5 Must-Know Data Regulations for 2018

How financial institutions can move toward better data management this year and beyond

It’s hard to believe the long-awaited FinCEN Customer Due Diligence (CDD) Rule is upon us. May 11 is just around the corner, and as financial institutions work to prepare, one thing is clear: it will be nearly impossible for businesses to avoid regulatory change this year.

In the worlds of data and finance, change is necessary, and it requires a particular attentiveness to stay compliant.. Data regulations are shifting constantly and dramatically, adding and tightening requirements for financial institutions. Looking ahead, the questions facing many firms are:

  1. How can financial institutions keep up with the significant changes on the horizon?
  2. What regulations matter most?
  3. How can you manage their complex, expanding scopes?
  4. How can you sift through the highly detailed, sometimes overlapping requirements?


These new regulations are designed to improve health (in this case, financial), compliance, and drive profound improvements: namely business growth and risk reduction.

Let’s take a look at five key regulations in 2018 that will drive the finance industry towards better data management to meet compliance requirements for reporting, transparency and risk reduction. The pace of regulatory change makes interpreting these new regulations and implementing requirements a major challenge, but the last thing companies need is to be hit with major fines and remediation costs due to data errors.

Here’s to making 2018 a clean, clear, data-compliant year.

5 Data Regulations that Matter Most in 2018

Financial institutions process millions of transactions and handle massive amounts of data every second of every day. Each moment is a chance for corruption, error, risk, or growth. Regulators are making sure organizations stop financial crime and reduce risk with these five core data regulations.

1. MiFID II: Avoid the Regulatory Fines

Compliance tip: plug those data gaps

The much talked about MiFID II replaced MiFID in January 2018.  It’s a welcome move toward creating more trade transparency to ensure that complex, high-risk financial instruments are only being traded by customers who understand the risk they’re exposed to. Many lessons were learned after the last financial crisis and the need for banks to have clear, accurate data around the shape and size of trade risk is paramount.

At the heart of this regulation is the implementation of legal entity identifiers (LEIs) for all trades. No LEI means no trade, and no trade is bad for business. Any inaccurate reporting of transactions may also lead to rejected reports by the relevant authorities, along with regulatory fines.

There are 3 key steps for banks to comply with MiFID II in relation to LEIs:

  1. Fill the LEI gaps — identify which clients don’t have LEIs, contact them and remediate
  2. Update client records — review LEI data sets against external sources (create, access, absorb and aggregate data)
  3. Ongoing maintenance — consider updating client onboarding software solutions to provide real time data fields


To get accurate and complete data you need to be able to rely on your technology solution to gather, reconcile and properly identify the entities you trade with. Being able to access data with speed and ease will be critical to trades and transactions going smoothly under MiFID II regulations.

2. FinCEN: No Hidden Surprises.

Compliance tip: know who you are doing business with

The Financial Crimes Enforcement Network (FinCEN) is the branch of the US Department of the Treasury tasked with protecting the US financial system from money laundering, terrorist financing and other financial crimes. It requires that banks, brokers or dealers in securities, mutual funds, and futures commodities conduct customer due diligence under the Bank Secrecy Act so they know who they’re doing business with and can uncover money laundering and other risks.

May 11, 2018, marks the regulation’s enactment date, making it the second major regulation to make its appearance so far this year. Specifically, FinCEN requires that financial institutions:

  • Identify and verify the identity of customers and their beneficial owners at the time a new account is opened
  • Understand the nature and purpose of customer relationships
  • Conduct ongoing monitoring as well as account renewals


Simply put, this legislation comes down to the most critical question in business today — who am I doing business with?

Failure to answer this question, as well as comply with other FinCEN provisions, has resulted in  major regulatory fines in the past few years. Banks need to have strong KYC and AML compliance programs based on accurate and comprehensive data to avoid taking on unnecessary risk and to meet heightened compliance standards.

Sounds simple, but it’s as important in 2018 as ever. Complicated business is impossible without starting with the basics of accurate and reliable business identification — and ongoing monitoring means there are no unexpected surprises.

3. FINRA Rule 4210: Phase 2 is Around the Corner

Compliance tip: categorize your data

You might remember phase one of FINRA’s rule 4210 back in 2016 relating to the inclusion of To Be Announced (TBA) transactions for counterparties. This summer will bring the second phase of that rule into play, and there is a lot to do to get your data ready.

The second phase of the Rule will introduce new margin requirements obliging banks to identify and classify customers in-scope for this regulation, determine the data and documentation to demonstrate compliance and collect required information. While this is a US piece of legislation, all counterparties need to be considered, so you must think globally. This is not something to be done overnight, that’s for sure, but where should you start?

Working with departments across your business is going to be the key to success for this data regulation. Legal, Operations, Finance and Risk are going to need to come together to tackle this large project, so this is a great opportunity to catch up with those colleagues and chat data. At the heart of this preparation lies the right technology to categorize and manage your global counterparties and TBA margins. Your systems need to be robust enough across all of your departments to keep regulators at bay.

4. Basel II: Prepare for Investor Scrutiny

Compliance tip: be transparent across your risk systems organization wide

This piece of regulation is all about becoming wiser based on past experiences. Basel II was issued in response to the global credit crisis and places high demands on banks to measure credit risk, operational risk and market risk in a systematic and standardized way.

By developing a risk management framework that is uniform, transparent and subject to regulatory supervision, the health of the banks is available for investor scrutiny. Basel II looks holistically at all of your risk management processes — to do this you need to be transparent about your risks organization wide.

The risk measurements need to be based on verifiable and complete data, which in most cases is spread across different parts of the business in potentially different systems. If this is the case for you, it’s highly likely you’re dealing with customer data sets that contain errors, duplications or outdated information. The challenge for you is: how can you bring all of this together and comply with the transparency requirements of Basel II?

5. BCBS 239: Good Information for Better Decision Making

Compliance tip: aggregate quality data together so that you can quickly respond

Last but not least, BCBS 239 is a regulation issued by the Basel Committee on Banking Supervision (BCBS) that is aimed at improving risk data aggregation and reporting across financial markets. BCBS is principles-based and attempts to tackle the bigger picture of risk reporting at the right time for better decision making.

This regulation lays out 14 principles for aggregating data and reporting risk that help financial firms be sure customer data is synced across their organization. As this is principles-based, being able to show the process your organization has followed is crucial. The need to access data quickly and report activity is at BCBS 239’s core, and you may need to report on consolidated risks on short notice.

The ability to report on risk within hours may seem like a stretch, but with a structured approach and support from teams in IT, compliance and finance, the complex task of bringing together this volume of data is possible. The right technology and data architecture allows you to pull together quality data to act quickly and minimize risk.

The key to data management success in 2018 and beyond

With so much regulation ahead in 2018, the key to success for financial institutions will be clean and accurate data. It’s a theme that has cut across all 5 of our compliance tips and the data regulations themselves. Knowing your customer, categorizing and gap-plugging, transparency and aggregating all have good data at the very heart.

Data is messy by nature. The ability to cross reference and update it is a challenge. We don’t need to tell you that data in legacy systems used in financial institutions is typically inaccurate and scattered across multiple divisions, systems (such as billing, order entry systems, CRMs)  and even geographies. The complexity and disorder can be staggering and overwhelming.

To be prepared for all the data regulations we’ve outlined, the first step is to go back to the basics: clean up your existing data to provide an accurate view of entity data across the organization. From there, technology solutions can help firms build a central data repository that leads to compliance with data regulations, reporting, KYC requirements and more.

Without clean and accurate data, staying compliant with strict regulations is a daunting task, and not something you’ll want to face as new requirements keep on coming.

In search of a data cleansing service to jump start your regulatory compliance in 2018 and beyond? At Opus, our Concordance service matches, de-duplicates and cross-references your universe of legal entities for a single, 100%-accurate view of your legal entities. Learn more.


Carol Ann Thomas