers were also explored in depth, such as the legislation creating opportunities to connect with clients, better determine their needs and to improve service offerings based on pooled data and knowledge.
Jürgen Pulm of RBS said: “It is key to view GDPR as a business opportunity, rather than a piece of legislation that must be complied with. Data is at the heart of the digital economy and the use of it will have a major influence on who survives the transition from the analogue to the digital world. GDPR forces organisations to think about the data they hold and how they use it.
“Private banking is all about relationships and trust. GDPR is an excellent first step towards returning the power back to the individual around the use of their data and long overdue. GDPR gives organisations an opportunity of re-building trust and therefore deepening the client relationship if it is open with their clients as to how their data is being used, managed and stored.
“The biggest challenge therefore is to continue to focus on the trusted client relationship, to utilise GDPR to sharpen our data focus, thus achieving compliance and strengthening the business at the same time.”
As Robert Roome, global head of product at WDX, concluded, GDPR compliance speaks to wealth managers’ trusted advisor status and may in fact really help wealth managers improve client relationships if approached in the right way.
"Research regarding private and institutional investors now show transparency as a key attribute considered by clients when selecting a firm to trust with their investments,” Roome said. “GDPR can be used to help deepen this key element of the relationship by providing transparency on how data is used and confirming an individual’s consent for this. By establishing this level of trust and being seen as ‘data stewards’ by their clients, firms will be better placed to leverage areas such as open banking."
All in all, the GDPR is providing an extremely rich seam of challenges and opportunities to be mastered by firms in what is now a very short space of time before implementation. The GDPR represents the biggest overhaul of data privacy law for over two decades. WDX helps wealth and investment management businesses stay ahead of evolving regulation. (For more insight on the GDPR and WDX’s proven approach to regulatory compliance and effective client management, contact enquiries@wealth-dynamix.com or call 02037257549.)