Privacy of customer data is no longer a concern for financial service providers alone. The Facebook scandal of 2018 made it adequately clear that data can be exploited for purposes that are not just purely financial in nature. Banks have been a trusted custodian of people’s finances and their data for eons. One could argue data being just as valuable an asset as wealth that banks hold for their customers. With these changing paradigms, banks are now forced to evolve around a different set of risk management processes related to managing data even if there are no direct financial implications for the customer.
2018 saw two significant regulations coming into force. The data privacy law GDPR mandates businesses to protect customer data and ensure that the customer is aware of the purpose for which the data is used. On the other hand, open banking and PSD2 open up the market to transaction processing parties and compel banks to share customer data with developer ecosystems and nonbank providers of financial services, exposing the inherent risk associated with data sharing. Against the backdrop of these regulations, banks find themselves in a somewhat conflicting situation.
2019 will see banks beginning to walk the tightrope between sharing data to foster innovation and protecting data to save customer’s interest.
How is the trend likely to play out in banking? Regulation v/s Innovation. Can banks manage both?
In banking, ordinarily, any new innovative process or product quickly gets followed-up by a set of regulations. The open banking context was quite the opposite. Here, in a departure from the typical trend, regulation fostered considerable innovation.
The free movement of data is not only helping banks bring in new customer-centric solutions by tapping into third-party developer ecosystems and FinTechs, but also benefiting the rise of the FinTech sector by presenting new opportunities across the industry. With FinTech partnerships, banks which are limited by their large legacy operations, gain a level of agility that they have never enjoyed in the past. These trends have revitalized the industry with an innovation culture long-known to elude banking. What’s more, with these developments the financial services sector has also begun attracting human capital with new diverse skillsets and perspectives into the industry, a workforce challenge they had been grappling with for some time now.
Banks have a standard revenue model centered around spreads, transaction-based income, advisory fees, and trading income. Imagine an income stream based on data sharing thrown into that mix? The proliferation of non-bank financial service providers throughout the banking value chain is likely to cause a level of disintermediation that will move some customers away from banks. This is the revenue that banks potentially stand to lose. Representative studies indicate about a 33% revenue shift from traditional banks to FinTechs and new digital entrants, in an ideal market environment where customers avail third-party options freely for transactions, as intended by open banking. What banks lose in transaction-based revenue in cases such as these, they will make up in new data-sharing revenue. The phenomenon is already underway, and in 2019 we expect this shift to accelerate. Banks will also use data-driven insights and API-led revenue models to become more contextual, offer relevant services, and increase crossselling.
However, this also places the onus and responsibility for secure sharing of data on banks. We expect banks to go beyond the minimum regulatory requirements for data and privacy and adopt comprehensive measures to protect customer data. Not doing so could cause sizeable and permanent damage to their reputation, brand, stock, and market value. In other words, expect banks to juggle the multi-dimensional act of ensuring proper management of client data, facilitating appropriate and secure use of this data by FinTechs and digital players, meeting compliance, and still being able to monetize the data to offset the loss of direct income.
Heading into 2019, banks will bolster their governance significantly to play the new role of the principal orchestrator and facilitator of secure exchange of customer data with third-parties. A fresh assessment of existing operations and processes to include a robust consent management system for explicit permission of the customer will be crucial. Strong encryption, security standards, third-party authentication process, and real-time transaction processing will also be paramount. Banks will imbibe the philosophy of “Data Protection by Design and Default” at every level within the organization. With all the moving parts around regulation and innovation, banks find themselves forced into situations they must navigate effectively to survive and compete. Where we stand today is just the starting point – every new data breach will call for additional controls. The pace of change in the industry will only increase and so will expectations and demands of customers, which will compel banks to innovate and will potentially introduce certain new risks.
Demonstrating strong ethical data practices will be integral to building an organization’s character, which alone will generate customer trust amidst rapidly increasing threats and breaches. Privacy and ethics will not just be a compliance requirement, but a competitive differentiator in 2019 and beyond.
“Money equals business which equals power, all of which come from character and trust.” – John Pierpont Morgan, 19th century American Financier and Banker.