Cognizant 20-20 Insights | February 2018

Embracing Digital Convergence amid Regulatory-Driven Overhauls

COGNIZANT 20-20 INSIGHTS

With the deadline for the EU’s General Data Protection Regulation (GDPR) fast approaching, and other incoming regulations on the horizon, banks and other financial services institutions should use their regulatory and digital programs to drive a step-change in value across their ecosystems.

Cognizant 20-20 Insights

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 2

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 3

EXECUTIVE SUMMARY

By any measure, the EU’s General Data Protec-

tion Regulation (GDPR) is a ground-breaking

piece of legislation with profound implications

for companies worldwide. It applies globally,

affecting any organisation that interacts with

the data of an EU resident. These pervasive

implications mean GDPR impacts internal and

external stakeholders and requires actions

across people, process and platform (both data

and technology).

But is targeting GDPR compliance enough on its

own? We believe the answer is no. Put simply,

GDPR demands not just regulatory compliance,

but strategic organisational change. Therefore,

financial institutions (FIs) should approach

GDPR not as a stand-alone compliance issue,

but as a change that creates major opportuni-

ties to generate higher value through the smart

use of digital technologies and thinking.

In 2018 alone, the second Payments Services

Directive (PSD2), Markets in Financial Instru-

ments Directive 2 (MiFID II), upcoming European

Commission’s proposed e-privacy law and revi-

sions to UK’s Open Banking agenda are all

set to revolutionise the industry’s journey to

enactment.

Approaching any of these regulations in iso-

lation risks missing out on their areas of

commonality. The main theme that links and

aligns them is the need to apply a range of

digital technologies in smart and integrated

ways. So what we’re seeing is two forms of

convergence: regulatory convergence, as new

regulations coalesce in terms of impact and

imperatives; and digital convergence, as banks

and financial services organisations combine

new technologies – artificial intelligence (AI),

machine learning (ML), blockchain, robotic

process automation (RPA) and more – both to

protect customers more effectively, and also to

transform their own organisations to be leaner,

more effective and more efficient. (To learn

more about digital strategy at banks, read our

white paper, “How Digital 2.0 Is Driving Bank-

ing’s Next Wave of Change.”)

The message, therefore, is clear: The optimal

way to approach these imminent rules is as

an interlinked array of new regulations, and

then respond through digital convergence that

creates higher business and regulatory value.

Organisations that approach digital, regulatory

and technological convergence appropriately

(see our six-step approach in the sidebar, next

page) will simultaneously build compliance

and customer trust, and thrive in the modern

digital age.

It is a one-time golden opportunity to accel-

erate and escalate the creation of business

value through digital. This white paper further

enumerates how this can be realised and max-

imised.

Cognizant 20-20 Insights

Cognizant 20-20 Insights

GDPR’S KEY MILESTONES & IMPACTS ON BANKING AND FINANCIAL SERVICES

The first step for responding properly to GDPR

is to understand the regulation itself, the scale

and nature of its impacts and its interrelationship

with other regulatory changes. Equipped with

these insights, FIs can ensure not only that they

are GDPR-compliant, but that their operating

model is future-proofed for an increasingly open

and digitally-enabled market ecosystem.

GDPR aims to unify and strengthen data pro-

tection and privacy for all individuals in the

European Union (EU). Its goals include giving

citizens and residents greater control over their

personal data and creating a single region-wide

regulatory framework. Figure 1 (next page) shows

our proven methodology for addressing all of

these impacts in a single program.

The changes required by GDPR can be catego-

rised into the following main areas:

• Appoint a data protection office (DPO)

and set up a robust governance process.

A DPO must be appointed to advise the data

controller/processor and employees, moni-

tor regulatory impacts and compliance, and

act as the contact point for the supervisory

authority.

• Transparently demonstrate consent and

honor erasure. Firms must have a single view

of the customer, review existing personal data

consent agreements, obtain explicit consent

for data collection, and provide for sharing,

rectification or erasure of data on request.

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 4

Quick Take

A Six-Step Approach to Linking Regulatory and Digital Convergence1. Conduct a business impact assessment of forthcoming regulatory

changes.

2. Clarify the changes required to deliver the firm’s digital vision.

3. Merge the set of requirements to deliver both goals in line with

customer-centricity.

4. Conduct a gap analysis of the ‘as-is’ IT estate against the target to-be

state, for greater clarity and simpler data governance.

5. Plan a roadmap for the digital transformation program.

6. Launch an implementation program for completion within the regulatory

de adlines.

The post-GDPR environment will also bring a number of important benefits – for example, greater clarity and simplicity to data governance, a single lead authority and a one-stop shop for reporting. And the unified customer view required by GDPR will help to improve customer-centricity.

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 5

• Introduce new categories of personal data.

The regulation introduces new categories of

personal data such as IP address and social

and mental state. It is imperative that organi-

sations understand their own use of personal

data maps.

• Enable data subjects to exercise rights.

Under EU rules, data subjects have the right

to file a subject access request (SAR) and

obtain from the data controller a copy of their

personal data, together with an explanation of

the categories of data processed. Therefore,

controllers must ensure third-party proces-

sors are subject to adequate contractual

agreements, and must approve any changes

in protocol made by processors.

• Lay out a process for incident/breach

handling. Breaches must be reported within

72 hours, and the regulator requires bian-

nual compliance effectiveness audits and

comprehensive record-keeping. Compliance

management must be active rather than pas-

sive.

The post-GDPR environment will also bring a

number of important benefits – for example,

greater clarity and simplicity to data governance,

Cognizant’s GDPR Methodology

Assessments/Deep Dives

Journey Mapping& Data Analysis

DeliveryMobilisation, Execution &

Oversight

Organisational Design Covering

People &Processes

Tools &

Accelerators

TechnologyEnablement

GDPR Assistance Services

Data Architecture

Data Management& Security

Legitimacy & Rights

Governance & Oversight

We are currently working with clients acrossvarious stages of GDPR implementation.

We are on our own compliance journey,applying the changes required for GDPRthrough a digital lens.

PeopleGovernance & Oversight

ProcessConsent & Rights

DataData Management& Security

TechnologyData Architecture

GDPR Readiness Framework

Dat

a Q

ualit

y A

ssur

ance

Met

adat

a M

anag

emen

t

Incident

Managem

ent

Policies & Standards

Consent

Objection

Erasure

Portability Rectification

Restr

ictio

nA

cces

s

Man

agem

ent,

Com

mit

men

t an

d Ed

ucat

ion

Aut

omat

ed

Dec

isio

n-M

akin

g

Inform

ation

Stra

tegy

& A

ppro

ach

Process and

Controls

Master Data

ManagementContent

Management

Integ

ration

Arch

itecture

DataTransferSecurity

Leg

al

Risk ManagementOrganisational Governance

Performance

Managem

ent

Life

cycl

e

Man

agem

ent

Figure 1

Cognizant 20-20 Insights

The common thrust of all these regulations is to enable better, safer, more efficient and more open use of digital technologies and data.

Cognizant 20-20 Insights

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 6

a single lead authority and a one-stop shop

for reporting. And the unified customer view

required by GDPR will help to improve customer-

centricity.

Yes, There Are Overlaps

GDPR’s obligations and opportunities are influ-

enced and overlapped by several other current

or forthcoming regulatory initiatives. Foremost

among these is PSD2, which is set to revamp

Europe’s payments landscape by requiring

banks to allow third parties to access their

customers’ account information through appli-

cation programming interfaces (APIs).

Other incoming regulations include Open Bank-

ing – which introduces open API standards for

UK banking – and the New Payment Architec-

ture (NPA) in the UK, which will use the Bank of

England’s Real Time Gross Settlement (RTGS)

service for net settlement of payments. Mean-

while, the e-IDAS has been enacted and MiFID

II – the EU’s revised Markets in Financial Instru-

ments Directive – launched on 3rd January 2018.

And the EU has also released a draft towards a

new e-Privacy Directive.

The common thrust of all these regulations is

to enable better, safer, more efficient and more

open use of digital technologies and data. It fol-

lows that an approach based on just one aspect

of the evolving regulatory environment is not

enough. While important, GDPR is just one new

regulation among many – and firms need to be

cognizant of that.

DIGITAL CONVERGENCE: COMPLETING THE JIGSAW

Just as a number of regulatory initiatives are

converging to create a new supervisory and

compliance environment for FIs, several strands

of technology innovation are converging to

advance digital enablement. The good news is

that by harnessing these complementary tech-

nologies to drive digital transformation of their

organisations, firms across the industry can

simultaneously achieve better regulatory compli-

ance and higher business value.

The evolving technologies can be divided into two

main groups – the first comprising robotic process

automation (RPA) and narrow AI like chatbots,1

and the second consisting of advanced AI (e.g.,

machine learning). Alongside these, blockchain

is emerging as a transformational technology,

heralding a revolution in how companies and

individuals interact and conduct transactions.

(See the full array of blockchain white papers on

our website.)

• Use of RPA and AI is growing across the

financial services, driven by a rising tide

of innovation both by fintechs and also

incumbent institutions. (By way of context,

multipurpose industrial robot shipments in

China – an automated manufacturing power-

house – are projected to hit 150,000 this year,

up fourfold from 2013.2) As in other indus-

tries, banks and financial services firms are

harnessing the exponential growth in data

to power advanced AI-enabled automation,

in order to augment human capabilities and

create smarter, more productive and more

effective processes at lower cost.

By positioning regulations and compliance as an input to digital convergence rather than an output of legacy processes, and harnessing the power of emerging technologies to optimise this convergence across the organisation, firms can turn regulation from a cost burden into a positive driver of business value.

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 7

While many of these innovations began with a

primary focus on cost-efficiency, the benefits

in terms of regulatory compliance are now also

becoming increasingly evident. In the face of

regulators’ growing demand for fast, compre-

hensive and accurate reporting, robotics and

AI enable financial services firms to respond

without large investments or heavy manual

processing. (For more, read our blog on the

topic, “How Banks Can Use AI to Reduce the

Regulatory Compliance Burdens.”)

• Use of machine learning and chatbots is

expanding to provide enhanced and more

personalised customer experiences at scale.

These technologies, also known as smart

virtual personal assistants (SVPAs), learn pro-

actively from every human interaction, and

are increasingly able to respond appropriately

to customers’ subtle – and even subconscious

– emotional signals and nuances.

Usage of RPA can potentially enable banks to

achieve better quality and efficiency. More-

over, a key driver will be the expansion of

chatbots beyond their initial consumer appli-

cations and into enterprise and employee

collaboration, yielding corresponding gains in

efficiency, effectiveness and compliance.

• Meanwhile, blockchain, the smart, decen-

tralised, trusted and highly-encrypted way

of transacting and interacting, is poised

to power the next disruptive wave of dig-

ital business. FIs have grasped the scale of

the impending change blockchain is poised to

unleash. In our recent research study of 1,520

executives representing 578 financial services

firms, 91% of respondents said they believe

blockchain will be either critical or important

to their firm’s future, while 48% said it will

fundamentally transform the industry.3

Digital Convergence: Amplifying the Business Benefits …

While these strands of digital innovation may

have originated as distinct areas of technological

evolution, their real power in banking and finan-

cial services lies in combining and integrating

them to transform what the industry does and

how it does it. The fact that these technologies

are also pivotal to meeting the challenges and

opportunities of GDPR and other regulations

means the business case for leveraging them to

drive enterprise-wide digital transformation is

not just compelling, but unanswerable.

… While Reducing Time to Market…

Figure 2 (next page) illustrates how we see these

technologies coming together. By positioning

regulations and compliance as an input to digi-

Cognizant 20-20 Insights

Cognizant 20-20 Insights

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 8

tal convergence rather than an output of legacy

processes, and harnessing the power of emerg-

ing technologies to optimise this convergence

across the organisation, firms can turn regula-

tion from a cost burden into a positive driver of

business value. Additional value is increased still

further by the impact of digital convergence on

speed to market for new products and services

(e.g., by using tools that enable the business and

technology estate to more effectively collab-

orate), as well as on other key aspects ranging

from customer experience and loyalty to inter-

nal collaboration, productivity and employee

engagement.

… And Embedding Digital as a Way of Life

In this way, firms can reap the maximum busi-

ness benefits from GDPR while remaining fully

customer-focused and -centric, and delivering a

seamless end-user experience that will keep cus-

tomers loyal and satisfied. But that’s not all. At a

higher level, firms that achieve this will be able to

fully embrace the new reality of “digital as a way

of life” that increasingly pervades the global cus-

tomer and business ecosystem, from individual

consumers to the biggest multinationals.

How Digital Convergence Enables Regulatory Compliance and Generates Business Value

BusinessBenefits

Robotics& AI

Machine Learning& Chatbots

Blockchain

Strategies for Data Analytics& Self-Learning

Predictive Models& Synergies

Seamless Ledger & Payment Processing

Digital Convergence

Regulations &

Compliance

Figure 2

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 9

A ROADMAP FOR THE FUTURE

Our distinctive point of view on the linkage

between digital and regulatory convergence

has resulted in a unique framework – one that

can help FIs shape more effective regulatory

strategies while delivering digital at scale. It is

based around the three key dimensions of time

to market, compliance and business value (see

Figure 3).

The Six-Step Approach

We believe FIs should unify and address the CxO

agendas for delivering digital at scale in conjunc-

tion with regulatory and compliance agendas by

institutionalising the six steps outlined on page 4.

This is a great mechanism to drive a step change

in value across their ecosystems.

1. Undertake a business impact assessment

across the whole range of current and forth-

coming regulatory changes, by aligning with the

organisation’s mission and vision.

2. Overlay this assessment with the changes

required by the firm’s digital transformation,

with a view to enhance time to market while

reducing costs.

3. Combine these sets of changes to estab-

lish a single set of organisational and system

requirements to deliver against both goals.

4. Assess the ‘as-is’ IT estate/organisation

against the target ‘to-be’ state, and conduct a

gap analysis for what’s needed both to comply

with regulations and boost organisational perfor-

mance.

5. Use the outputs from the gap analysis to

plan out a roadmap for the digital convergence.

6. Launch an implementation program timed

for completion within the deadlines set by the

regulations.

Value Maximisation: An Illustration

Bu

sin

ess

Val

ue

Time to Market

With digitalconvergence:

a journey redefined

Without digital convergence:a typical journey

Gain in businessefficiency & effectiveness, lower time to market and enhanced customer experience

Regulatory and Compliance Initiatives

Figure 3

Cognizant 20-20 Insights

Cognizant 20-20 Insights

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 10

FOOTNOTES

1 “The Expanding Role of Chatbots in Enterprise Collaboration,” Cognizant, July 2017, https://www.cognizant.com/whitepa-

pers/the-expanding-role-of-chatbots-in-enterprise-collaboration-codex2575.pdf.

2 https://www.strategyand.pwc.com/trends/2016-manufacturing-trends

3 L. Varghese, F. McCraw, “Financial Services: Building Blockchain One Block at a Time,” https://www.cognizant.com/whitepa-

pers/financial-services-building-blockchain-one-block-at-a-time-codex2742.pdf.

David Paris Head of Governance, Risk and Compliance,Banking & Financial Services, UK&I

David Paris is Head of Governance, Risk and Compliance for Cog-

nizant’s Banking & Financial Services Group in the UK. He has

over 30 years of experience as a financial services industry pro-

fessional, having worked in both major financial institutions such

as Deutsche Bank, Reuters Instinet and Wells Fargo Bank, as well

as in major services and technology vendors. David has worked

extensively in Europe, Asia and the U.S. in senior management

and consultancy roles in risk, operations and technology across

both banking and securities businesses. He can be reached at

David.Paris@cognizant.com | Linkedin: www.linkedin.com/in/

david-paris-6862513/.

ABOUT THE AUTHOR

Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 11

Cognizant 20-20 Insights

World Headquarters

500 Frank W. Burr Blvd.Teaneck, NJ 07666 USAPhone: +1 201 801 0233Fax: +1 201 801 0243Toll Free: +1 888 937 3277

European Headquarters

1 Kingdom Street Paddington Central London W2 6BD EnglandPhone: +44 (0) 20 7297 7600 Fax: +44 (0) 20 7121 0102

India Operations Headquarters

#5/535 Old Mahabalipuram RoadOkkiyam Pettai, ThoraipakkamChennai, 600 096 IndiaPhone: +91 (0) 44 4209 6000Fax: +91 (0) 44 4209 6060

© Copyright 2018, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means,electronic, mechan-ical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.

Codex 3180.2

ABOUT COGNIZANT

Cognizant (NASDAQ-100: CTSH) is one of the world’s leading professional services companies, transforming clients’ business, operating and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innova-tive and efficient businesses. Headquartered in the U.S., Cognizant is ranked 205 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant.