Click here to return to the 2019 edition.

The impacts of new, global regulatory regimes and subsequent demand for innovative and collaborative risk management solutions are far-reaching. That being said, localised legislation and perceptions of risk across several key jurisdictions have also created a range of fresh hurdles and regulatory obligations for firms doing business in these areas. More important still, a willingness amongst national and regional authorities to invest and foster creativity in the financial technology sector has brought with it a world of opportunity.

European Union

EU directives and guidance have without doubt set the global agenda for regulatory revisions in 2018 – and subsequently substantial demand for risk management systems. Firms have been working tirelessly to comply with Mifid II, Benchmarks Regulation, PRIIPS and PSD2 – but one of the most radical EU developments of 2018 has been the 25 May implementation of GDPR. This sweeping modernisation and consolidation of various regional privacy laws hands clients and customers a range of new rights, including the right to be forgotten, an obligation on companies to explain how data is being stored and used, transparency on how data is transmitted and an individual’s right to know if their data has been compromised within 72 hours.

These demands are major adjustments for the vast majority of firms, and any organisation doing business with EU citizens must comply. Unfortunately, many multinationals present in Europe are in danger of non-compliance. The Ernst & Young 2018 Global Forensic Data Analytics Survey found that only 12% of Asian firms are aware of GDPR and what is required of them – and financial firms across all jurisdictions are struggling to meet those requirements.

According to an April 2018 survey by Cordium and AmberGate, more than 50% of investment firms admitted they could not be fully compliant with GDPR by the end of May. Meanwhile, 59% of 250 financial institutions surveyed said they were currently unprepared to comply with their clients’ new right to know within 72 hours if their personal data has been hacked. That poses a major risk to firms across all sectors, as the penalty for non-compliance can amount to fines of up to €20m or 4% of a company’s global turnover – whichever is higher.

As such, many firms have turned to software vendors capable of data harvesting and storage. Software firms working in risk management have upped their games with robust cloud functionality and the data storage facilities it brings with it. With the high compliance standards set by the regulators, however, cloud services have had to become equally as robust.

Within that, though, a number of vendors have brought risk analytics, market data management, and predictive customer behavioural tools to market. These tools allow those operating across both financial markets and in the corporate realm to analyse with far more significant detail the risks in front of them.


Risk managers in the UK are already scrambling to get solutions in place that compensate for new regulatory ripples originating across the Channel, but officials are also working to change the way financial institutions operating domestically calculate risk. The UK’s Prudential Regulation Authority has demanded banks using the internal model approach in 2018 submit their plans to its working group. Meanwhile, adjustments surrounding the treatment of market risk in relation to cover rates, FX, commodity asset classes and equity must be made in the run up to the implementation of the FRTB in 2019. The culmination for these new requirements means an increased burden on UK financial institutions for improved data and analytics. Fortunately, regulators are keen to mitigate those burdens by allowing for experimental fintech.

The Financial Conduct Authority’s (FCA) Regulatory Sandbox was established in 2016 to allow firms to test new products and business models in a life market environment. The FCA’s sandbox operates on a cohort basis with two six-month test periods each year, and its first annual report found 75% of firms have successfully completed testing. Currently on its third cohort, 2018 sees the FCA sandbox facilitating several developments with the power to evolve risk management systems. Economic Data Sciences is currently creating a solution that utilises AI to provide fund managers with a mathematically-defined trade-off among risks and objectives during the investment selective process. Meanwhile, Sherpa Management Services is working to create an insurance solution that offers members an account to set up and manage multiple insurance risks, and Wrisk is using the FCA sandbox to forge a usage-based contents insurance product with new risk scoring methods.


The Commodity Futures Trading Commission (CFTC) also launched a sandbox of its own in 2017 in the form of LabCFTC. Yet unlike the FCA’s UK-equivalent, LabCFTC doesn’t actually offer a regulatory structure for innovation to its cohorts. Instead, it gives fintech companies and collaborators a forum in which to share their product innovations with the CFTC so the agency can educate market participants on how fintech can fairly and robustly enhance industry. Yet while regulators work to catch up with European counterparts in facilitating new innovations that can enhance risk management systems, American CROs have plenty of domestic legislation and politics to try and navigate.

Risk managers in the US have already spent the vast majority of 2018 floating in regulatory limbo amidst the Trump administration’s vow to dismantle the Dodd-Frank Act. In March 2018, the US got one step closer to the eradication of Dodd-Frank when the US Senate passed the Economic Growth, Regulatory Relief, and Consumer Protection Act. This bill is designed to provide regulatory relief for smaller financial institutions in the form of a Volcker Rule exemption and off-ramp relief from capital and leveraging requirements. The bill also exempts holding companies with total consolidated assets of less than $250bn from previous stress test requirements and adjusts the calculation of the supplementary leverage and liquidity coverage ratios.

While the eventual implementation of these deregulation measures will reduce the burden of compliance costs for firms, a survey conducted by Grant Thorton found that 86% of regulatory experts said the intensive stress test and CRM requirements introduced as part of Dodd-Frank have yielded the intended benefit of reducing the likelihood of a large systematic event. Moreover, larger American institutions appear to have realised that producing accurate quantifications of precise exposure and the value of holdings is actually good practice – and so firms have come to realise the benefits of software systems offering data analytics into a variety of risk metrics.

Within that, a variety of new systems have come to market of late, and many US incumbents have bettered their liquidity, credit, margin and asset & liability offerings.


The Monetary Authority of Singapore (MAS) has adopted a particularly agile stance for 2018 in terms of the wider use of technology in the financial sector. Anticipated revisions to Singapore’s Technology Risk Management (TRM) Guidelines over the coming months will supposedly allocate more specific guidelines to various categories of financial institutions based upon their trading activity. Meanwhile, the looming implementation of the Singapore government’s Banking (Amendment) Act 2016 will amend existing legislature by allowing the MAS to set requirements that cap the leverage of financial institutions and demand higher levels of liquidity in line with standards already being implemented across partner jurisdictions. Similar to the EU’s GDPR measures, the act also includes a mandatory breach notification regime if personal data becomes compromised.

In June 2017, the MAS also floated the idea of regulating digital advisory services across the wealth management sector – and on 1 January 2018, Singapore introduced changes in the recognition and measurement of credit losses. Finally, last year’s Securities and Futures (Amendment) Bill is finally expected to come into effect in 2018. This will introduce a new regime for benchmarks and market abuse, alongside the regulation of OTC derivatives.

Yet while regulators are reigning in on financial institutions and imposing stricter than ever rules, Singapore has also invested in new ideas through its new Fintech Regulatory Sandbox. The MAS recently launched a new S$27m grant to promote AI and data analytics projects in the financial sector as part of its wider innovation scheme – and since 2016, these types of grants have helped support the more than 270 open application programming interfaces (APIs) that have been developed and shared between financial institutions in Singapore.


Sweeping global regulations such as MiFID II and GDPR will undeniably effect China and the way its firms perceive and mitigate risk. Yet China’s financial sector will continue to remain fixated on domestic markets across 2018.

In March, President Xi Jinping approved plans to set up a new financial conduct court in Shanghai in order to crackdown on risk in China’s $15trn asset management sector and eradicate shadow lending. This is without doubt part of China’s wider campaign to attract liquidity from overseas, and also the government’s desire to open up financial markets in order to allow domestic service providers and China’s globally systemically important banks to try and compete for new global clients.

The incorporation of resolvability and recovery into existing risk management solutions have become crucial for financial market participants this year. What’s more, in order to comply with domestic regulations, firms looking to enter China will need to be able to demonstrate robust governance, transparent asset valuations and strong testing models – leading to a rise in demand for data management systems.