Golden Copy: It's A Legal Matter From Now On...

Last month, Inside Reference Data looked closely at collaboration and compatibility in data management and compliance operations. In this month's features, we report on how legal and technological intricacies are affecting data operations, and how professionals are addressing the challenges these complexities present.

Amid the numerous provisions and aspects of Europe's revised Markets in Financial Instruments Directive (MiFID II) that we have covered, including issues of data quality, centralization and governance, as well as the handling of identifiers, a previously overlooked requirement is timestamping. As reported in "Watching the Clock," the purpose of synchronizing the clocks used to timestamp transactions is to improve the accuracy of audit trails, both for firms' own benefit and for transparency, should the regulators look into possible instances of market abuse.

The timestamps that will be generated under MiFID II represent a new category of reference data. Aside from the great likelihood that firms must expend more resources to manage this additional data, it means firms and industry bodies will have another aspect of MiFID II compliance to address even as the time to do so grows short—there are now only 15 months left.

But on another front where technology and compliance issues meet, there may already be a more positive and beneficial outcome. As Wei-Shen Wong reports in "Centralized Utilities for KYC Success," Australia has launched its New Payments Platform, which promises to better organize data and information relevant to anti-money laundering and know-your-customer (AML/KYC) concerns, and improve support for better risk management and compliance capability. The platform can achieve this particular goal by pulling data together that is spread out in silos, as frequently happens in firms.

For all the technological assistance that is available and possible for AML/KYC data, transparency mandates from regulators may be creating a legal headache that all the technology in the world may not be able to cure. As Joanna Wright reports in "The Problem with Data Privacy," along with MiFID II, Europe also has the General Data Protection Regulation (GDPR), which is intended to reduce the complexity of data protection rules but could have the opposite effect.

Third-party processing of this AML/KYC data, if it takes place outside the European Union, can complicate the application of GDPR rules about the protection and use of this data. Consent of the individuals whom the data concerns can be an issue if another region's jurisdiction is involved, and the standards of US firms doing business with EU counterparties may not be deemed adequate under GDPR.

As Fenergo's Laura Glynn says in this story, firms will have to be flexible about the strategies and tactics they use to comply with GDPR. One can also extrapolate that flexibility must apply to data technology, as well.