Commentary

During the 13th National People's Congress (NPC), Chinese Premier Li Keqiang presented the government work report. Whilst the market read the new growth target (6-6.5%) rather negatively, Premier Li Keqiang was very transparent about the difficulties in reaching this target and the fiscal and monetary expansion which will be needed to achieve them. Whilst a lot has been written about tax cuts as well as lowering the still high reserve requirement ratio (RRR), less has been commented on how banks will be affected by the measures announced during the NPC. Li Keqiang made a number of specific announcements on this front. a) lower funding costs for small-and-micro enterprises (SMEs); b) 30% growth in state-owned commercial banks’ lending to SMEs from negative growth in 2018; and c) extending the maturity of loans, especially for manufacturing firms.

Asia is not only the largest single market in terms of consumer payment value but is also home to the largest share of the world’s unbanked population. Rising smartphone and internet penetration have enabled many to gain access to financial services that were previously limited to mainstream financial institutions. Consumer uptake of mobile payments has been driven by the providers’ ability to value-add by addressing the local markets’ pain points. The value that mobile wallets bring to consumers revolves around the ability to transact with a peace of mind, accessibility to lifestyle services and integrated loyalty platform.

Along with my colleagues Mark Goodridge and Mulya Chandra from Morgan Stanley’s ASEAN equity research department, I have been writing about the potential disruption to ASEAN banks from new payments technologies for much of the last year. We believe it is one of the key structural themes for equity investors in banks to understand as they think about future earnings and dividend streams.

Capital market participants and market infrastructure providers around the world are working to assess and apply emerging technologies. The results of the Celent Global Exchange CIO Survey released in July 2018 found that a high level of respondents were tackling emerging technologies. More than 70% of respondents said that they were already using or working on pilots when it came to cloud, artificial intelligence, robotic process automation, and blockchain technologies.

It is no secret that the private banking industry in Asia is facing revenue pressure on multiple fronts, with margin compression and revenue erosion becoming the new normal. There are a few key developments driving this pressure, including:

For private banks and wealth managers, investment suitability is a hot regulatory topic and should be at the heart of front-office digitisation efforts. Increasingly, supervisors are expecting private banks and wealth managers to strive for good customer outcomes and demonstrate that their decision-making processes are centred on an understanding of customer needs. 

Asia’s Environmental, Social and Governance (ESG) financing scene is gaining traction against the backdrop of supportive government policies such as tax incentives and growing stakeholder pressure for responsible financing. The S$1.2b green loan raised by Singapore-based Frasers Property is the latest in a series of green loan deals in the region.

Security measures and user protection From a systems perspective, open APIs mean that a new communications path is being established to link the information systems of financial institutions with the outside world. This brings new risks including data leaks, data fraud, and illicit transactions. There is also the possibility that data relating to user account information and settlement instructions will be exposed to the risks of leaks, tampering, and fraud via handling by TPPs.

Ever since the General Data Protection Regulation (GDPR) came into force on 25th May 2018, data privacy laws in the European Union (EU) have undergone a quantum jump. Under the new rules, organizations across industries are now accountable for protection of personal data of customers and employees.GDPR empowers the customer and puts them in control of their personal information. It applies to all EU citizens and EU organizations. It also encompasses institutions outside the EU serving individuals within the EU.When it comes to banks and financial entities, clients’ data go through various levels during customer onboarding, accounting, relationship management and other banking processes. At each of these stages, sensitive data is handled by numerous people and computing systems. This necessitates a structured plan to safeguard customer data against possible breaches. Hence, the GDPR.Today we are going to take a look at the challenges faced by financial institutions while implementing GDPR. But first, a few definitions. Data subject: A data subject is a customer or employee who shares their personal data with a bank. Data controller: A data controller is a bank or financial entity which collects, holds and manages the personal information of its clients and employees. Data processor: A data processor is an organization that processes and analyzes customer data. It can be a bank or a third party service provider.Now let us get to the challenges which are the excerpt from the webinar conducted by Payjo, a leading conversational AI banking software provider. Customer consent The first thing banks need to ensure under GDPR is customer consent. Personal data of clients have to be strictly processed under the 6 lawful bases enshrined in the GDPR. Personal data is anything that can be used to identify a client. Name, age, sex, email address, residential address, phone number, social security number and information shared on social media, all come within the ambit of personal data. Under the new regulations, it is now mandatory for data controllers to seek the customers’ consent before collecting their personal information. They also need to explain why they are gathering the said data and how they are going to use it. Sharing the data with a third party also requires approval, and customers can hold the data controller accountable for any unauthorized use of their data. In short, banks need to be fully prepared to lawfully handle customer data. Right to data erasure Under GDPR, data subjects can request data controllers to permanently erase and remove their personal data from their records without any external authorization. The data subject has full right to data erasure. The bank might retain some data for complying with other laws, but apart from that, the customer has the right to be forgotten. For this, data controllers need to overhaul their data management system to execute the new rules.Breach of data GDPR mandates every bank to employ a Data Protection Officer to ensure adherence to the new laws. In case of a data violation, the GDPR governing authority needs to be notified within 72 hours. The data controller has to furnish all the details of the breach including nature, extent and criticality. Impacted data subjects must also be intimated without undue delay. In this regard, financial institutions need to gear up and put in place an efficient data breach reporting system. A rethinking in their approach towards customer data is imperative. They need to redefine how they, and the service providers they outsource the processing to, handle customer data. Data sharing GDPR requires data controllers to take responsibility for data shared across platforms. Due to the nature of operations, banks often have to outsource to third party service providers jobs beyond their core competency, like human resources and IT. In doing so, a lot of sensitive data moves across borders and get exposed to external agencies. Under the new regulations, data controllers need to ensure the information is safe and ethically handled by data processors. In other words, GDPR imposes end-to-end accountability on banks for total protection of personal data.Privacy by design One of the pillars of GDPR is the ‘privacy by design’ tenet. It calls on data controllers to list all the possible risks to privacy before a project involving personal data commences. It also requires them to set up organizational and technical checks and balances to preempt violations and implement data protection rules. This is where Psudonymisation comes in. It is defined as ‘the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person’. To this end, data controllers need to revamp their data security measures to ensure GDPR compliance. 

With over $3.8b invested in Asia’s fintech ecosystem in 2017 and the emergence of a bouquet of services such as insurtech, Internet of Things (IoT) in wealth management, consumer-centric targeted services, amongst others, the region is well-poised to emerge as the leader of next generation fintech applications. Asia is also home to one of the largest peer-to-peer (P2P) lending, crowd funding, and e-commerce markets which complement its growing fintech base.

The bank branch as we know it, with tellers behind windows and bankers huddled in cubicles with desktop computers, needs reinvention. Most customers now carry a bank in their pockets in the form of a smartphone and only visit an actual branch to get advice or buy complex products. Across Asia, digital transactions are 1.6 to 5 times as frequent as branch transactions.

As the pace of global regulatory change increases, it is clear that the Inter-Bank Offered Rates (IBORs) of major currencies will evolve or that alternate nearly risk-free reference rates (ARRs) will soon be introduced. These changes will have an impact across a wide range of organisations, including banks, buy-side, sell-side and corporates. In this environment, organisations in Asia-Pacific with IBOR exposures should be taking active steps to understand the scale of the transition and the associated risks in order to prepare for the changes ahead.

Urbanisation, together with population growth, is expected to add another 2.5 billion people to urban areas around the world by 2050, according to a United Nations report launched earlier this year. The potential challenges this will bring will be far-reaching, particularly in Asia and Africa where nearly 90 percent of the increase is set to take place.

Returning to a global perspective, both US and European open API trends, as well as regulatory and market participant responses, are valuable reference points for Japanese market players looking for insight. While Japan was mulling advancements related to open APIs, we continued to find best practices in each industry including banking, insurance, securities, and wealth management in the pioneering European market and the US market. We also continued to offer strategic advice to financial institutions engaging in individual projects and technology vendors.

With HKMA and major Hong Kong banks increased their base lending rate on September 27, Hong Kong has finally embraced higher rates after twelve years of muted low rate environment. The abundant liquidity in Hong Kong and the seemingly decoupled rate cycle with the US has been the trending question in the market. Not only during the era of the global quantitative easing, rates in Hong Kong have stayed at an ultra-low level even after the FED started its hiking cycle. But the recent sudden appreciation of the HKD seems to be a wakeup call to carry trade participants.

Stirring beneath the Banking Royal Commission and amplified by the recent interest rate hikes is a sense of agitation amongst the Australian public that things can be better when it comes to banking in Australia.