Liam Flynn

The business law firm surveyed more than 100 professionals attending its recent webinar on the legal and regulatory challenges facing financial institutions. Following regulatory issues, the biggest challenges were identified as risk identification/assessment and scarcity of talent.

Liam Flynn, partner and co-head of the financial regulation team at MHC, said: “Given that financial services is one of the most heavily regulated sectors, it’s not surprising that firms have identified regulation as their biggest challenge when it comes to digital transformation.

“As with all areas of their business, when it comes to developing new digital financial products and services, it is critical for FS firms to understand their obligations under Irish and EU financial services law and to comply with Central Bank requirements.”

Additional regulatory challenges can arise when firms are subject to the requirements of several European regulators (as well as their domestic regulator) or enter into cross-jurisdictional arrangements.

Commercial partner Dermot McGirr said: “Firms may encounter the ‘patchwork quilt problem’ where you have several guideline requirements from different regulators which apply to your contract. The guidelines will all deal with very similar issues but in slightly different ways, and some are more onerous than others.

“Our advice here is for firms to identify, for each of these different areas, which is the most onerous and that becomes your threshold, your high-water mark, that you need to make sure your contract reflects.”

A further challenge for firms is where different regulators have different areas of competency and focus.

Technology partner Oisin Tobín said: “There is increasing talk around forcing individuals to use biometric verification to access digital financial services or products. We’ve heard from some London-based financial services organisations who seem to be of the view that the Financial Conduct Authority (FCA) is pushing them in that direction.

“And it may well help from a Financial Services regulatory perspective because of the quality of the verification, but from a data protection perspective forcing somebody to provide biometric information so as to access a banking service is the kind of thing that is likely to lead to a lot of scrutiny from the Data Protection Commission and other regulators.

“Under the General Data Protection Regulation, biometric information, which would include eye scanning or retinal information, falls under special categories of data – what used to be called sensitive personal information back in the day. You are not allowed to process this data unless you have either obtained an individual’s explicit consent or fall within certain fairly tightly defined exceptions in the GDPR.”

The survey also found that, to support digital change in their organisations, 40 per cent of financial services firms would choose to allocate additional resources to their IT Departments. A quarter (25 per cent) of respondents would allocate additional resources to compliance to support digital change, and 23 per cent would allocate additional resources to risk.

Rowena Fitzgerald, partner and co-head of financial regulation at MHC, said: “This result is surprising as I thought most of the audience would select compliance as the area that needs more resources in their organisation! Saying that, I think IT makes complete sense.

“With the move to digitalisation, the IT infrastructure that an organisation maintains becomes more and more critical. In addition, with cyber risk being a key risk item on every regulated entity’s agenda, increased focus is being placed on the IT function and its ability to ward off cyber threats and maintain robust IT systems within the organisation.”