As businesses worldwide gear up for GDPR, the financial services industry is in prime position to take the lead. So could GDPR be a driver that strengthens customer confidence in financial services?
There’s no greater asset in a digital world than trust. It’s a vital currency in the global digital economy. People give their personal information to companies they trust; and those companies that have more data, have more opportunities.
It’s why improving information security and restoring customer trust back to its pre-2008 level are ongoing priorities for financial services CEO’s worldwide.
Yet earning that trust is getting harder. Consumers are more cautious about sharing their personal information online and care more about the security posture of the companies they do business with.
It’s set to become an even greater priority with the arrival of the EU’s General Data Protection Regulation (GDPR) Act.
In recognition of how much of our personal data is now held online, the GDPR regime will impose stricter requirements on the use of data when it comes into effect on 25 May 2018. All businesses that interact with EU customer data will be affected and must conform to the new rules.
The penalties for non-compliance are eye watering. But perhaps even more significant is the potential for reputational damage. GDPR will make it mandatory for firms to disclose personal data breaches meaning hard-earned trust could quickly be lost.
On the flipside, with its focus on improving transparency and customer confidence, GDPR could in fact be just what the financial services industry needs to restore trust. There’s also a real opportunity for financial services to take the lead where others are lagging behind.
A strong start
Research indicates that financial services is one of the sectors that’s best prepared for GDPR. As one of the most highly regulated industries in the world, financial services is used to dealing with complex regulation, putting it in a better position than most to take on GDPR with success.
That’s not to say that the journey will be easy. Regulatory compliance has required financial services to hold an increasing amount of data for suitability and reporting purposes. The sheer amount of information advice firms hold on customers means the effect of the GDPR regulation will be substantial and a complete assessment of data held across the business will be required.
For some firms that will mean taking into account data that could be located across different regions and offices, which may or may not use the same technology platforms.
GDPR will give customers far greater power over their data. They will be even choosier about who they share their data with and how they allow it to be used; those that earn it will have a competitive advantage.
With every participant bound by the same data rules, GDPR will put the pressure on all players to raise their game.
It could put wealth and investment managers in a stronger position to take on the likes of Apple, Amazon, Google and Facebook should they move further into financial services. With armies of loyal customers, finely honed business models, and high levels of trust, the ‘Big Techs’ could bring significant disruption.
But by using personal data correctly to make personalised and timely offers to clients through the right channels, advisers, particularly those operating a hybrid model combining the best of digital and human service, have an opportunity to build client relationships and loyalty in ways the Big Techs simply can’t.
Done well, information security drives customer trust. GDPR will introduce even greater transparency and security controls presenting the perfect opportunity for businesses to set out their stall with regards to handling customer data; to let people know that they not only comply with the new rules but that they value their clients’ data and will be processing it properly and doing everything they can to keep it secure.
In an industry where information security standards are already high – according to a 2017 Cap Gemini study** 83% of consumers say they have faith in the banking and insurance industry’s ability to protect data – it’s a strong message to be sending to customers.
Accelerating digital transformation
Many businesses are now focused on digital transformation but that can only happen if systems have access to the right data – data that is accurate, up to date and reliable. So while some businesses might see GDPR as yet another piece of complex regulation, the more enlightened will recognise it as a timely input into the design of their digital services; services that will give their clients a smoother, richer experience as well as one that is safe and secure.
With access to some of the most innovative technologies available, this really is an area where financial services can take a lead. Just look at Atom, an all-digital bank in the UK, that’s using biometric technology including face and voice recognition instead of passwords, something they say makes account access safer and simpler for customers.
Heading in the right direction
GDPR is about building greater transparency, credibility and customer confidence – everything the financial services industry stands for.
The outcomes from GDPR will be better practice, building on the already high standards financial services has become accustomed to, which can only deepen trust and customer confidence.
GDPR is driving major change but is taking financial services in the right direction, giving businesses the momentum to do what I suspect many financial firms of all sizes have been meaning to do – and that’s to truly get their house in order and become data-driven enterprises.
Powered by better quality data, and underpinned by unified systems and controls, financial firms will benefit from having a solid platform on which to build trusted and more profitable client relationships with more opportunities for innovation and growth.
Andrew Walsh is CEO of Iress.