About Us

P2 FinCrime is built on the foundations of P2 Consulting and FS 101, both challengers in their respective markets. By combining the Financial Crime expertise of the FS 101 team with the project and programme management skills of P2 consulting we offer the best solutions to clients without the Big 4 overheads.

What We Do

P2 FinCrime’s services span the regulatory change lifecycle for Financial Institutions – from advisory and operating model design, to systems evaluation and implementation with a heavy dose of operational performance improvement and remediation along the way.


Understanding the challenges that keep our clients awake at night is essential. In this section we demonstrate our expertise at solving your problems. We have deep insight into the business and technology issues facing all sectors.

Ask the Expert

In the first of our ‘Ask the Expert’ series, Phil Rolfe, P2 Consulting’s CEO, interviews financial crime and compliance expert Peter Hazlewood.

Case Studies

We’ve worked with clients across the sector and have gained excellent results – but don’t just take our word for it. Have a browse through some of the work we’ve done.

P2 Consulting

P2 Consulting is a market leading business transformation consultancy. P2 provides the entire range of consultancy services for organisations engaged in business change. P2 works in partnership with clients to turn their business ambitions into reality, bringing a unique blend of leading-edge thinking and hands-on delivery.

GDPR In Financial Services – Why PSD2 Is The Biggest Challenge To Customer Data…

Phil Rolfe, Financial Services Director at P2 Consulting


Two giant pieces of legislation are facing the financial industry this year. This is nothing new for financial organisations – banks, pension funds, asset managers, amongst others. They’re old hands at regulatory adherence. The difference with GDPR – which comes into effect in May 2018 – and PSD2, which became a legal obligation in January 2018, is in some respects, they are two sides of the same coin.

The data protection angle…

GDPR is all about understanding the risk and exposure around customer data, which is crucial for financial institutions. Most firms hold records that are of real value to the customer, so any breach has a massive impact from a reputational perspective and also financially, as they are liable to giant fines if they are found to have poor controls.

GDPR will have a significant impact on the sales and marketing functions of financial firms, which will be challenged to prove customers have given their absolute consent that they are happy to be marketed to. Simple enough on the surface, but actually poses a massive challenge, given the over reliance of many organisations, banks particularly, on legacy architecture and the fact they have multiple data repositories. It’s not only data stored in the UK – many firms have offshored business processes, so customers’ data can be stored or accessed in different jurisdictions around the world. Wherever the data of European customers is stored, GDPR applies. GDPR compliance is complex and its implications are far reaching.

GDPR may also test our ‘special relationship’ with the USA, as an American based company selling to a European customer is caught by GDPR, so has to meet the standards, even when data is held outside Europe. Some of our colleagues from across the pond are already asking questions and the answer will be a nasty surprise to many.


PSD2 – the ying to GDPR’s yang?

One of the biggest challenges for the safe implementation of GDPR processes is PSD2, the legislation aiming to boost competition in financial services. PSD2 dictates financial firms have to open up their architecture, using Application Programming Interfaces (APIs), to share relevant information with third parties.

This may conflict with GDPR and as a result, there is a complex Venn diagram emerging between the two regulations. Everyone understands the need to increase competition in financial services, but PSD2 could be seen as in conflict with the core principles of what GDPR is attempting to do. An interesting dichotomy between data control, risk awareness, competition and being compliant has arisen.

Do customers care?

Of course not – to them it’s just white noise. Customers don’t understand the different directions firms are being pulled in – they just want to access their savings, pensions, investments and accounts in an easy way and they want protection from criminals, in their many guises. Financial companies are really trying to improve the customer experience, but it is a challenge within the realms of this complex regulatory environment.

There is a real desire to improve – firms are introducing measures such as iris and retina scanning, face, fingerprint and voice recognition – great for millennials, but seen as gimmicky by more mature customers. There is a big generational push and pull which influences the security measures implemented to satisfy GDPR requirements.

Last year’s Uber security breach was a lesson for everyone – if the company had been penalised under GDPR, it would have cost 4% of the company’s turnover, over £0.5bn. Uber paid the hackers’ ransom on the understanding they would destroy the customer data – it was a complete breach of lots of different regulations.

The Information Commissioner’s Office (ICO) isn’t making everyone jump through GDPR hoops for fun. We need to learn from hacks, like the Uber breach – if we don’t, hackers can use that same technique again and again. Corporate governance and security are struggling to keep pace with advances in hacking as the prize for cyber criminals is enormous– you need to invest for GDPR, because if you don’t, hackers, customers, competitors and the regulators will come after you.

For further information please email phil@p2consulting.com or call +44 (0) 20 3823 2180.

Get in touch

Click Here