House Issue 26, May 2017

WELCOME

…to the 26th edition of House. We are starting to see some real movement in Asia Pacific across all sectors and we anticipate a busy summer ahead. In Europe, the banking market seems quieter but with the election over with this week, we expect more firms to start hiring. Sectors of notable activity this month include asset management, consulting and data protection, with one of our client’s describing data privacy and protection as the ‘new compliance’...  

Regulatory teams are shrinking but hiring is up? 

US banks have dramatically reduced the size of their compliance teams, especially in high-cost locations. Citibank has moved a large proportion of their core compliance and AML functions to offshore locations in Kuala Lumpur, India and Belfast in Northern Ireland. This is a trend we have seen for some time now. As compliance becomes more business as usual than fire fighting or remediation.

Why then, does it appear that the regulatory sector is continuing to grow? We think this is two-fold; 

Whilst the hiring curve for banks may be heading down, other sectors are only just coming to the party. Corporates, asset managers, fintech, wealth managers, law firms and even not-for-profit organisations are increasingly being scrutinised by a new regime of accountability and conduct.

In addition, many banks and asset managers are looking to improve the quality, if not quantity, of their teams. Sometimes described as ‘top-grading’, new talent is introduced at the expense of an incumbent to improve the standards within a department. This is understandable where regulatory teams have increased dramatically in size, and the type of leaders or managers that started out in smaller teams do not always fit now.

Data Protection

China has just released an aggressive and far-reaching cybersecurity law aimed at protecting the world’s most valuable commodity; data. The EU General Data Protection Regulation (GDPR) becomes law in May 2018. Hong Kong and Singapore’s governments both have consultations out to specifically look at enhancing existing legislation. The advent of ‘big data’  has really thrust the regulation of information into the limelight. However, what makes a data protection officer? And when does data protection become information/cyber security and intersect with the law?

We have taken a look at the backgrounds of some ‘data protection officers’ at the largest banks and corporates and discovered that their backgrounds were really varied. Lawyers, regulators, technologists and auditors were the most common amongst the array and it's safe to say, there is no obvious source for data protection officers. A lot more work is to be done on how to successfully staff up these functions so they can provide the right sort of security. Cases such as the 'wanna cry' virus and data leakages at Octopus in Hong Kong and Yahoo in the US mean that these are going to be real risk management issues that boards will be looking at very closely.

It may well be, and it will be fascinating to see how firms staff up in this new and growing area.