Facing a wave of regulatory changes, including EU's General Data Protection Regulation (GDPR), banks and other financial institutions are wise to coordinate regulatory implementation with digital transformation to deliver value throughout their ecosystem.
The document discusses California's new privacy law called the California Consumer Privacy Act (CCPA) which gives California residents the right to access information about what personal data companies have collected about them and how it is shared. It was inspired by Europe's GDPR law. While similar to GDPR, CCPA has some differences in terms of what entities it covers, penalties for non-compliance, and consumer rights. The document advises companies to proactively prepare for CCPA compliance now rather than waiting, as it will require significant changes to their data practices and procedures. A multi-stage process for compliance preparation is outlined that includes assessing current data use and policies, building consumer access and consent tools, and finalizing the compliance
Security, GDRP, and IT outsourcing: How to get it rightN-iX
This document discusses security and privacy challenges for companies in light of growing regulations like the General Data Protection Regulation (GDPR). It outlines key steps outsourcing vendors must take to ensure GDPR compliance, such as performing a gap analysis, creating a data register, evaluating existing technology, analyzing risks, and continuous testing. Choosing an ISO-certified vendor can help companies address security concerns, ensure safe data management, and facilitate business operations in compliance with standards and regulations.
Explain your algorithmic decisions for gdprPierre Feillet
What are the challenges of GDPR coming in 2018? We share an overview of the regulation, and zoom on its algorithmic aspects. We present best practices in decision automation to place symbolic AI in complement of ML, and then introduce eXplainable AI.
Commissioned by Salesforce, this report is the second edition of the Cross-Border Data Flows Index (CBDFI) which was first presented in 2019. The Index quantifies and evaluates eight regulatory dimensions that serve to either restrict or enhance the volume and variety of cross-border data flows for G20 economies. For this 2021 edition of the report, Singapore has been added to the original economies covered. It has created a conducive policy and regulatory environment for the development of its digital economy. Experiences from Singapore can be leveraged to enable the seamless flow of data across borders.
The report recommends long-term measures to build trust and confidence as well as short-term initiatives that will deliver immediate results in offering clarity on data transfer mechanisms.
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...TrustArc
The GDPR forced companies to spend a substantial amount of time, resources and money on becoming compliant. For many companies, it took years to understand, build and manage a compliance program to meet the variety of requirements included in the GDPR.
With new and updated privacy laws and regulations popping up, such as CCPA and Privacy Shield invalidation, companies are now being tasked with assessing the impact to their current privacy program and learning how to weave them into existing practices.
Listen to this webinar to learn how to leverage the substantial amount of work that was done for the GDPR to simplify additional privacy compliance.
GDPR- Get the facts and prepare your businessMark Baker
The GDPR will become law on May 25, 2018 and requires any organization that collects or processes personal data from EU citizens to comply with new privacy regulations. It mandates breach reporting within 72 hours of discovery and fines of up to 20 million euros for noncompliance. It also introduces the principle of "data protection by design" which requires privacy to be built into new systems and processes from the start. To prepare, organizations need to review technologies and processes for breach detection and reporting, and make privacy protections a fundamental part of their operations and systems.
Is Ukraine safe for software development outsourcing? N-iX
Many companies that are looking for a software development outsourcing company in Ukraine wonder if the destination is safe in terms of politics, economy, business climate, and information security.
We’ve completed the guide that covers all these aspects and will hopefully help you make well-weighed conclusions.
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
On January 1, 2020, one of the strictest privacy laws in the US, the California Consumer Privacy Act (CCPA), will come into effect. What should governance, risk and compliance executives know in order to prepare for CCPA? Watch the on demand recording here: https://symc.ly/2Pn7tvW.
The document discusses California's new privacy law called the California Consumer Privacy Act (CCPA) which gives California residents the right to access information about what personal data companies have collected about them and how it is shared. It was inspired by Europe's GDPR law. While similar to GDPR, CCPA has some differences in terms of what entities it covers, penalties for non-compliance, and consumer rights. The document advises companies to proactively prepare for CCPA compliance now rather than waiting, as it will require significant changes to their data practices and procedures. A multi-stage process for compliance preparation is outlined that includes assessing current data use and policies, building consumer access and consent tools, and finalizing the compliance
Security, GDRP, and IT outsourcing: How to get it rightN-iX
This document discusses security and privacy challenges for companies in light of growing regulations like the General Data Protection Regulation (GDPR). It outlines key steps outsourcing vendors must take to ensure GDPR compliance, such as performing a gap analysis, creating a data register, evaluating existing technology, analyzing risks, and continuous testing. Choosing an ISO-certified vendor can help companies address security concerns, ensure safe data management, and facilitate business operations in compliance with standards and regulations.
Explain your algorithmic decisions for gdprPierre Feillet
What are the challenges of GDPR coming in 2018? We share an overview of the regulation, and zoom on its algorithmic aspects. We present best practices in decision automation to place symbolic AI in complement of ML, and then introduce eXplainable AI.
Commissioned by Salesforce, this report is the second edition of the Cross-Border Data Flows Index (CBDFI) which was first presented in 2019. The Index quantifies and evaluates eight regulatory dimensions that serve to either restrict or enhance the volume and variety of cross-border data flows for G20 economies. For this 2021 edition of the report, Singapore has been added to the original economies covered. It has created a conducive policy and regulatory environment for the development of its digital economy. Experiences from Singapore can be leveraged to enable the seamless flow of data across borders.
The report recommends long-term measures to build trust and confidence as well as short-term initiatives that will deliver immediate results in offering clarity on data transfer mechanisms.
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...TrustArc
The GDPR forced companies to spend a substantial amount of time, resources and money on becoming compliant. For many companies, it took years to understand, build and manage a compliance program to meet the variety of requirements included in the GDPR.
With new and updated privacy laws and regulations popping up, such as CCPA and Privacy Shield invalidation, companies are now being tasked with assessing the impact to their current privacy program and learning how to weave them into existing practices.
Listen to this webinar to learn how to leverage the substantial amount of work that was done for the GDPR to simplify additional privacy compliance.
GDPR- Get the facts and prepare your businessMark Baker
The GDPR will become law on May 25, 2018 and requires any organization that collects or processes personal data from EU citizens to comply with new privacy regulations. It mandates breach reporting within 72 hours of discovery and fines of up to 20 million euros for noncompliance. It also introduces the principle of "data protection by design" which requires privacy to be built into new systems and processes from the start. To prepare, organizations need to review technologies and processes for breach detection and reporting, and make privacy protections a fundamental part of their operations and systems.
Is Ukraine safe for software development outsourcing? N-iX
Many companies that are looking for a software development outsourcing company in Ukraine wonder if the destination is safe in terms of politics, economy, business climate, and information security.
We’ve completed the guide that covers all these aspects and will hopefully help you make well-weighed conclusions.
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
On January 1, 2020, one of the strictest privacy laws in the US, the California Consumer Privacy Act (CCPA), will come into effect. What should governance, risk and compliance executives know in order to prepare for CCPA? Watch the on demand recording here: https://symc.ly/2Pn7tvW.
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
The impact of non-compliance with the California Consumer Privacy Act (CCPA) could be severe! If you're a business owner or an executive responsible for data and compliance for your organization, this presentation by Marit Davey - Data Privacy Compliance Expert can be helpful.
Information governance a_necessity_in_toAnne ndolo
1) Information governance is becoming a necessity for businesses today as they operate in an environment dominated by information. IG helps businesses improve operations, compliance, risk management, and customer service.
2) Implementing IG presents challenges for businesses, including issues with roles and responsibilities, policy implementation, information security, and compliance. Flexible IG systems and automated information management can help address these challenges.
3) Measuring the effectiveness of IG policies through evaluation allows businesses to ensure objectives are met and policies remain up to date with changing needs. Flexible policies that involve employees lead to more effective long-term governance.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
Achieving Digitalization in a Document Intensive Energy MarketCTRM Center
As energy companies seek to become more efficient and agile in a rapidly changing marketplace fraught with risks, digitalization - the process of evolving from manual or analog processes to more efficient and cost effective digital processes by reducing the number of times data is touched and ensuring greater accuracy and more rapid movement of data and information throughout the enterprise – continues to attract attention from CIOs across the energy value chain.
This document provides an overview and summary of a webinar titled "Mastering Consent, Do Not Sell, Consumer Rights, and Look Back Requirements" presented by TrustArc. The webinar covered key topics related to the California Consumer Privacy Act (CCPA) including definitions of terms like "sale" and "service provider", an overview of consumer rights under CCPA, requirements for obtaining consent for sale of personal information, and how to prepare for and handle consumer rights requests. The webinar included polls to gauge participant challenges and discussed the CCPA regulations and recent amendments that provide clarification and exemptions around certain topics.
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...Winston & Strawn LLP
This document summarizes recent regulatory actions and initiatives that affect financial institutions and their boards of directors. It discusses a Treasury report on nonbank financial companies and fintech, the OCC's announcement allowing fintech companies to apply for national bank charters, the BCFP's participation in an international fintech regulatory cooperation group, and other related developments. The actions reflect a changing landscape with increasing fintech competition and opportunities for banks through partnerships with innovative companies. Banks will need to carefully navigate the uncertainties of these overlapping and possibly conflicting regulatory initiatives.
Information Security and Data Privacy PracticesGigya
Gigya’s enterprise class Customer Identity & Access Management platform delivers maximum efficiency and scalability while protecting consumer data with strict security and compliance standards. The four pillars of Gigya’s security and privacy promise are:
- Infrastructure: State-of-the-art data centers for optimized performance and scalability.
- Data Security: ISO 27001 certification and multiple levels of security protect data with both physical and virtual safeguards.
- Compliance: Regional privacy compliance and built in social network terms of service functionality ensure responsible data management.
- Privacy Policies: Increased transparency of data practices fosters consumer trust and relationships.
For today’s digital businesses, being prepared to meet new compliance requirements when storing and managing consumer data will not only minimize risk, but also enable more valued and trusted customer experiences that drive increased loyalty, engagement and revenue. To gain better perspective on this important issue, it’s important to understand:
- The trends driving governmental regulatory shifts and the basic tenets of these new laws
- The challenges faced by executives across the enterprise when managing privacy compliance for consumer data
- The emergence of cloud-based solutions that help businesses manage privacy compliance by acting as end-to-end customer data storage and management solutions that are far more scalable and flexible than legacy systems
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...TrustArc
Major developments related to the California Consumer Privacy Act (CCPA) were announced at the end of last week. On Thursday, October 10th California Attorney General Xavier Becerra released proposed regulations under the CCPA. The proposed regulations are intended to operationalize the CCPA and provide practical guidance to consumers and businesses subject to the law. California Governor Gavin Newsom followed with a legislative update on Friday, October 11th in which he announced that he had signed 6 privacy bills into law, including 5 amending the CCPA and a new law related to the CCPA requiring data broker registration.
View this webinar to gain valuable insights into:
-A review and analysis of the proposed CCPA implementing regulations, related amendments and the impact to your planning
-Tips and tools to operationalize complying with the CCPA, including - the four types of consumer notices, including the Do Not Sell notice; consumer privacy requests, security considerations and verification; training and record-keeping; special rules for personal information of minors; requirements for financial incentives including calculating data value, practices for employment data and B2B transactions; and much more
-Insights into what to expect after the public comment period closes on December 6, 2019
General Data Protection Regulation & Customer IAMUbisecure
1) The document discusses how Customer Identity and Access Management (CIAM) solutions can help organizations comply with the EU's General Data Protection Regulation (GDPR). CIAM solutions can help with consent management, user data management, and collecting only minimum necessary data.
2) Consent management is a key GDPR requirement, and CIAM solutions allow organizations to easily collect, manage, and prove customer consent to use their personal data.
3) CIAM solutions provide centralized storage and management of user data, and self-service portals for customers to access, modify, and delete their own information—meeting several GDPR data rights requirements.
The CCPA is set to be the toughest privacy law in the United States and a trailblazer for future state and potentially federal legislation. The Act expands the rights of consumers and requires businesses falling within its scope to be significantly more transparent about how they collect, use, and disclose personal information. Any business in scope are required to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the 2020 deadline.
This webinar will review:
-10 step plan to reach CCPA compliance by the end of the year
-Key areas still under discussion and feedback from open forums
-How enforcement will work; private action and regulator enforcement
So Many States, So Many Privacy Laws: US State Privacy Law UpdateTrustArc
It’s no surprise that a US federal privacy law is the current talk of the privacy community. There have been MANY recent developments with individual US state privacy laws, along with numerous additional legislation on the horizon. With the advent of the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Privacy Act (CDPA) plus activity with the Washington Privacy Act (WPA) and Oklahoma Computer Privacy Safety Act, there's a lot to focus on.
The changing privacy landscape can make it tricky for privacy leaders to stay up to date as they manage their privacy programs. And there's no indication US privacy regulation changes will slow down in 2021. While it may feel like a bad game of "Whack-a-Mole," there are ways to keep your company in-the-know and empowered as more regulations pop up.
This webinar will review:
-Recent developments in US state privacy laws
-US federal privacy law predictions
-Best practices and tips on how your company can keep up
California Consumer Privacy Act: What your brand needs to knowOgilvy Health
The California Consumer Privacy Act (CCPA) is landmark data privacy legislation that takes effect on January 1, 2020. It gives California residents expanded rights over their personal data collected by businesses. These include the right to know what data is collected and how it is used, the right to say no to the sale of personal data, and the right to access and delete personal data. The CCPA applies to for-profit businesses that collect personal data of California residents and meet certain revenue or data thresholds. Non-compliance can result in fines of up to $7,500 per violation. Companies need to audit their data practices, get proper consent, and update privacy policies to comply with the CCPA.
Marketing automation function involves collating data across a set of varying domains, thereby securing information pertaining to credentials of prospects and customers alike...
http://bit.ly/2XPwp2t
1) The document discusses new privacy regulations called the General Data Protection Regulation (GDPR) that will take effect in 2018 and require companies in the EU to give users more control over their personal data.
2) It explains that under the GDPR, enterprises will need to ensure they can manage relationships with data subjects (users), gain proper consent for data use, and allow data subjects to view and restrict how their data is used across multiple internal and third-party systems.
3) Creating a centralized "privacy control point" system that can interface with other internal and external data processing systems and enforce user privacy preferences will be important for companies to comply with the GDPR's new user-centric privacy rules.
Presentation by Laila Medina, Ministry of Justice, LatviaOECD Governance
Presentation from the OECD Roundtable on Equal Access to Justice, Latvia, 2018. For more information see: http://www.oecd.org/gov/equal-access-to-justice-oecd-expert-roundtable-latvia-2018.htm
INATSUMMIT 2018 - Belgrade April 14th, 2018
How to comply to General Data Protection Regulation and still run a wealthy organization in post-digital economy
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
The impact of non-compliance with the California Consumer Privacy Act (CCPA) could be severe! If you're a business owner or an executive responsible for data and compliance for your organization, this presentation by Marit Davey - Data Privacy Compliance Expert can be helpful.
Information governance a_necessity_in_toAnne ndolo
1) Information governance is becoming a necessity for businesses today as they operate in an environment dominated by information. IG helps businesses improve operations, compliance, risk management, and customer service.
2) Implementing IG presents challenges for businesses, including issues with roles and responsibilities, policy implementation, information security, and compliance. Flexible IG systems and automated information management can help address these challenges.
3) Measuring the effectiveness of IG policies through evaluation allows businesses to ensure objectives are met and policies remain up to date with changing needs. Flexible policies that involve employees lead to more effective long-term governance.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
Achieving Digitalization in a Document Intensive Energy MarketCTRM Center
As energy companies seek to become more efficient and agile in a rapidly changing marketplace fraught with risks, digitalization - the process of evolving from manual or analog processes to more efficient and cost effective digital processes by reducing the number of times data is touched and ensuring greater accuracy and more rapid movement of data and information throughout the enterprise – continues to attract attention from CIOs across the energy value chain.
This document provides an overview and summary of a webinar titled "Mastering Consent, Do Not Sell, Consumer Rights, and Look Back Requirements" presented by TrustArc. The webinar covered key topics related to the California Consumer Privacy Act (CCPA) including definitions of terms like "sale" and "service provider", an overview of consumer rights under CCPA, requirements for obtaining consent for sale of personal information, and how to prepare for and handle consumer rights requests. The webinar included polls to gauge participant challenges and discussed the CCPA regulations and recent amendments that provide clarification and exemptions around certain topics.
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...Winston & Strawn LLP
This document summarizes recent regulatory actions and initiatives that affect financial institutions and their boards of directors. It discusses a Treasury report on nonbank financial companies and fintech, the OCC's announcement allowing fintech companies to apply for national bank charters, the BCFP's participation in an international fintech regulatory cooperation group, and other related developments. The actions reflect a changing landscape with increasing fintech competition and opportunities for banks through partnerships with innovative companies. Banks will need to carefully navigate the uncertainties of these overlapping and possibly conflicting regulatory initiatives.
Information Security and Data Privacy PracticesGigya
Gigya’s enterprise class Customer Identity & Access Management platform delivers maximum efficiency and scalability while protecting consumer data with strict security and compliance standards. The four pillars of Gigya’s security and privacy promise are:
- Infrastructure: State-of-the-art data centers for optimized performance and scalability.
- Data Security: ISO 27001 certification and multiple levels of security protect data with both physical and virtual safeguards.
- Compliance: Regional privacy compliance and built in social network terms of service functionality ensure responsible data management.
- Privacy Policies: Increased transparency of data practices fosters consumer trust and relationships.
For today’s digital businesses, being prepared to meet new compliance requirements when storing and managing consumer data will not only minimize risk, but also enable more valued and trusted customer experiences that drive increased loyalty, engagement and revenue. To gain better perspective on this important issue, it’s important to understand:
- The trends driving governmental regulatory shifts and the basic tenets of these new laws
- The challenges faced by executives across the enterprise when managing privacy compliance for consumer data
- The emergence of cloud-based solutions that help businesses manage privacy compliance by acting as end-to-end customer data storage and management solutions that are far more scalable and flexible than legacy systems
Update Your CCPA Plan with Practical Insights into the Proposed Regulations, ...TrustArc
Major developments related to the California Consumer Privacy Act (CCPA) were announced at the end of last week. On Thursday, October 10th California Attorney General Xavier Becerra released proposed regulations under the CCPA. The proposed regulations are intended to operationalize the CCPA and provide practical guidance to consumers and businesses subject to the law. California Governor Gavin Newsom followed with a legislative update on Friday, October 11th in which he announced that he had signed 6 privacy bills into law, including 5 amending the CCPA and a new law related to the CCPA requiring data broker registration.
View this webinar to gain valuable insights into:
-A review and analysis of the proposed CCPA implementing regulations, related amendments and the impact to your planning
-Tips and tools to operationalize complying with the CCPA, including - the four types of consumer notices, including the Do Not Sell notice; consumer privacy requests, security considerations and verification; training and record-keeping; special rules for personal information of minors; requirements for financial incentives including calculating data value, practices for employment data and B2B transactions; and much more
-Insights into what to expect after the public comment period closes on December 6, 2019
General Data Protection Regulation & Customer IAMUbisecure
1) The document discusses how Customer Identity and Access Management (CIAM) solutions can help organizations comply with the EU's General Data Protection Regulation (GDPR). CIAM solutions can help with consent management, user data management, and collecting only minimum necessary data.
2) Consent management is a key GDPR requirement, and CIAM solutions allow organizations to easily collect, manage, and prove customer consent to use their personal data.
3) CIAM solutions provide centralized storage and management of user data, and self-service portals for customers to access, modify, and delete their own information—meeting several GDPR data rights requirements.
The CCPA is set to be the toughest privacy law in the United States and a trailblazer for future state and potentially federal legislation. The Act expands the rights of consumers and requires businesses falling within its scope to be significantly more transparent about how they collect, use, and disclose personal information. Any business in scope are required to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the 2020 deadline.
This webinar will review:
-10 step plan to reach CCPA compliance by the end of the year
-Key areas still under discussion and feedback from open forums
-How enforcement will work; private action and regulator enforcement
So Many States, So Many Privacy Laws: US State Privacy Law UpdateTrustArc
It’s no surprise that a US federal privacy law is the current talk of the privacy community. There have been MANY recent developments with individual US state privacy laws, along with numerous additional legislation on the horizon. With the advent of the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Privacy Act (CDPA) plus activity with the Washington Privacy Act (WPA) and Oklahoma Computer Privacy Safety Act, there's a lot to focus on.
The changing privacy landscape can make it tricky for privacy leaders to stay up to date as they manage their privacy programs. And there's no indication US privacy regulation changes will slow down in 2021. While it may feel like a bad game of "Whack-a-Mole," there are ways to keep your company in-the-know and empowered as more regulations pop up.
This webinar will review:
-Recent developments in US state privacy laws
-US federal privacy law predictions
-Best practices and tips on how your company can keep up
California Consumer Privacy Act: What your brand needs to knowOgilvy Health
The California Consumer Privacy Act (CCPA) is landmark data privacy legislation that takes effect on January 1, 2020. It gives California residents expanded rights over their personal data collected by businesses. These include the right to know what data is collected and how it is used, the right to say no to the sale of personal data, and the right to access and delete personal data. The CCPA applies to for-profit businesses that collect personal data of California residents and meet certain revenue or data thresholds. Non-compliance can result in fines of up to $7,500 per violation. Companies need to audit their data practices, get proper consent, and update privacy policies to comply with the CCPA.
Marketing automation function involves collating data across a set of varying domains, thereby securing information pertaining to credentials of prospects and customers alike...
http://bit.ly/2XPwp2t
1) The document discusses new privacy regulations called the General Data Protection Regulation (GDPR) that will take effect in 2018 and require companies in the EU to give users more control over their personal data.
2) It explains that under the GDPR, enterprises will need to ensure they can manage relationships with data subjects (users), gain proper consent for data use, and allow data subjects to view and restrict how their data is used across multiple internal and third-party systems.
3) Creating a centralized "privacy control point" system that can interface with other internal and external data processing systems and enforce user privacy preferences will be important for companies to comply with the GDPR's new user-centric privacy rules.
Presentation by Laila Medina, Ministry of Justice, LatviaOECD Governance
Presentation from the OECD Roundtable on Equal Access to Justice, Latvia, 2018. For more information see: http://www.oecd.org/gov/equal-access-to-justice-oecd-expert-roundtable-latvia-2018.htm
INATSUMMIT 2018 - Belgrade April 14th, 2018
How to comply to General Data Protection Regulation and still run a wealthy organization in post-digital economy
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
A brief outline of the challenges that could be face by financial institutions with the implementation of the GDPR and recommendations to mitigate them
The document summarizes key aspects of the General Data Protection Regulation (GDPR) taking effect in May 2018 and recommendations for organizations to comply. It outlines the GDPR's 5 main duties: rights of EU data subjects, security of personal data, lawfulness and consent, accountability of compliance, and data protection by design and default. The document recommends organizations assess risks, identify necessary policies, processes, and technologies, and leverage IBM's solutions framework and experience helping clients in various industries prepare for the GDPR.
This article discusses Binding Corporate Rules (BCRs) which allow multinational companies to transfer personal data outside the European Union in compliance with EU data protection laws. It provides three key points:
1) BCRs operate as an intra-group code of conduct that sets privacy principles and rules for processing personal data. They must be legally binding on group entities.
2) There are two types of BCRs - one for data controllers and one for data processors. Over 60 BCRs have been approved to date.
3) BCRs can help prepare companies for the upcoming EU General Data Protection Regulation by already requiring accountability standards that will be mandated under the new law, such as documentation obligations
1) Binding Corporate Rules (BCRs) provide a framework for companies to legally transfer personal data within a corporate group across borders in compliance with EU data privacy laws. Several large payment companies have already implemented BCRs.
2) The EU's upcoming General Data Protection Regulation will significantly strengthen data privacy laws and compliance obligations. Companies can prepare by implementing BCRs, which establish robust privacy governance policies, procedures, and accountability.
3) BCRs help companies streamline privacy practices, demonstrate compliance, and facilitate legal data transfers both within and outside the EU. An increasing number of companies are pursuing BCR approval from European data protection authorities.
Data protection for Lend.io - legal analysis by Bird and BirdCoadec
New EU data protection rules are coming, with the General Data Protection Regulation likely to be agreed in the next few months. It will have a massive impact on digital businesses
To bring this rather dry subject to life, Coadec working together with techUK has commissioned a leading data protection law firm to look at what current drafts of the new law would mean for a fintech startup we invented, Lend.io.
Janrain Identity Cloud GDPR Assessment Kit Sean Bailey
The document discusses Janrain's services to help clients prepare for the EU's General Data Protection Regulation (GDPR) which takes effect in May 2018. It offers a GDPR Primer for a basic overview of requirements and identification of needs and gaps. It also offers a more in-depth GDPR Readiness Assessment to evaluate specific requirements for customer identity and access management processes. The assessment involves analyzing compliance, developing a prioritized remediation plan, building stakeholder consensus on the plan, and assisting with implementation of programs and technologies like Janrain's to achieve compliance.
As banks prepare themselves for the open banking journey and being able to share high-quality and accurate data with third parties, they face two immediate needs - a strong data governance and a robust data management framework that offers adequate data privacy and security measures.
Mortgage_Compliance_Magazine_1.2015_-_xTRID_Are_you_AwarexJohn I. Vong
The document discusses the challenges of implementing the Consumer Financial Protection Bureau's (CFPB) new TILA-RESPA Integrated Disclosure (TRID) rules which integrate mortgage loan disclosures required under the Truth in Lending Act (TILA) and the Real Estate Settlement Procedures Act (RESPA). Some of the key challenges include: upgrading technology systems to accommodate the new rules, facilitating two-way communication between lenders and other systems, and increased operational risks and liability for lenders under the new rules. Lenders will need to closely collaborate with settlement agents and vendors to ensure a smooth transition.
The document discusses the impact of new European Union General Data Protection Regulation (GDPR) regulations on corporate HR functions. It notes that the new regulations, effective in May 2018, will significantly impact how companies collect, store, and use personal employee data. HR departments will need to overhaul processes around data retention, security, transparency, and portability to comply. Non-compliance could result in fines of up to 20 million euros or 4% of global revenue. The document provides recommendations on how companies can assess their readiness, such as conducting privacy impact assessments and implementing centralized governance, risk and compliance solutions.
“The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way that organisations handle, protect and use the personal data of EU individuals.
Organisations of all sizes, across all industries, and geographies that process personal data of EU residents need to take steps now to comply with the new EU General Data Protection Regulation by 2018, to satisfy management fiduciary duties
and avoid potentially costly penalties.”
This document discusses key financial regulations and trends, and how technology can help financial institutions comply with regulatory reporting requirements. It outlines several major regulations including FATCA, Dodd Frank Act, Basel III, FINRA, AML, KYC, and MiFID. For each regulation, it provides high-level details on requirements and highlights. It also discusses challenges of regulatory compliance and how technology can help with tasks like data management, analytics, reporting automation and process consolidation to improve regulatory reporting.
ACI Universal Payments for a Real-Time Payments Hub - product flyer - USDomenico Scaffidi
In a deliberate attempt to shake up the banking industry, the EU's revised Directive on Payment Services (PSD2) came into force in January 2016. PSD2 requires financial institutions across the EU to provide open access to regulated third party providers through application programming interfaces (APIs) in order to comply with the initiative. While compliance will require significant investments of time and money, those institutions that view PSD2 as a business opportunity and quickly capitalize on its new rules through open APIs can turn their compliance efforts into long term profit engines by attracting partners, innovating new services, and re-intermediating customer relationships. However, implementing open APIs presents cultural and technical challenges for banks with legacy systems not designed for real
The document discusses the rise of cloud computing in healthcare and financial services industries in India. It highlights that while cloud adoption is increasing in these industries due to benefits like scalability, there are still concerns around data security and privacy due to the sensitive nature of data handled. The document notes that cloud services are maturing and addressing security needs, with governments also increasing trust in cloud. It analyzes trends in cloud computing adoption in India and recommends approaches to formulate laws and regulations governing data protection and privacy in the cloud context.
Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docxjeanettehully
Running Head: THE IMPACT OF GDPR ON GLOBAL IT POLICIES 1
THE IMPACT OF GDPR ON GLOBAL IT POLICIES 3
THE IMPACT OF GDPR ON GLOBAL IT POLICIES
Abstract
The General Regulation of the EU on Data Protection (GDPR) provides essential safeguards in the field of privacy, which offer new challenges and potential opportunities for organizations worldwide. However, worldwide organizations must make GDPR compliance changes to minimize GDPR liability. This editorial preface discusses the benefits and threats of the effect of GDPR on global technology growth. We also speak about how China and the US, the two world economic giants, could respond more effectively to GDPR threats and possibilities.
Introduction
The GDPR, which became law on May 25, 2018, is a data protection law that establishes rules on the collection, storage, and management of data of persons living in the European Union (EU, 2016). This legislation applies to all individuals residing in the EU. To satisfy the new demands on privacy raised by digital technology advancement, the new law increases EU data protection. Although the GDPR also covers EU citizens, it has a global impact that impacts every EU business entity that provides services or keeps data regarding EU nationals, which are personally identifiable.
GDPR offers users with a broad degree of control to be overlooked, including the right to withdraw permission. In the same period, the information controllers and processors, including data protection, are required to record all their processing activities by the layout and by necessity. GDPR notes that businesses must seek the customer's permission for data collection and ' implementing successful technological and functional measures ' to protect personal data for EU citizens. (Kaushik et al. 2018).
In May 2018, the European Union adopted a General Data Protection Regulation, which drew a specific conclusion regarding the worlds most detailed and common law on data security, with substantial and unexpected consequences on multinationals. In the months before it began, both inside and outside of Europe, businesses failed to adhere. However, as many as 80% of the firms concerned were still short of this goal on the eve of enforcement.
A year on, businesses continue to work to achieve full conformity with their newly founded regulations. The government will be more confident. Data processing and the processing of complaints in most European countries have doubled, although businesses of all sizes develop violations and associated penalties practices and processes.
The non-conformity to GDPR was held accountable by organizations that process data belonging to EU citizens. GDPR offers a new obstacle, as well as potentially stricter security measures, protocols, and procedures to protect, handle and maintain your data and ensure compliance with GDPR, technology firms, and providers of cloud services, data centers, and advertisers. Afterward, we were probably subjected to s ...
ICC has set out five recommendations to modernize the regulatory and competition framework that would provide protection for consumers while fostering competition, investment and innovation.
The document provides a summary of the key aspects of the General Data Protection Regulation (GDPR) in 3 pages. It discusses the basic principles of GDPR, how it may impact technology systems, and software tools that can help with compliance. Some of the main topics covered include the definition of personal and sensitive data, data subject rights, privacy by design, security requirements, and obligations for controllers and processors. The summary emphasizes the need for businesses to review their data protection practices and ensure they are prepared to comply with GDPR requirements that take effect in May 2018.
Similar to Embracing Digital Convergence amid Regulatory-Driven Overhauls (20)
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Cognizant
Organizations rely on analytics to make intelligent decisions and improve business performance, which sometimes requires reproducing business processes from a legacy application to a digital-native state to reduce the functional, technical and operational debts. Adaptive Scrum can reduce the complexity of the reproduction process iteratively as well as provide transparency in data analytics porojects.
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingCognizant
The document discusses how most companies are not fully leveraging artificial intelligence (AI) and data for decision-making. It finds that only 20% of companies are "leaders" in using AI for decisions, while the remaining 80% are stuck in a "vicious cycle" of not understanding AI's potential, having low trust in AI, and limited adoption. Leaders use more sophisticated verification of AI decisions and a wider range of AI technologies beyond chatbots. The document provides recommendations for breaking the vicious cycle, including appointing AI champions, starting with specific high-impact decisions, and institutionalizing continuous learning about AI advances.
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesCognizant
Experience is becoming a key strategy for technology companies as they shift to cloud-based subscription models. This requires building an "experience ecosystem" that breaks down silos and involves partners. Building such an ecosystem involves adopting a cross-functional approach to experience, making experience data-driven to generate insights, and creating platforms to enable connected selling between companies and partners.
Intuition is not a mystery but rather a mechanistic process based on accumulated experience. Leading businesses are engineering intuition into their organizations by harnessing machine learning software, massive cloud processing power, huge amounts of data, and design thinking in experiences. This allows them to anticipate and act with speed and insight, improving decision making through data-driven insights and acting as if on intuition.
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...Cognizant
The T&L industry appears poised to accelerate its long-overdue modernization drive, as the pandemic spurs an increased need for agility and resilience, according to our study.
Enhancing Desirability: Five Considerations for Winning Digital InitiativesCognizant
To be a modern digital business in the post-COVID era, organizations must be fanatical about the experiences they deliver to an increasingly savvy and expectant user community. Getting there requires a mastery of human-design thinking, compelling user interface and interaction design, and a focus on functional and nonfunctional capabilities that drive business differentiation and results.
The Work Ahead in Manufacturing: Fulfilling the Agility MandateCognizant
Manufacturers are ahead of other industries in IoT deployments but lag in investments in analytics and AI needed to maximize IoT's benefits. While many have IoT pilots, few have implemented machine learning at scale to analyze sensor data and optimize processes. To fully digitize manufacturing, investments in automation, analytics, and AI must increase from the current 5.5% of revenue to over 11% to integrate IT, OT, and PT across the value chain.
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...Cognizant
Higher-ed institutions expect pandemic-driven disruption to continue, especially as hyperconnectivity, analytics and AI drive personalized education models over the lifetime of the learner, according to our recent research.
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Cognizant
The document discusses potential future states for the claims organization of Australian general insurers. It notes that gradual changes like increasing climate volatility, new technologies, and changing customer demographics will reshape the insurance industry and claims processes. Five potential end states for claims organizations are described: 1) traditional claims will demand faster processing; 2) a larger percentage of claims will come from new digital risks; 3) claims processes may become "Uberized" through partnerships; 4) claims organizations will face challenges in risk management propositions; 5) humans and machines will work together to adjudicate claims using large data and computing power. The document argues that insurers must transform claims through digital technologies to concurrently improve customer experience, operational effectiveness, and efficiencies
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Cognizant
Amid constant change, industry leaders need an upgraded IT infrastructure capable of adapting to audience expectations while proactively anticipating ever-evolving business requirements.
Green Rush: The Economic Imperative for SustainabilityCognizant
Green business is good business, according to our recent research, whether for companies monetizing tech tools used for sustainability or for those that see the impact of these initiatives on business goals.
Policy Administration Modernization: Four Paths for InsurersCognizant
The pivot to digital is fraught with numerous obstacles but with proper planning and execution, legacy carriers can update their core systems and keep pace with the competition, while proactively addressing customer needs.
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalCognizant
Utilities are starting to adopt digital technologies to eliminate slow processes, elevate customer experience and boost sustainability, according to our recent study.
AI in Media & Entertainment: Starting the Journey to ValueCognizant
Up to now, the global media & entertainment industry (M&E) has been lagging most other sectors in its adoption of artificial intelligence (AI). But our research shows that M&E companies are set to close the gap over the coming three years, as they ramp up their investments in AI and reap rising returns. The first steps? Getting a firm grip on data – the foundation of any successful AI strategy – and balancing technology spend with investments in AI skills.
Operations Workforce Management: A Data-Informed, Digital-First ApproachCognizant
As #WorkFromAnywhere becomes the rule rather than the exception, organizations face an important question: How can they increase their digital quotient to engage and enable a remote operations workforce to work collaboratively to deliver onclient requirements and contractual commitments?
Five Priorities for Quality Engineering When Taking Banking to the CloudCognizant
As banks move to cloud-based banking platforms for lower costs and greater agility, they must seamlessly integrate technologies and workflows while ensuring security, performance and an enhanced user experience. Here are five ways cloud-focused quality assurance helps banks maximize the benefits.
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedCognizant
Changing market dynamics are propelling Asia-Pacific businesses to take a highly disciplined and focused approach to ensuring that their AI initiatives rapidly scale and quickly generate heightened business impact.
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...Cognizant
Intelligent automation continues to be a top driver of the future of work, according to our recent study. To reap the full advantages, businesses need to move from isolated to widespread deployment.
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
Embracing Digital Convergence amid Regulatory-Driven Overhauls
1. Embracing Digital
Convergence amid
Regulatory-Driven
Overhauls
With the deadline for the
EU’s General Data Protection
Regulation (GDPR) fast
approaching, and other
incoming regulations on the
horizon, banks and other
financial services institutions
should use their regulatory and
digital programs to drive a step-
change in value across their
ecosystems.
Cognizant 20-20 Insights | February 2018
COGNIZANT 20-20 INSIGHTS
3. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 3
EXECUTIVE SUMMARY
By any measure, the EU’s General Data Protec-
tion Regulation (GDPR) is a ground-breaking
piece of legislation with profound implications
for companies worldwide. It applies globally,
affecting any organisation that interacts with
the data of an EU resident. These pervasive
implications mean GDPR impacts internal and
external stakeholders and requires actions
across people, process and platform (both data
and technology).
But is targeting GDPR compliance enough on its
own? We believe the answer is no. Put simply,
GDPR demands not just regulatory compliance,
but strategic organisational change. Therefore,
financial institutions (FIs) should approach
GDPR not as a stand-alone compliance issue,
but as a change that creates major opportuni-
ties to generate higher value through the smart
use of digital technologies and thinking.
In 2018 alone, the second Payments Services
Directive (PSD2), Markets in Financial Instru-
ments Directive 2 (MiFID II), upcoming European
Commission’s proposed e-privacy law and revi-
sions to UK’s Open Banking agenda are all
set to revolutionise the industry’s journey to
enactment.
Approaching any of these regulations in iso-
lation risks missing out on their areas of
commonality. The main theme that links and
aligns them is the need to apply a range of
digital technologies in smart and integrated
ways. So what we’re seeing is two forms of
convergence: regulatory convergence, as new
regulations coalesce in terms of impact and
imperatives; and digital convergence, as banks
and financial services organisations combine
new technologies – artificial intelligence (AI),
machine learning (ML), blockchain, robotic
process automation (RPA) and more – both to
protect customers more effectively, and also to
transform their own organisations to be leaner,
more effective and more efficient. (To learn
more about digital strategy at banks, read our
white paper, “How Digital 2.0 Is Driving Bank-
ing’s Next Wave of Change.”)
The message, therefore, is clear: The optimal
way to approach these imminent rules is as
an interlinked array of new regulations, and
then respond through digital convergence that
creates higher business and regulatory value.
Organisations that approach digital, regulatory
and technological convergence appropriately
(see our six-step approach in the sidebar, next
page) will simultaneously build compliance
and customer trust, and thrive in the modern
digital age.
It is a one-time golden opportunity to accel-
erate and escalate the creation of business
value through digital. This white paper further
enumerates how this can be realised and max-
imised.
Cognizant 20-20 Insights
4. Cognizant 20-20 Insights
GDPR’S KEY MILESTONES &
IMPACTS ON BANKING AND
FINANCIAL SERVICES
The first step for responding properly to GDPR
is to understand the regulation itself, the scale
and nature of its impacts and its interrelationship
with other regulatory changes. Equipped with
these insights, FIs can ensure not only that they
are GDPR-compliant, but that their operating
model is future-proofed for an increasingly open
and digitally-enabled market ecosystem.
GDPR aims to unify and strengthen data pro-
tection and privacy for all individuals in the
European Union (EU). Its goals include giving
citizens and residents greater control over their
personal data and creating a single region-wide
regulatory framework. Figure 1 (next page) shows
our proven methodology for addressing all of
these impacts in a single program.
The changes required by GDPR can be catego-
rised into the following main areas:
• Appoint a data protection office (DPO)
and set up a robust governance process.
A DPO must be appointed to advise the data
controller/processor and employees, moni-
tor regulatory impacts and compliance, and
act as the contact point for the supervisory
authority.
• Transparently demonstrate consent and
honor erasure. Firms must have a single view
of the customer, review existing personal data
consent agreements, obtain explicit consent
for data collection, and provide for sharing,
rectification or erasure of data on request.
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 4
Quick Take
A Six-Step Approach to Linking
Regulatory and Digital Convergence
1. Conduct a business impact assessment of forthcoming regulatory
changes.
2. Clarify the changes required to deliver the firm’s digital vision.
3. Merge the set of requirements to deliver both goals in line with
customer-centricity.
4. Conduct a gap analysis of the ‘as-is’ IT estate against the target to-be
state, for greater clarity and simpler data governance.
5. Plan a roadmap for the digital transformation program.
6. Launch an implementation program for completion within the regulatory
deadlines.
5. The post-GDPR environment will also bring a number
of important benefits – for example, greater clarity and
simplicity to data governance, a single lead authority and a
one-stop shop for reporting. And the unified customer view
required by GDPR will help to improve customer-centricity.
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 5
• Introduce new categories of personal data.
The regulation introduces new categories of
personal data such as IP address and social
and mental state. It is imperative that organi-
sations understand their own use of personal
data maps.
• Enable data subjects to exercise rights.
Under EU rules, data subjects have the right
to file a subject access request (SAR) and
obtain from the data controller a copy of their
personal data, together with an explanation of
the categories of data processed. Therefore,
controllers must ensure third-party proces-
sors are subject to adequate contractual
agreements, and must approve any changes
in protocol made by processors.
• Lay out a process for incident/breach
handling. Breaches must be reported within
72 hours, and the regulator requires bian-
nual compliance effectiveness audits and
comprehensive record-keeping. Compliance
management must be active rather than pas-
sive.
The post-GDPR environment will also bring a
number of important benefits – for example,
greater clarity and simplicity to data governance,
Cognizant’s GDPR Methodology
Assessments/
Deep Dives
Journey Mapping
Data Analysis
Delivery
Mobilisation,
Execution
Oversight
Organisational
Design Covering
People
Processes
Tools
Accelerators
Technology
Enablement
GDPR Assistance Services
Data Architecture
Data Management
Security
Legitimacy
Rights
Governance Oversight
We are currently working with clients across
various stages of GDPR implementation.
We are on our own compliance journey,
applying the changes required for GDPR
through a digital lens.
People
Governance
Oversight
Process
Consent Rights
Data
Data Management
Security
Technology
Data Architecture
GDPR
Readiness
Framework
DataQualityAssurance
Metadata
Management
Incident
Management
Policies
Standards
Consent
Objection
Erasure
Portability Rectification
Restriction
Access
Management,
CommitmentandEducation
Automated
Decision-Making
InformationStrategyApproach
Processand
Controls
Master Data
Management
Content
Management
Integration
Architecture
Data
Transfer
Security
Legal
Risk Management
Organisational
Governance
Performance
Management
Lifecycle
Management
Figure 1
Cognizant 20-20 Insights
6. The common thrust of all these
regulations is to enable better, safer, more
efficient and more open use of digital
technologies and data.
Cognizant 20-20 Insights
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 6
a single lead authority and a one-stop shop
for reporting. And the unified customer view
required by GDPR will help to improve customer-
centricity.
Yes, There Are Overlaps
GDPR’s obligations and opportunities are influ-
enced and overlapped by several other current
or forthcoming regulatory initiatives. Foremost
among these is PSD2, which is set to revamp
Europe’s payments landscape by requiring
banks to allow third parties to access their
customers’ account information through appli-
cation programming interfaces (APIs).
Other incoming regulations include Open Bank-
ing – which introduces open API standards for
UK banking – and the New Payment Architec-
ture (NPA) in the UK, which will use the Bank of
England’s Real Time Gross Settlement (RTGS)
service for net settlement of payments. Mean-
while, the e-IDAS has been enacted and MiFID
II – the EU’s revised Markets in Financial Instru-
ments Directive – launched on 3rd
January 2018.
And the EU has also released a draft towards a
new e-Privacy Directive.
The common thrust of all these regulations is
to enable better, safer, more efficient and more
open use of digital technologies and data. It fol-
lows that an approach based on just one aspect
of the evolving regulatory environment is not
enough. While important, GDPR is just one new
regulation among many – and firms need to be
cognizant of that.
DIGITAL CONVERGENCE:
COMPLETING THE JIGSAW
Just as a number of regulatory initiatives are
converging to create a new supervisory and
compliance environment for FIs, several strands
of technology innovation are converging to
advance digital enablement. The good news is
that by harnessing these complementary tech-
nologies to drive digital transformation of their
organisations, firms across the industry can
simultaneously achieve better regulatory compli-
ance and higher business value.
The evolving technologies can be divided into two
main groups – the first comprising robotic process
automation (RPA) and narrow AI like chatbots,1
and the second consisting of advanced AI (e.g.,
machine learning). Alongside these, blockchain
is emerging as a transformational technology,
heralding a revolution in how companies and
individuals interact and conduct transactions.
(See the full array of blockchain white papers on
our website.)
• Use of RPA and AI is growing across the
financial services, driven by a rising tide
of innovation both by fintechs and also
incumbent institutions. (By way of context,
multipurpose industrial robot shipments in
China – an automated manufacturing power-
house – are projected to hit 150,000 this year,
up fourfold from 2013.2
) As in other indus-
tries, banks and financial services firms are
harnessing the exponential growth in data
to power advanced AI-enabled automation,
in order to augment human capabilities and
create smarter, more productive and more
effective processes at lower cost.
7. By positioning regulations and compliance as
an input to digital convergence rather than an
output of legacy processes, and harnessing the
power of emerging technologies to optimise
this convergence across the organisation,
firms can turn regulation from a cost burden
into a positive driver of business value.
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 7
While many of these innovations began with a
primary focus on cost-efficiency, the benefits
in terms of regulatory compliance are now also
becoming increasingly evident. In the face of
regulators’ growing demand for fast, compre-
hensive and accurate reporting, robotics and
AI enable financial services firms to respond
without large investments or heavy manual
processing. (For more, read our blog on the
topic, “How Banks Can Use AI to Reduce the
Regulatory Compliance Burdens.”)
• Use of machine learning and chatbots is
expanding to provide enhanced and more
personalised customer experiences at scale.
These technologies, also known as smart
virtual personal assistants (SVPAs), learn pro-
actively from every human interaction, and
are increasingly able to respond appropriately
to customers’ subtle – and even subconscious
– emotional signals and nuances.
Usage of RPA can potentially enable banks to
achieve better quality and efficiency. More-
over, a key driver will be the expansion of
chatbots beyond their initial consumer appli-
cations and into enterprise and employee
collaboration, yielding corresponding gains in
efficiency, effectiveness and compliance.
• Meanwhile, blockchain, the smart, decen-
tralised, trusted and highly-encrypted way
of transacting and interacting, is poised
to power the next disruptive wave of dig-
ital business. FIs have grasped the scale of
the impending change blockchain is poised to
unleash. In our recent research study of 1,520
executives representing 578 financial services
firms, 91% of respondents said they believe
blockchain will be either critical or important
to their firm’s future, while 48% said it will
fundamentally transform the industry.3
Digital Convergence: Amplifying the
Business Benefits …
While these strands of digital innovation may
have originated as distinct areas of technological
evolution, their real power in banking and finan-
cial services lies in combining and integrating
them to transform what the industry does and
how it does it. The fact that these technologies
are also pivotal to meeting the challenges and
opportunities of GDPR and other regulations
means the business case for leveraging them to
drive enterprise-wide digital transformation is
not just compelling, but unanswerable.
… While Reducing Time to Market…
Figure 2 (next page) illustrates how we see these
technologies coming together. By positioning
regulations and compliance as an input to digi-
Cognizant 20-20 Insights
8. Cognizant 20-20 Insights
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 8
tal convergence rather than an output of legacy
processes, and harnessing the power of emerg-
ing technologies to optimise this convergence
across the organisation, firms can turn regula-
tion from a cost burden into a positive driver of
business value. Additional value is increased still
further by the impact of digital convergence on
speed to market for new products and services
(e.g., by using tools that enable the business and
technology estate to more effectively collab-
orate), as well as on other key aspects ranging
from customer experience and loyalty to inter-
nal collaboration, productivity and employee
engagement.
… And Embedding Digital
as a Way of Life
In this way, firms can reap the maximum busi-
ness benefits from GDPR while remaining fully
customer-focused and -centric, and delivering a
seamless end-user experience that will keep cus-
tomers loyal and satisfied. But that’s not all. At a
higher level, firms that achieve this will be able to
fully embrace the new reality of “digital as a way
of life” that increasingly pervades the global cus-
tomer and business ecosystem, from individual
consumers to the biggest multinationals.
How Digital Convergence Enables Regulatory Compliance and
Generates Business Value
Business
Benefits
Robotics
AI
Machine
Learning
Chatbots
Blockchain
Strategies for
Data Analytics
Self-Learning
Predictive Models
Synergies
Seamless Ledger
Payment Processing
Digital
Convergence
Regulations
Compliance
Figure 2
9. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 9
A ROADMAP FOR THE FUTURE
Our distinctive point of view on the linkage
between digital and regulatory convergence
has resulted in a unique framework – one that
can help FIs shape more effective regulatory
strategies while delivering digital at scale. It is
based around the three key dimensions of time
to market, compliance and business value (see
Figure 3).
The Six-Step Approach
We believe FIs should unify and address the CxO
agendas for delivering digital at scale in conjunc-
tion with regulatory and compliance agendas by
institutionalising the six steps outlined on page 4.
This is a great mechanism to drive a step change
in value across their ecosystems.
1. Undertake a business impact assessment
across the whole range of current and forth-
coming regulatory changes, by aligning with the
organisation’s mission and vision.
2. Overlay this assessment with the changes
required by the firm’s digital transformation,
with a view to enhance time to market while
reducing costs.
3. Combine these sets of changes to estab-
lish a single set of organisational and system
requirements to deliver against both goals.
4. Assess the ‘as-is’ IT estate/organisation
against the target ‘to-be’ state, and conduct a
gap analysis for what’s needed both to comply
with regulations and boost organisational perfor-
mance.
5. Use the outputs from the gap analysis to
plan out a roadmap for the digital convergence.
6. Launch an implementation program timed
for completion within the deadlines set by the
regulations.
Value Maximisation: An Illustration
BusinessValue
Time to Market
With digital
convergence:
a journey redefined
Without digital convergence:
a typical journey
Gain in business
efficiency effectiveness,
lower time to market
and enhanced
customer experience
Regulatory and Compliance Initiatives
Figure 3
Cognizant 20-20 Insights
10. Cognizant 20-20 Insights
Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 10
FOOTNOTES
1 “The Expanding Role of Chatbots in Enterprise Collaboration,” Cognizant, July 2017, https://www.cognizant.com/whitepa-
pers/the-expanding-role-of-chatbots-in-enterprise-collaboration-codex2575.pdf.
2 https://www.strategyand.pwc.com/trends/2016-manufacturing-trends
3 L. Varghese, F. McCraw, “Financial Services: Building Blockchain One Block at a Time,” https://www.cognizant.com/whitepa-
pers/financial-services-building-blockchain-one-block-at-a-time-codex2742.pdf.
Kapil Lodha
Consulting Director,
Cognizant UKI
Kapil Lodha is a Consulting Director with Cognizant UKI. He has
over 16 years of experience in banking and financial services,
with specialisation across digital, payments, regulations and
compliance. Kapil has worked on numerous large-scale transfor-
mational programs with tier-one banks and financial institutions
in UK/Europe. He holds M.B.A. and B.Tech. degrees and a certifi-
cation from Carnegie Mellon University. Kapil can be reached at
Kapil.Lodha@cognizant.com | Linkedin: www.linkedin.com/in/
kapil-lodha-628a31a1/.
ABOUT THE AUTHOR
11. Embracing the Digital Convergence Opportunity Amid Regulatory Overhauls | 11
Cognizant 20-20 Insights