Since the 2008 financial crisis, increasing regulation and digital disruption for banking and the financial services sector has become the norm; an everyday challenge. An increased awareness of the value of data by both business and consumer has changed the data landscape. Read on to find out more about the three key regulatory changes: GDPR, CMA Open Banking, PSD2, and what they mean for you.


Let’s kick this off with the key regulatory player in 2018. EU legislation, The General Data Protection Regulation (GDPR), comes into force in 25th May 2018. GDPR introduces tougher fines for non-compliance and breaches regarding data. Key parts of the GDPR legislation include a customer’s ‘right to be forgotten’, regular data protection audits, and implementation of company-wide mandatory data breach notifications.

What does this mean for businesses? Controllers and processors of data of all types, shapes, and sizes must abide by the GDPR or face prosecution. If data is involved, GDPR is in play. This will heavily impact any organisation in terms of policy, infrastructure, and even the creation of new roles to manage the transition into the new GDPR world.

What does this mean for customers? More control over your data, pure and simple.  

CMA Open Banking

Open banking is the biggest disruptor in the 2018 UK banking sector. Launched on 13th January 2018, the Competition and Markets Authority (CMA) requires the nine largest UK current account providers in the UK to implement Open Banking. Open Banking is executed by adopting and maintaining common Application Programming Interface (API) standards, through which current account providers share data with other providers and third parties. This enables these third parties to utilise consumer data to provide related services.

What this means for businesses? Disrupting the current marketplace results in new entrants and increased competition. This also means an increased workload for the nine major banks as they must provide objective information on quality of service such as ‘prompts’. These will remind customers to review whether they are getting the best value and switch providers if not.

What does this mean for customers? Increased control over data and a better insight into the deals available. With new entrants in the market, customers can utilise smaller, third-party products which previously weren’t compatible. For instance, a consumer can now manage their bank accounts with multiple providers through a single digital ‘app’.


Second Payment Services Directive (PSD2), designed by the EU, will end the bank’s monopoly on user’s data. Summarily to open banking, PSD2 requires all EU payment account providers to provide third party access, enabling bank customers to use third-party providers to manage their finances. Like open banking, this increases competition in the marketplace and allows for new entrants.

What this means for businesses? Significant challenges for businesses in terms of internal costs, such as IT, which are expected to increase due to new security requirements. Institutions wanting to act as payment providers must be also authorised do to so.  

What does this mean for customers? Consumers will receive enhanced protection from fraud and cyber-crime with increased security measures, including strong consumer authentication for electronic payments. Account information sharing means that all information is stored in one place and can be accessed by third party providers. Additionally, payment options are increased allowing the consumer to pay a merchant directly from their bank account.

Regulatory results

These regulations and resulting digital disruptions pose opportunities and threats to both businesses and customers. Recurring themes are the opening-up of the financial services marketplace, growth in competition, and an increase in consumer power over their own data.

It is important to note that these regulatory changes aren’t taking place in isolation:

PSD2 is the regulation paving the way for Open banking, whilst GDPR is the regulation in place to ensure that customers are in control of their own data and information.

2018 is off to a strong start in the financial services sector in which Business Data Partners has extensive experience. BDP have a strong history of operating in regulatory environments, if you’d like to learn more about our capabilities, get in touch here.

By continuing to use the site, you agree to the use of cookies. More Information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.