Facing a wave of regulatory changes, including EU's General Data Protection Regulation (GDPR), banks and other financial institutions are wise to coordinate regulatory implementation with digital transformation to deliver value throughout their ecosystem.
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
Embracing Digital Convergence amid Regulatory-Driven Overhauls
1. Embracing Digital
Convergence amid
Regulatory-Driven
Overhauls
With the deadline for the
EU’s General Data Protection
Regulation (GDPR) fast
approaching, and other
incoming regulations on the
horizon, banks and other
financial services institutions
should use their regulatory and
digital programs to drive a step-
change in value across their
ecosystems.
Cognizant 20-20 Insights | February 2018
COGNIZANT 20-20 INSIGHTS
3. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 3
EXECUTIVE SUMMARY
By any measure, the EU’s General Data Protec-
tion Regulation (GDPR) is a ground-breaking
piece of legislation with profound implications
for companies worldwide. It applies globally,
affecting any organisation that interacts with
the data of an EU resident. These pervasive
implications mean GDPR impacts internal and
external stakeholders and requires actions
across people, process and platform (both data
and technology).
But is targeting GDPR compliance enough on its
own? We believe the answer is no. Put simply,
GDPR demands not just regulatory compliance,
but strategic organisational change. Therefore,
financial institutions (FIs) should approach
GDPR not as a stand-alone compliance issue,
but as a change that creates major opportuni-
ties to generate higher value through the smart
use of digital technologies and thinking.
In 2018 alone, the second Payments Services
Directive (PSD2), Markets in Financial Instru-
ments Directive 2 (MiFID II), upcoming European
Commission’s proposed e-privacy law and revi-
sions to UK’s Open Banking agenda are all
set to revolutionise the industry’s journey to
enactment.
Approaching any of these regulations in iso-
lation risks missing out on their areas of
commonality. The main theme that links and
aligns them is the need to apply a range of
digital technologies in smart and integrated
ways. So what we’re seeing is two forms of
convergence: regulatory convergence, as new
regulations coalesce in terms of impact and
imperatives; and digital convergence, as banks
and financial services organisations combine
new technologies – artificial intelligence (AI),
machine learning (ML), blockchain, robotic
process automation (RPA) and more – both to
protect customers more effectively, and also to
transform their own organisations to be leaner,
more effective and more efficient. (To learn
more about digital strategy at banks, read our
white paper, “How Digital 2.0 Is Driving Bank-
ing’s Next Wave of Change.”)
The message, therefore, is clear: The optimal
way to approach these imminent rules is as
an interlinked array of new regulations, and
then respond through digital convergence that
creates higher business and regulatory value.
Organisations that approach digital, regulatory
and technological convergence appropriately
(see our six-step approach in the sidebar, next
page) will simultaneously build compliance
and customer trust, and thrive in the modern
digital age.
It is a one-time golden opportunity to accel-
erate and escalate the creation of business
value through digital. This white paper further
enumerates how this can be realised and max-
imised.
Cognizant 20-20 Insights
4. Cognizant 20-20 Insights
GDPR’S KEY MILESTONES &
IMPACTS ON BANKING AND
FINANCIAL SERVICES
The first step for responding properly to GDPR
is to understand the regulation itself, the scale
and nature of its impacts and its interrelationship
with other regulatory changes. Equipped with
these insights, FIs can ensure not only that they
are GDPR-compliant, but that their operating
model is future-proofed for an increasingly open
and digitally-enabled market ecosystem.
GDPR aims to unify and strengthen data pro-
tection and privacy for all individuals in the
European Union (EU). Its goals include giving
citizens and residents greater control over their
personal data and creating a single region-wide
regulatory framework. Figure 1 (next page) shows
our proven methodology for addressing all of
these impacts in a single program.
The changes required by GDPR can be catego-
rised into the following main areas:
• Appoint a data protection office (DPO)
and set up a robust governance process.
A DPO must be appointed to advise the data
controller/processor and employees, moni-
tor regulatory impacts and compliance, and
act as the contact point for the supervisory
authority.
• Transparently demonstrate consent and
honor erasure. Firms must have a single view
of the customer, review existing personal data
consent agreements, obtain explicit consent
for data collection, and provide for sharing,
rectification or erasure of data on request.
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 4
Quick Take
A Six-Step Approach to Linking
Regulatory and Digital Convergence
1. Conduct a business impact assessment of forthcoming regulatory
changes.
2. Clarify the changes required to deliver the firm’s digital vision.
3. Merge the set of requirements to deliver both goals in line with
customer-centricity.
4. Conduct a gap analysis of the ‘as-is’ IT estate against the target to-be
state, for greater clarity and simpler data governance.
5. Plan a roadmap for the digital transformation program.
6. Launch an implementation program for completion within the regulatory
deadlines.
5. The post-GDPR environment will also bring a number
of important benefits – for example, greater clarity and
simplicity to data governance, a single lead authority and a
one-stop shop for reporting. And the unified customer view
required by GDPR will help to improve customer-centricity.
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 5
• Introduce new categories of personal data.
The regulation introduces new categories of
personal data such as IP address and social
and mental state. It is imperative that organi-
sations understand their own use of personal
data maps.
• Enable data subjects to exercise rights.
Under EU rules, data subjects have the right
to file a subject access request (SAR) and
obtain from the data controller a copy of their
personal data, together with an explanation of
the categories of data processed. Therefore,
controllers must ensure third-party proces-
sors are subject to adequate contractual
agreements, and must approve any changes
in protocol made by processors.
• Lay out a process for incident/breach
handling. Breaches must be reported within
72 hours, and the regulator requires bian-
nual compliance effectiveness audits and
comprehensive record-keeping. Compliance
management must be active rather than pas-
sive.
The post-GDPR environment will also bring a
number of important benefits – for example,
greater clarity and simplicity to data governance,
Cognizant’s GDPR Methodology
Assessments/
Deep Dives
Journey Mapping
Data Analysis
Delivery
Mobilisation,
Execution
Oversight
Organisational
Design Covering
People
Processes
Tools
Accelerators
Technology
Enablement
GDPR Assistance Services
Data Architecture
Data Management
Security
Legitimacy
Rights
Governance Oversight
We are currently working with clients across
various stages of GDPR implementation.
We are on our own compliance journey,
applying the changes required for GDPR
through a digital lens.
People
Governance
Oversight
Process
Consent Rights
Data
Data Management
Security
Technology
Data Architecture
GDPR
Readiness
Framework
DataQualityAssurance
Metadata
Management
Incident
Management
Policies
Standards
Consent
Objection
Erasure
Portability Rectification
Restriction
Access
Management,
CommitmentandEducation
Automated
Decision-Making
InformationStrategyApproach
Processand
Controls
Master Data
Management
Content
Management
Integration
Architecture
Data
Transfer
Security
Legal
Risk Management
Organisational
Governance
Performance
Management
Lifecycle
Management
Figure 1
Cognizant 20-20 Insights
6. The common thrust of all these
regulations is to enable better, safer, more
efficient and more open use of digital
technologies and data.
Cognizant 20-20 Insights
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 6
a single lead authority and a one-stop shop
for reporting. And the unified customer view
required by GDPR will help to improve customer-
centricity.
Yes, There Are Overlaps
GDPR’s obligations and opportunities are influ-
enced and overlapped by several other current
or forthcoming regulatory initiatives. Foremost
among these is PSD2, which is set to revamp
Europe’s payments landscape by requiring
banks to allow third parties to access their
customers’ account information through appli-
cation programming interfaces (APIs).
Other incoming regulations include Open Bank-
ing – which introduces open API standards for
UK banking – and the New Payment Architec-
ture (NPA) in the UK, which will use the Bank of
England’s Real Time Gross Settlement (RTGS)
service for net settlement of payments. Mean-
while, the e-IDAS has been enacted and MiFID
II – the EU’s revised Markets in Financial Instru-
ments Directive – launched on 3rd
January 2018.
And the EU has also released a draft towards a
new e-Privacy Directive.
The common thrust of all these regulations is
to enable better, safer, more efficient and more
open use of digital technologies and data. It fol-
lows that an approach based on just one aspect
of the evolving regulatory environment is not
enough. While important, GDPR is just one new
regulation among many – and firms need to be
cognizant of that.
DIGITAL CONVERGENCE:
COMPLETING THE JIGSAW
Just as a number of regulatory initiatives are
converging to create a new supervisory and
compliance environment for FIs, several strands
of technology innovation are converging to
advance digital enablement. The good news is
that by harnessing these complementary tech-
nologies to drive digital transformation of their
organisations, firms across the industry can
simultaneously achieve better regulatory compli-
ance and higher business value.
The evolving technologies can be divided into two
main groups – the first comprising robotic process
automation (RPA) and narrow AI like chatbots,1
and the second consisting of advanced AI (e.g.,
machine learning). Alongside these, blockchain
is emerging as a transformational technology,
heralding a revolution in how companies and
individuals interact and conduct transactions.
(See the full array of blockchain white papers on
our website.)
• Use of RPA and AI is growing across the
financial services, driven by a rising tide
of innovation both by fintechs and also
incumbent institutions. (By way of context,
multipurpose industrial robot shipments in
China – an automated manufacturing power-
house – are projected to hit 150,000 this year,
up fourfold from 2013.2
) As in other indus-
tries, banks and financial services firms are
harnessing the exponential growth in data
to power advanced AI-enabled automation,
in order to augment human capabilities and
create smarter, more productive and more
effective processes at lower cost.
7. By positioning regulations and compliance as
an input to digital convergence rather than an
output of legacy processes, and harnessing the
power of emerging technologies to optimise
this convergence across the organisation,
firms can turn regulation from a cost burden
into a positive driver of business value.
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 7
While many of these innovations began with a
primary focus on cost-efficiency, the benefits
in terms of regulatory compliance are now also
becoming increasingly evident. In the face of
regulators’ growing demand for fast, compre-
hensive and accurate reporting, robotics and
AI enable financial services firms to respond
without large investments or heavy manual
processing. (For more, read our blog on the
topic, “How Banks Can Use AI to Reduce the
Regulatory Compliance Burdens.”)
• Use of machine learning and chatbots is
expanding to provide enhanced and more
personalised customer experiences at scale.
These technologies, also known as smart
virtual personal assistants (SVPAs), learn pro-
actively from every human interaction, and
are increasingly able to respond appropriately
to customers’ subtle – and even subconscious
– emotional signals and nuances.
Usage of RPA can potentially enable banks to
achieve better quality and efficiency. More-
over, a key driver will be the expansion of
chatbots beyond their initial consumer appli-
cations and into enterprise and employee
collaboration, yielding corresponding gains in
efficiency, effectiveness and compliance.
• Meanwhile, blockchain, the smart, decen-
tralised, trusted and highly-encrypted way
of transacting and interacting, is poised
to power the next disruptive wave of dig-
ital business. FIs have grasped the scale of
the impending change blockchain is poised to
unleash. In our recent research study of 1,520
executives representing 578 financial services
firms, 91% of respondents said they believe
blockchain will be either critical or important
to their firm’s future, while 48% said it will
fundamentally transform the industry.3
Digital Convergence: Amplifying the
Business Benefits …
While these strands of digital innovation may
have originated as distinct areas of technological
evolution, their real power in banking and finan-
cial services lies in combining and integrating
them to transform what the industry does and
how it does it. The fact that these technologies
are also pivotal to meeting the challenges and
opportunities of GDPR and other regulations
means the business case for leveraging them to
drive enterprise-wide digital transformation is
not just compelling, but unanswerable.
… While Reducing Time to Market…
Figure 2 (next page) illustrates how we see these
technologies coming together. By positioning
regulations and compliance as an input to digi-
Cognizant 20-20 Insights
8. Cognizant 20-20 Insights
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 8
tal convergence rather than an output of legacy
processes, and harnessing the power of emerg-
ing technologies to optimise this convergence
across the organisation, firms can turn regula-
tion from a cost burden into a positive driver of
business value. Additional value is increased still
further by the impact of digital convergence on
speed to market for new products and services
(e.g., by using tools that enable the business and
technology estate to more effectively collab-
orate), as well as on other key aspects ranging
from customer experience and loyalty to inter-
nal collaboration, productivity and employee
engagement.
… And Embedding Digital
as a Way of Life
In this way, firms can reap the maximum busi-
ness benefits from GDPR while remaining fully
customer-focused and -centric, and delivering a
seamless end-user experience that will keep cus-
tomers loyal and satisfied. But that’s not all. At a
higher level, firms that achieve this will be able to
fully embrace the new reality of “digital as a way
of life” that increasingly pervades the global cus-
tomer and business ecosystem, from individual
consumers to the biggest multinationals.
How Digital Convergence Enables Regulatory Compliance and
Generates Business Value
Business
Benefits
Robotics
AI
Machine
Learning
Chatbots
Blockchain
Strategies for
Data Analytics
Self-Learning
Predictive Models
Synergies
Seamless Ledger
Payment Processing
Digital
Convergence
Regulations
Compliance
Figure 2
9. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 9
A ROADMAP FOR THE FUTURE
Our distinctive point of view on the linkage
between digital and regulatory convergence
has resulted in a unique framework – one that
can help FIs shape more effective regulatory
strategies while delivering digital at scale. It is
based around the three key dimensions of time
to market, compliance and business value (see
Figure 3).
The Six-Step Approach
We believe FIs should unify and address the CxO
agendas for delivering digital at scale in conjunc-
tion with regulatory and compliance agendas by
institutionalising the six steps outlined on page 4.
This is a great mechanism to drive a step change
in value across their ecosystems.
1. Undertake a business impact assessment
across the whole range of current and forth-
coming regulatory changes, by aligning with the
organisation’s mission and vision.
2. Overlay this assessment with the changes
required by the firm’s digital transformation,
with a view to enhance time to market while
reducing costs.
3. Combine these sets of changes to estab-
lish a single set of organisational and system
requirements to deliver against both goals.
4. Assess the ‘as-is’ IT estate/organisation
against the target ‘to-be’ state, and conduct a
gap analysis for what’s needed both to comply
with regulations and boost organisational perfor-
mance.
5. Use the outputs from the gap analysis to
plan out a roadmap for the digital convergence.
6. Launch an implementation program timed
for completion within the deadlines set by the
regulations.
Value Maximisation: An Illustration
BusinessValue
Time to Market
With digital
convergence:
a journey redefined
Without digital convergence:
a typical journey
Gain in business
efficiency effectiveness,
lower time to market
and enhanced
customer experience
Regulatory and Compliance Initiatives
Figure 3
Cognizant 20-20 Insights
10. Cognizant 20-20 Insights
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 10
FOOTNOTES
1 “The Expanding Role of Chatbots in Enterprise Collaboration,” Cognizant, July 2017, https://www.cognizant.com/whitepa-
pers/the-expanding-role-of-chatbots-in-enterprise-collaboration-codex2575.pdf.
2 https://www.strategyand.pwc.com/trends/2016-manufacturing-trends
3 L. Varghese, F. McCraw, “Financial Services: Building Blockchain One Block at a Time,” https://www.cognizant.com/whitepa-
pers/financial-services-building-blockchain-one-block-at-a-time-codex2742.pdf.
Kapil Lodha
Consulting Director,
Cognizant UKI
Kapil Lodha is a Consulting Director with Cognizant UKI. He has
over 16 years of experience in banking and financial services,
with specialisation across digital, payments, regulations and
compliance. Kapil has worked on numerous large-scale transfor-
mational programs with tier-one banks and financial institutions
in UK/Europe. He holds M.B.A. and B.Tech. degrees and a certifi-
cation from Carnegie Mellon University. Kapil can be reached at
Kapil.Lodha@cognizant.com | Linkedin: www.linkedin.com/in/
kapil-lodha-628a31a1/.
ABOUT THE AUTHOR
11. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 11
Cognizant 20-20 Insights