RegTech Summit: securing information in the era of big data

Finance and tech professionals gathered in Luxembourg for the first edition of the RegTech Summit, which was organized on October 12th, at the Novotel Kirchberg. Through the presentations of local and international experts, the participants got the opportunity to learn about the latest trends of the fast-growing RegTech sector. Security, regulations and big data were notably on the agenda.

Source : IT One 2017-2018
Date de publication : 12/03/2018

Efficiently managing data in a secure environment

Teri Marlene Prince, CEO of Terida, a RegTech company located in Canada, travelled to Luxembourg to share her expertise and best practices. "A RegTech and innovation company can be led by a woman. What was the most challenging? When did I start my first company? Was it a RegTech from the start? What does RegTech actually mean?" she started. Teri created her first company in 1975, managing files for a law firm in Ontario, and it actually started the computerization of law firms. "We can find many definition of the word RegTech, the easiest one being the facilitation of compliance" added Mrs Prince, who defines Terida as a "cloud solution to assist business, governments and individuals to effectively secure data". According to her, the software was built to solve problems: "It was a RegTech from the start". Over the years, she worked with the World Bank, the State of Arizona, and many more, not only to collect finance data, but also to prevent natural disasters, illnesses, etc. She ended her presentation with a series of advice for entrepreneurs: "do the best with the cards you have been dealt, treat people the way you want to be treated, think about user interface, privacy. Be a solutions person rather than a sales person, never stop being a R&D company, never stop learning".

GDPR in the life insurance sector: constraints and opportunities

Eric Lippert, CIO of OneLife, started his presentation by sharing numbers about the upcoming GDPR regulation and the readiness of companies: "In October 2016, 97% of companies in Europe had no strategy about how to deal with GDPR. 23% expect sanctions as they won't be ready. And more than 50% admitted they won't be fully compliant". Yet, Eric Lippert thinks Luxembourg is in a good place and has a strong advantage compared to other countries in Europe, mainly because of the banking and insurance secrecy, and the presence of authorities such as the CSSF and CNPD. "We have been dealing with data privacy for years" he added. He then listed several differences with the current privacy policies: in case of a data breach, companies will have 72h to provide the NPA with all the documentation, the fine will go up to 20m€ or 4% of the turnover, etc. "It will have huge consequences for the companies who do not respect those new GDPR rules" explained Mr. Lippert. Another impact aspect of the new European regulation will be the consent: as a matter of fact, the formal consent of the customer will be needed in order for companies to use the data. They will also have to be able to prove and provide it at any time. Finally, the right to be forgotten changes the game, with the customer now able to ask the insurer to delete all their data, and so does the portability of the data: insurers will have to facilitate the transfer of data if the clients request it. "The major constraint will actually be administrative, with the formalization of the new rules. Therefore, we will have to appoint a Data Protection Officer and opt for annual audits of process and rules in order to make sure you continue to compliant. Eric Lippert concluded his presentation on a more positive note, highlighting that GDPR will also give new opportunities for life insurance companies: they will be able to take control of their own compliance, build a stronger client trust, work on the quality of their data, enhance their digital marketing. "There is also a huge opportunity in Europe for centralized KYC".

From Big Data to predictions

The morning session ended with a presentation entitled "The Deep Side of Privacy, Law and Compliance", given by Dr. Jorge Sanz, Director of Finance Innovation Technology and Systems Centre, which was created early this year in June, by the Luxembourg Institute of Science and Technology (LIST). "The country has most of the GPD in Finance, yet, it had now center for institutional research. We are growing fast and working a lot on industrial research with the goal of delivering value, rather than being an academic group" started Dr. Sanz, who continued: " Privacy law, including informational privacy, have always been closely connected to technology. Nowadays, the 'Deep Side' is created by the advent of Big Data and Analytics; and the main turmoil is coming…" he added. He then focused on the fact that the tensions across jurisdictions in the control of privacy rights is explained by the complex, nature of (big) data collection, processing and storage. "Big Data brings more challenges for privacy law and enforcement" underlined Dr. Sanz before sharing examples of data and information published on social media websites such as Facebook which often end up in predictions. These actually occur without the knowledge – and consent – of the people. "The resulting turmoil is already affecting all regions and countries in the world. In addition, it is very likely that there will be increased conflict and more need for appropriate legislation when this behavior on the part of service providers becomes widely known" he concluded.

Alexandre Keilmann