5 new regulations you need to tackle in 2018


The regulatory compliance challenges you face are ever-increasing.

Regulations are updated and added to; whole new rafts of legislation are brought in.

2018 looks like being no exception. Here we explore five new regulations you will be facing in the coming year – and the action plans you need to comply.


Came into force: 1 January

We’re only in the middle of January and three new pieces of financial regulation have already come into force. The first of these, the Regulation on Key Information Documents for Packaged Retail and Insurance-based Investment Products (PRIIPs), came into force on New Year’s Day.

It aims to extend the standards of consumer protection introduced by MiFID II to insurance-based investment products.

To meet its demands, you need to have a good understanding of what PRIIPs regulation is and how to comply. One of its key requirements is the need to produce Key Information Documents on the investments you offer.

There are prescriptive rules around the format and content of these documents. Ensuring you comply means understanding the potential pitfalls in preparing your KIDs and making sure they are sufficiently user-friendly.


Came into force: 3 January

MiFID II also came into effect in the first week of the year. It introduces a range of new demands for financial services firms.

Although the FCA has indicated that it will be lenient towards firms that aren’t quite ready, with the enforcement date now passed, if you’re still not compliant, you need to prioritise meeting the requirements.

The rules expand the definition of financial promotions to include communications to professional clients as well as introducing a raft of other new requirements.

Our MiFID II checklist will help you to identify the changes that need to be made and keep track of the actions you take.


Came into force: 13 January

PSD2 (the Revised Payment Service Directive) enables customers, both consumers and businesses, to use third-party providers (like Facebook or Google) to manage their finances, while retaining their existing bank accounts.

Under the new rules, banks will be obligated to give these third-party providers access to their customers’ accounts. This has the potential to transform competition; as a bank, you’re no longer competing just with other banks, but with any firm that offers financial services.

Although the PSD2 implementing legislation came into force last week, the Regulatory Technical Standards (RTS) that prescribe the safety and security requirements for the new regulation are not in place – and according to a speech given by the FCA in November are unlikely to be finalised until mid-2019.

In the transitional period while we wait for these standards to come into formal effect, the regulator will ‘expect firms to ensure that customers receive clear and consistent messages on open banking, and access to online accounts’.

Read tips on how to improve your customer communications and produce communications that achieve the FCA’s desired consumer outcomes.

Insurance Distribution Directive

Comes into force: 1 October (proposed)

The IDD concerns the distribution of insurance and reinsurance, and also applies to firms that help with the administration and performance of insurance contracts post-sale.

It’s designed to create a level playing field for all those involved in the sale of insurance products, and introduces enhanced requirements around information and conduct of business.

The regulation was due to come into force on 23 February, but at the end of December, the European Commission announced a proposal to push back the application date by seven months to 1 October. This follows requests from the European Parliament and Member States for a postponement.

While Member States (including the UK) will still be required to transpose the IDD into national law by the original date, 23 February 2018, the proposals recommend that firms are not required to comply until 1 October 2018.

This will be confirmed as soon as possible by the European Parliament and Council, which need to agree and confirm the new application date via an accelerated legislative procedure.

One of the IDD’s key requirements is the need to produce the new Insurance Product Information Document (IPID).

The IPID is designed to give customers information in a standardised format, to enable them to make an informed decision about a non-life insurance product before they buy it.

The manufacturer of the insurance product is responsible for producing the IPID, and there are some very prescriptive rules around its format and what it should include. These are summarised in our blog on What is the IDD and how can insurance firms comply.

Automating some of your processes can help with IPID production and IDD compliance; read more in The new IDD – how can automation help you comply?


Comes into force: 25 May

How will the General Data Protection Regulation affect financial services?

The answer is ‘pretty comprehensively’!

We’ve already looked in some detail at the new regulation’s implications in blogs on How to separate GDPR myths from reality, and GDPR compliance – do you know everything you need to?

With a recent article asking if GDPR will be a bigger compliance challenge than MiFID II, firms shouldn’t underestimate the amount of work needed to comply.

Read our 10 things you need to know and do now about GDPR for a lowdown on the regulation and the steps you should be taking.

Stay one step ahead of 2018's new regulations

Another busy year is in store for financial services Compliance teams. Many firms are finding that automating their marketing and compliance processes helps them to tackle the growing regulatory challenges they face.

Automation saves firms time and money; reduces the risk of human error, minimising the chances of compliance breaches; and can automatically create the requisite audit trails for compliant record-keeping.

For more on the benefits of automation for Compliance teams, download our free whitepaper, The benefits of automated workflow systems. You can get your copy here.

Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.

New Call-to-action