Regulation in review: part 1

2 of 4

Regulation in review: part 1A swathe of new developments are affecting banks and FinTech companies. So what do they mean for banks’ corporate clients?

Important new regulations are having a major impact on banks and FinTech companies, both in the UK and internationally. They require financial institutions to make significant investments in their processes and systems, and to change how they interact with their corporate clients.

In this article, David Shinkins, Head of UK Cash Management, reviews the new regulations that span payment services, capital and liquidity management and personal data, specifically:

• The revised Payment Services Directive (PSD2)

• Basel III

• The General Data Protection Regulation (GDPR).

Revised Payment Services Directive II (PSD2)

PSD2, which has been effective in the UK from 13 January 2018, repeals the first Payment Services Directive adopted in 2007 and provides the legal foundation for what is known as ‘open banking’.

Open banking is the collective term for PSD2 and the new data sharing standards imposed by the UK Competition and Markets Authority (CMA). With open banking, customers can instruct their bank to share the information they hold about their products, services and transactions with other approved organisations. This is made possible by secure data channels called APIs (application

programming interfaces). The advent of open banking will bring more choice to customers, along with better access to deals and new, insight-driven services.

Through PSD2 and open banking, regulators are aiming to establish a more integrated and efficient European payments market that delivers a better and safer experience to customers; encourages competition; drives innovation; boosts transparency; enhances data protection rights, and has a standardised process for handling complaints.

Implications for corporates: PSD2 will enable corporates to benefit from even more efficient banking platforms, improved liquidity management and the ability to use price comparison aggregators. Thanks to open banking, they will also be able to work with third parties to develop new services and propositions for customers that will generate additional income streams.

Basel III

Basel III is a set of international banking regulations developed by the Basel Committee on Banking Supervision, designed to strengthen the stability of the international financial system. Basel III introduced capital and liquidity measures that sought to decrease leverage and increase liquidity across the banking sector. These measures have been progressively phased in since 2013, and the deadline for full implementation is 1 January 2019.

3 of 4

The main requirements of Basel III include:

• Liquidity Coverage Ratio banks are required to have sufficient high-quality liquid assets to withstand a 30-day ‘stressed funding’ scenario that is specified by supervisors

• Net Stable Funding Ratio banks must ensure that they have a robust long- term liquidity structure by matching the maturity profiles of their funding and their assets

• Minimum Capital Ratio banks are required to maintain more high-quality capital against their risk-weighted assets so that they can cover unexpected losses

• Leverage Ratio this non-risk-based measure is designed to cap the level of leverage across the broader banking sector by including both on-balance sheet and off-balance sheet exposures in banks’ leverage calculations.

Implications for corporates: Basel III has resulted in banks changing their approach as to which capital they will hold, how long they will hold it for, and what price they will pay to hold it. So corporates should speak to their banks about the impact of Basel III on their own deposits, and the deposits of other organisations in their sector, so that they can manage their liquidity effectively.

General Data Protection Regulation (GDPR)

GDPR, effective from 25 May 2018, has been put in place to modernise and harmonise data protection law across the EU, superseding the UK Data Protection Act 1998. Its aim is to establish one single set of data protection rules across Europe, giving individuals greater control over how organisations use their personal data. The most important provisions include:

Privacy notices – individuals must be provided with more prescriptive ‘privacy notices’ that explain the purposes for which their personal data will be held and used, as well as the range of rights that are available to them under GDPR

Penalties – an organisation could potentially be fined up to €20 million or 4% of its annual global turnover (whichever is higher) for data privacy breaches

Notification of breaches – an organisation must notify breaches of personal data to the data protection regulator (which is the Information Commissioner’s Office in the UK) within 72 hours of becoming aware of the breach

Enhanced rights for individuals – individuals have more extensive rights to object to the processing of their personal data and a new qualified right to request that their personal data is deleted where retention of the data is not compliant with GDPR requirements (the ‘right to be forgotten’)

Subject access requests – individuals can ask to see a copy of the information that an organisation holds about them. This request must be met without undue delay, within a month at the latest.

1

2

3

4

5

4 of 4

Implications for corporates: Since GDPR applies to all companies that hold and process the personal data of European Union citizens, it directly affects corporates as well as banks. So corporates should ensure that they are complying with the requirements of the regulation and have appropriate processes in place for collecting, processing and securing their customer data.

In our follow-up regulatory update, we’ll explore other key regulatory developments impacting banks and corporates, specifically:

• Revised Wire Transfer Regulations (WTR2) – these regulations, which took effect in the EU on 26 June 2017, upgrade earlier regulations intended to counter money laundering and terrorist financing. They aim to make payments traceable by requiring payment service providers to supply information about individuals making electronic payments

• Regulation on Packaged Retail and Insurance-Based Investment Products (PRIIPs) – effective from 1 January 2018, this regulation helps retail investors better understand and compare the key features, risks, rewards and costs of different PRIIPs by ensuring that they have access to key information documents

• Second Markets in Financial Instruments Directive (MiFID II) – MiFID II has been effective since 3 January 2018. It replaces the first directive (MiFID I), which came into force in 2007, with the aim of removing barriers to cross-border financial services within Europe.

If you want to find out more about how regulatory developments are affecting banks, and the implications of those developments for corporates, speak to your Barclays Relationship Director.

About the author

Since July 2017, David has been the Head of UK Cash Management, where he is responsible for all cash management sales activity for Barclays Corporate Banking across the UK.

Prior to this, David was the Global Payment Networks Director at Barclaycard, responsible for the card payment scheme relationships with Visa, Mastercard and American Express for Barclays across Europe.

David has an extensive background in payments and has represented the bank on a number of senior advisory forums. David began his career at American Express and has held a number of international business development, commercial and sales-focused roles.

David Shinkins Head of UK Cash Management

Barclayscorporate.com

Every attempt has been made to ensure that the information provided is accurate. However, neither Barclays Bank PLC (“Barclays”) nor any of its employees makes any representation or warranty (express or implied) in relation to the accuracy, reliability or completeness of any information or assumptions on which this document may be based and cannot be held responsible for any errors. No liability is accepted by Barclays (or any of its affiliates) for any loss (whether direct or indirect) arising from the use of the information provided.

Barclays Bank PLC is registered in England (Company No. 1026167) with its registered office at 1 Churchill Place, London E14 5HP. Barclays Bank PLC is authorised by the Prudential Regulation Authority, and regulated by the Financial Conduct Authority (Financial Services Register No. 122702) and the Prudential Regulation Authority. Barclays is a trading name and trade mark of Barclays PLC and its subsidiaries.

Item Ref: BM403695. July 2018.

Read our Regulation in review: part 2 article.