In recent years, the number of regulations has skyrocketed across major industries worldwide. In the financial industry alone, over 50,000 pieces of legislation have come into force in the past decade – and more turbulence is expected to come. (Thomson Reuters Cost of Compliance 2019).

There is no doubt that regulation will continue to shape the business environment and cause many sleepless nights ahead, especially for those engaged in cross-border activities.

On our Regulatory Radar, we highlight important pieces of legislation that Apiax covers as part of its digital compliance toolkit, whether in wealth management, asset management, data protection or tax.

Complying with ever-changing regulations means adapting to dynamic market conditions. The broad scope of application along with rule ambiguity often trigger uncertainty across organisations.

In such a business environment, it is easy to overlook or misinterpret key topics and business-critical regulatory requirements. This is particularly true in a cross-border context with many overlapping, sometimes contradictory, rules and international standards.

Insufficient compliance measures, inconsistent application or action taken too late may all have devastating, long-term consequences – both monetarily and reputationally.

Why go digital?

Apiax’ technology enables entire organisations to better understand and comply with international regulation.

Apiax transforms paper-based legal opinions into digital compliance rules. These rules can be delivered ready-to-use, developed by recognised compliance experts. They can also be amended internally to reflect the organisation’s own risk appetite and code of conduct.

In either case, the digital format supports clarity and simple implementation of complex regulatory requirements. Automation also creates the ideal conditions for compliance by design.

Now that we have digitalised compliance knowledge,
it can take on various different forms.

Read the interview with Apiax’ Regulatory Engineer


The second Markets in Financial Instruments Directive (MiFID II) is a reinforced effort to standardise the levels of investor protection, transparency and supervisory powers across the European financial market. The ruleset governs the way in which financial instruments are being traded as well as the compliance measures placed on market participants.

Born out of the financial crisis in 2008, MiFID II aims to boost market confidence and promote competition between EU markets. Rolled out in 2018, the initiative reshapes European capital and generates commercial and operational knock-on effects for investment firms and wealth managers.

Common MiFID II implications include client categorisation requirements (e.g. professional client definition), client order handling requirements, pre and post trade transparency requirements as well as best execution frameworks.

With the broad scope of application and changes in market infrastructure, financial institutions struggle with complex and labour intensive adaptation, affecting multiple business units. For firms reliant on manual resources, complying with the new guidelines can be particularly challenging. Both large and small financial institutions are still relying on legacy systems that do not fully support all MiFID II implications and ultimately expose the organisations to risk.

Relevant and defined MiFID II requirements are part of Apiax’ compliance rules, designed to support wealth managers and asset managers. Delivered digitally and alongside other industry-relevant regulation, MiFID II rules can be integrated into the internal workflow (to support implementation of compliance by design) or be accessed through user-friendly applications for a 360 degree view of the regulatory requirements.

Related use case: Compliant Investment Advice and Asset Management Framework

FinSA and FinIA

The Financial Services Act (FinSA, FIDLEG (German), LSFin (French)) and Financial Institutions Act (FinIA, FINIG (German), LEFin (French)), are both part of the Swiss financial market architecture. Together, the directives bring a new set of investor protection requirements to Swiss financial services providers that better reflect the local circumstances.

FinSA is based on important EU directives (such as MiFID II, Prospectus Directive and PRIIPs) and concerns the offering of financial services and distribution of financial instruments. By law, providers of financial services are required to provide retail clients and professional clients with sufficient explanations and advice to help make informed investment decisions.

FinIA relates to the authorisation conditions and supervisory regimes for portfolio managers, managers of collective assets, fund management companies and securities firms.

The objective of these initiatives is to create competitive conditions in the market as well as improved client protection through transparency.

Both FinSA and FinIA are part of Apiax’ ready-to-use compliance rulesets designed for wealth managers and robo advisors. Presented along with other case-relevant regulation, the fit-for-purpose compliance rules reflect all relevant business activities. Organisations can also implement their own risk appetite and CSR guidelines into the workflow, using the same rule-based principles.

Related use case: Cross-Border Training


The General Data Protection Regulation (GDPR) was approved by the European Union in 2016, replacing the previous Data Protection Directive. At that point, organisations were given two years to prepare for the upcoming GDPR principles.

When the law entered into force in May 2018, consumers started noticing changes in their dealings with companies. Terms like “opt-in”, “marketing consent” and “cookies” quickly became part of every business interaction. Behind the scenes, however, were years of preparation to ensure aligned GDPR compliance throughout organisations – and the efforts are still ongoing.

The purpose of GDPR is to standardise rules relating to the storage and usage of consumer data. It empowers consumers to gain awareness and control over their personal data and how it is being stored and used by organisations.

Although implemented in the European Union, GDPR impacts all organisations with a global operation. Companies based outside of the EU can expect to comply with GDPR if they offer products or services to EU customers.

Given the broad scope of its application, organisations are still struggling to fully align and supervise the efforts to comply with the new standards, exposing the organisation to risk.

GDPR is part of Apiax’ compliance solution related to privacy and data protection. Designed to equip compliance and data protection officers with fit-for-purpose and case-relevant rulesets, the digital rules come curated by experts and are kept always up-to-date with current legislation.

Personal Data Protection Act

The Personal Data Protection Act (PDPA) is concerned with the handling of consumer data in Singapore. Born out of growing concerns among individuals, the act includes sector-specific legislative and regulatory frameworks.

Designed to ensure a national baseline standard, PDPA takes into account the concepts of consumer consent to the storage and usage of data, organisations’ declaration of data purpose and reasonableness.

Along with protecting consumers, the aim of the regulatory initiative is to strengthen Singapore’s competitiveness and position as a trusted, world-class hub for international business.

The Singapore Data Protection Act is reflected in Apiax’ tailored compliance rules relating to privacy and data protection. In conjunction with other international data protection standards, such as GDPR, the rules offer a 360 degree view of the regulatory requirements involved in each particular case or business activity.

Senior Managers and Certification Regime (SM&CR)

The Senior Managers and Certification Regime (SM&CR) is a regulatory framework established by the Financial Conduct Authority (FCA) to create accountability within banks and FCA-regulated firms. Brought into force in December 2019, it transforms the way financial services firms operate by fostering a culture of competence. The regime makes individuals within financial institutions accountable for the decisions and actions of the firm, improving the conduct of the firm as a whole

SM&CR sets standards of conduct to prevent the recurrence of financial scandals through wilful neglect and to indemnify the financial system and consumers from harm. The framework has its roots in the Approved Persons Regime (APR), which was formed under the Financial Services and Markets Act 2000 (FSMA) to prevent financial crises arising from bad financial practices.

SM&CR rules apply to all FCA-PRA regulated banks and branches of foreign banks operating in the UK, building societies, credit unions, and investment firms, insurance and reinsurance firms, managing agents and UK branches of foreign insurers.

Business implementation is one of the main challenges associated with the features mandated by the SM&CR framework. Job roles and decision-making powers of staff need to be allocated and siloed, both for due diligence and liability in the event of a breach in the Conduct Rules. Also the review and renewal of certification require periodical performance audits. Combined, all these efforts are cumbersome and resource-intensive.

Relevant and curated SM&CR requirements are part of Apiax compliance rules concerning accountability and conduct within asset management. The digitalisation of functional roles makes internal reviews seamless, while the pre-defined rulesets support rule-based actions for easy compliance.

Provided together with other business-relevant compliance requirements, Apiax case-specific rules provide a comprehensive overview of the dos and don’ts of any given business scenario related to asset management. As well as enabling seamless business implementation, asset managers are better positioned to avoid fines and potential legal consequences associated with serious breaches of the SM&CR rules.

Related use case: Cross-Border Training


The Alternative Investment Fund Managers Directive (AIFMD) is concerned with the marketing around raising private capital, remuneration policies, risk monitoring and reporting, and overall accountability.

The European Union (EU) initiative sets marketing standards for hedge funds, private equity funds and real estate funds and is part of an increased push for investor protection. Established just before the 2007-08 financial crisis, its efforts quickly ramped up due to the systematic risks revealed by the crisis.

The Undertakings for the Collective Investment in Transferable Securities (UCITS) is a regulatory framework of the European Commission that creates a harmonised regime throughout Europe for the management and sale of mutual funds. UCITS funds can be registered in Europe and sold to investors worldwide using unified regulatory and investor protection requirements.

The first UCITS Directive was adopted in December 1985, with the aim to facilitate cross-border offerings of investment funds to retail investors. Proposals for modifications were made in the early 1990s but never fully adopted. As such, there is no UCITS II. However, following discussions among member states in 2002, two new directives were adopted, 2001/107/EC and 2001/108/EC, which together are referred to as UCITS III. The revised framework broadened the investment spectrum of UCITS funds and relaxed some restrictions for index funds.

Further technical changes were adopted in July 2011 through UCITS IV, also known as Directive 2009/65/EC. Finally, UCITS V, or Directive 2014/91/EU, which came into effect in March 2016, aligns fund depositories’ duties and responsibilities and fund managers’ remuneration requirements with those of the Alternative Investment Fund Managers Directive (AIFMD).

The overall regime introduces stricter compliance around how and what information is disclosed, including conflicts of interest, liquidity profiles and an independent valuation of assets. Its aim is to remove some of the systemic risk that these funds can pose to the EU economy.

Through Apiax’ machine-readable compliance rules, case-specific regulatory requirements related to AIFMD and UCITS can be embedded into the workflow for consistent compliance with fund distribution rules. Serving as a compliance plug-in, the rules work behind the scenes of the existing business software and permit actions based on their accordance with the law. Fund managers can enjoy clear yes-or-no answers to individual regulatory inquiries through user-friendly apps.

Related use case: Fund Distribution

Dodd-Frank Reforms

The Dodd-Frank Wall Street Reform and Consumer Protection Act was introduced in the United States in the aftermath of the 2008 financial crisis and the Great Recession. Brought into force in 2010, an establishment of several government agencies supervised the regulation before it was rolled back in part in May 2018.

The framework consists of several components: monitoring the financial stability across major financial firms and insurance companies while providing for their liquidation or restructuring. The Dodd-Frank Act regulates the mortgage lending sector to prevent a recurrence of the 2008 disaster. The law also brings investment activities and speculative trading under the supervisory framework.

The reforms apply to financial institutions, insurance companies, mortgage lenders and brokers, derivatives and credit rating agencies operating in the U.S. but exempts smaller lenders from harsh controls.

The rule dense Dodd-Frank Act creates many challenges related to the interpretation and business application of its requirements. Compliance can be cumbersome, especially for smaller financial institutions, community banks and lenders, who face a high regulatory barrier to entry of financial markets. Another issue is the higher reserve requirement of asset liquidity, which means the financial institutions have to balance lending and selling activities with long term goals while abiding by the rules.

There is still perceived ambiguity around the changes made in 2018. Many organisations still struggle with outdated systems which make it difficult to comply.

Dodd Frank is part of Apiax compliance rules aimed at giving wealth managers a 360 degree view of all the regulatory requirements related to the advisory process and the provision of products of services. Accompanied by other industry relevant guidelines, Apiax digital rules provides clear and case-specific answers and direction even in complex, cross-border business activities.

Related use case: Compliant Investment Advice

Basel III

Basel III is a set of banking regulations drafted to address bank capital adequacy, stress testing and market liquidity risk. The framework focuses on strengthening banks’ liquidity against cyclical changes in the balance sheet with more stringent capital requirements and liquid asset holdings. The recommended methods aim to increase the resilience against market shocks and economic failures.

The ruleset is part of the Basel accord, which is a voluntary framework for international banking regulation and best practices. Formulated by the Basel Committee on Banking Supervision (BCBS), the global forum for the development of international standards in banking, its initiatives date back to the 1980s.

Basel I was adopted in 1988 with the purpose to address credit risk in banking and advocate a minimum capital ratio for its member countries. The following Basel II, published in 2004, mandated minimum risk and capital requirements to safeguard the solvency and risk exposure in banks’ lending, investment and trading activities. Basel III is an extension of these guidelines and focuses on transparency and disclosure norms.

The first version of Basel III was given shape in late 2009 and gives banks three years to satisfy the minimum capital requirements and leverage ratios to improve financial stress. In November 2010, the final version was published and slated for implementation in 2013-2015. Subsequently, the dates were extended to 1 January 2022.

Basel III governs banks and financial markets of BCBS member countries, as well as their national financial regulators. Although framed as a voluntary supervisory regulation, Basel III has emerged as the go-to framework for financial institutions operating in the international market.

The tough requirements of Basel III require sophisticated computations, which often create confusion among new players in the industry. Banks also need to keep constant surveillance on buffers during credit expansion and credit contraction activities. They have to invest additional resources for continuous monitoring which is a tedious process.

The Apiax tool-kit promotes seamless Basel III compliance for timely alerts and decisions for meeting capital adequacy rules. Its guidelines are part of the digital compliance rules that guide professionals through relevant regulatory requirements, even in complex and cross-border business scenarios. The case-precise compliance rules enable governance, risk and compliance teams to focus on supporting their profit-yielding business lines, with the Apiax system delivering compliance-on-the-go.

Related use case: Fund Distribution


The Foreign Account Tax Compliance Act (FATCA) is a tax law in the United States brought into force in 2010 as part of the Hiring Incentives to Restore Employment (HIRE) Act. The objective was to incentivise businesses and contribute to employment in the wake of the 2008 mortgage and recession catastrophe. The law also aims at transparency in the global financial services sector.

FATCA is a taxation framework that seeks to eliminate tax evasion by American citizens and businesses. It governs the filing of taxes on income and assets, as well as annual reports on any foreign account holdings. Failure to disclose offshore accounts is illegal under FATCA. Features include business tax credit and other incentives.

The FATCA governs all U.S. citizens residing in the country or abroad. The law also regulates non-U.S. Foreign Financial Institutions (FFI) and Nonfinancial Foreign Entities (NFFE) operating within the U.S.

Compliance includes reporting of assets to the Internal Revenue Service (IRS) or the FATCA Intergovernmental Agreement (IGA). Non-disclosure leads to a deduction of 30% as a tax penalty.

One of the biggest challenges of FATCA implementation is the enormous cost of compliance. Institutions are required to maintain large databases of businesses and individuals whom they are trading with. Another issue is monitoring and reporting on an ongoing basis. Penalties for non-compliance are high, putting the burden on companies to update their data and keep vigilant.

FATCA requirements are reflected in Apiax compliance rules for business activities within cross-border tax advice. Digitalised along with other industry relevant requirements, the machine-readable rules provide dependable and case specific answers to complex regulatory inquiries. Their agile format allows for guidelines to be presented in a yes-or-no format as well as integrate into the business environment as a compliance-plug in.

Related use case: Tax Efficient Investment