Regulation rewritten: complying with chaos in 2019

2018 marked the arrival of two of the most impactful regulatory developments to hit the financial sector in decades: the Revised Payment Services Directive (PSD2) on the 13th January and the General Data Protection Regulation (GDPR) on the 25th May.

On the face of it, the two are in complete contradiction with each other. One seeks to clamp down on the ways that businesses collect, store and use data to ensure that consumer data is protected, while the other forces banks to open up their infrastructure, giving third-party providers access to customer information with a view to driving better, tech-led and innovative services. It’s regulatory chaos, particularly for SMEs across the financial sector who are having to grapple with compliance with only a limited team resource to execute against it.

PSD2 was partly introduced to revive competition within an established and stale financial market. And if that wasn’t enough to contend with, the competition which PSD2 was introduced to create has given rise to the “Open Banking” trend, which has seen a proliferation of fintech products and digital financial services. Many of these new offerings leverage that same data that businesses are struggling to protect, layer it with machine learning technology and use it to offer personalised recommendations and services for customers.

But what does this wave of regulatory change mean for SMEs?

A turning tide
The introduction of these two regulations has brought on a host of compliance requirements and, at the same time, competitive pressure that SMEs are having to contend with. Complying with GDPR means having to understand the data residency requirements for each geographical market across Europe, triple-check assurances from third-party service providers and ensure that all employees are trained and adhering to the latest guidelines. And the surge of competition brought on by PSD2 means that SMEs in the financial sector are having to rapidly create, test and market new products and services to ensure they aren’t left behind.

As they say, data is the oil of the twenty-first century, but protecting that data and also having the ability to harness its power for the creation of new products and services is no mean feat. As a result, SMEs are increasingly looking to partners who can either guide them through these transitions or support them with the technology they need to succeed.

A single surfer
The fallout from these regulations is a force that influences every department across an organisation: product, HR, finance, IT, marketing etc. But SMEs are experiencing this shift more acutely than most as often, in these types of company, all these functions fall within a single person’s responsibilities – anyone from the CEO, the company’s Head of Marketing or even the office manager. In many cases, you’ll find the same person ticking off jobs that belong to very disparate job sets: everything from tracking leads to scheduling invoices, issuing marketing communications to chasing late payments. Running between tasks to put out one fire after another, it’s not difficult to see why compliance and proactivity in response to a changing industry can fall to the bottom of the pile.

With a single surfer riding the waves made by new regulation, the role of technology in supporting these job functions becomes invaluable.

A life raft
SMEs’ saving grace in 2019 will be a customer lifecycle strategy which brings product, HR, finance, IT and marketing together. Only with a holistic view of business operations (tied to sales) can a small business weather the regulatory storm that is GDPR and PSD2. And technology will be the life raft that enables this strategy.

Emerging customer lifecycle tools which consolidate multiple job functions within a single view will help stakeholders automate compliance and capitalise on new product and partnership opportunities. With payments and invoices taken care of, SMEs can dedicate more resource to innovation and developing new product lines, allowing them to thrive in the midst of some of the greatest regulatory changes they will have seen for years.


By Alain Mevellec, CEO of Sellsy

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.