View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 15, 2016updated 22 Sep 2016 12:15pm

How will new UK and EU regulations hit UK banking?

Analysis: From ring fencing to MiFID II, the regulatory demands on UK banks are increasing.

By James Nunns

In recent years banks have been hit by disruption coming from several different angles, from technology enabled fintech companies, to customer demand and regulations.

Regulations arising from the global financial crisis have sought to significantly change how UK banks operate, and in order to comply with the changing requirements they have had to restructure large sections of their business.

This takes times and money and with the threat of significant fines looming over the heads of banks that fail to change, combined with challenger banks plotting a beeline for markets that traditional banks have controlled, change can’t come quickly enough.

Although the financial crisis of 2008 is often seen as a catalyst for change, there were concerns dating back to 2001 from the Competition Commission which concluded that a number of the largest banks in the UK operated a complex monopoly in the supply of services to small and medium sized enterprises. This resulted in reduced competition which negatively impacted customers.

Previously under the control of the Financial Services Authority, regulations in the UK are now handled by the Prudential Regulation Authority and the Financial Conduct Authority, following the abolition of the FSA in 2012.

Since its change of role the FCA has become a proactive legislator, meaning that it has introduced and proposed legislations that would help to promote competition, make it easier for fintechs to break into the financial services market, and change the way banks operate.

Banks are faced with preparing for ring-fencing, which will force the largest UK banks to shift their retail operations into separate subsidiaries that operate independently from riskier activities such as investment banking.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester


The idea is to protect tax payers from having to bail out a bank by ensuring that vital services are separate from the higher risk activities that a bank deals with.

On a more positive front from the FCA it has introduced Project Innovate, a regulatory sandbox that aims to create a safe space in which business can test products, services, business models, and delivery mechanisms in a live environment without immediately incurring the normal regulatory consequences.

To tackle the problem of competition in the banking sector, the Competition and Markets Authority has recommended the creation of open application programming interfaces (APIs) and data sharing, in addition to creating more competition it is hoped that this will promote greater transparency for account holders.

An order has been provisionally created that will require Barclays, HSBC, Nationwide, Santander, Royal Bank of Scotland, Lloyds Banking Group, Danske, Bank of Ireland, and Allied Irish Bank, to adopt and maintain common API standards through which they will share data with other providers and third parties.

The idea is to promote competition in Personal Current Accounts and retail banking services for small and medium-sized enterprises, something that could significantly help fintechs ability to eat away at the market share of the traditional banks.

While these changing regulatory requirements may already paint a pretty demanding turn around for banks, they are far from the only rules coming in.

The Markets in Financial Instruments Directive II (MiFID II) is another major piece of legislation that banks have to look at after the European Securities and Markets Authority (ESMA) published final drafts in 2015.

MiFID II will introduce 27 regulatory technical standards and one implementing technical standard.

Article 5 of MiFIR introduces a mechanism that caps the amount of trading carried out under: (i) systems matching orders based on a trading methodology by which the price is determined in accordance with a reference price; and (ii) negotiated transactions in liquid instruments carried out under article 4(1)(b) of MiFIR.

The requirements being placed upon banks is vast but basically it will require them to rethink their strategy, redefine what sort of products they offer in the market, what sort of trading platforms they operate in the future, and rethink the viability of certain businesses.

This will potentially open up the market to new players that find it easier to adapt to the regulatory requirements because they do not have existing business lines that are impacted by it.

Aside from the regulations that are solely aimed at the banking industry there are new requirements coming in that will deal with the control of data, such as the EU General Data Protection Regulation that comes into force on the 25th May 2018.

The legislation will replace the 1995 Data Protection Directive and will enforce requirements such as; 72-hour breach notification, the ability for individuals to request information about how their data is being used or shared, the creation of a privacy-protection environment, and the appointment of a data protection officer to undertake "regular and systematic monitoring of data subjects on a large scale."

What this all points to is a large amount of work that businesses, including banks, will have to undertake in order avoid being potentially hit by a maximum fine of €20 million or 4 percent of annual global revenue.

The changing regulatory requirements are prompting fundamental changes and introduced competition in a sector that has typically faced no outside challenge. Those that don’t comply will be hit with fines and for those that do comply the best they can hope for is that only a small part of their business is lost to challengers.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.