The civil rights group wants to highlight the way in which these businesses handle data and asserts that they do not currently comply with the Data Protection Principles of transparency, fairness, lawfulness, purpose limitation, data minimisation, and accuracy.
Privacy International’s criticisms are based on 50 subject access requests but admits that this investigation has “only been able to scratch the surface” of potential data exploitation practices. In fact, in October the Portuguese data watchdog issued a €400,000 fine to a Portuguese hospital for two GDPR violations, highlighting just how painful fines for non-compliance can be.
With the sheer volume of data financial services companies host, there is clearly scope for major issues if it isn’t managed efficiently. So why are many struggling with GDPR six months on?
The regulations pose so many challenges - industry goliaths can receive hundreds of subject access requests every day, presenting a huge administrative headache. At the other end of the spectrum, SMEs in the financial services sector may struggle to have even the most basic of systems in place to stay on top of data management.
There is also the complexity of understanding exactly what the law requires – what data can and can’t be stored and what the “right to be forgotten” means. Consider for a moment the back-up systems that most businesses have in place – by definition they are designed to not forget things. Does forgetting mean removing references even in long-lost archives? How do companies even begin to know where every piece of data they store on someone is hosted?
Despite the endless advice issued in the lead up to GDPR, many businesses still don’t have the necessary tools in place. Companies need robust processes and systems in place to tackle incoming queries and ensure timely follow-up and resolution. Response is not just a matter of customer satisfaction. It’s now the law.
Fortunately, technology can play a big part in easing the GDPR burden. Some of the time-consuming administration surrounding GDPR can easily be handled by having an automated system to capture data requests thus freeing up the human workforce to focus on more added-value tasks. An automated system can help companies retrieve information requested by customers, especially if they hold multiple forms of data on them.
Ironically, given that many worried GDPR would be the bottleneck to its widespread adoption, AI will prove central to automating subject access requests. Embracing technology that continues to grow increasingly knowledgeable in the intricacies of GDPR and algorithms will automatically see necessary data deleted when customers request to be forgotten.
This removes the burden of compliance from financial professionals, who may legitimately spend hours trawling systems for any reference to one client, when AI can manage this in a matter of seconds. Professionals can utilise this time saving by adding value to clients instead – strengthening relationships and increasing the chances of them being brand advocates, rather than requesting to be forgotten.
No financial services company wants to see its name in the headlines for falling foul of GDPR requirements – both the financial penalties and reputational damage will prove difficult to bounce back from. Clients will inevitably move to competitors if they are suspicious that data processes aren’t up to speed. It’s therefore imperative that all businesses automate their GDPR processes, rather than struggling in silence and risking severe damage to their company in the process.
Back in July Finance Monthly reported on how much your personal data was worth on the dark web.
Price comparison experts Money Guru conducted research on several dark web marketplaces and uncovered that criminals can buy your details on the dark web for less than a coffee. In fact, email logins could be bought for as little as £2.10, and Facebook logins for £3.
Sadly, data breaches are becoming a common occurrence. In the past few months alone British Airways, Reddit, HMRC and Ticketmaster have all been hit.
New research from Money Guru shows that the cost of personal data on the dark web has reduced significantly following Facebook’s recent data breach.
How Much Is Your Data Worth Now?
Your data, which can include everything from banking details to social media logins, is worth less than you might think to hackers and scammers.
Following the Facebook data breach hacked Facebook account details are now being sold on the dark web for as little as £0.77 ($1). This is £2.23 ($2.90) down from Money Guru’s previous findings earlier in June 2018.
They also found that hacked Instagram credentials are available on the dark web for as little as £1.91 ($2.50), down £2.89 ($3.80) and that hacked Twitter accounts are being sold for as little as £0.61 ($0.80), a reduction £1.89 ($2.50).
However, that wasn’t all that the price comparison expert discovered during their research.
Money Guru discovered tools and guides to help people hack into Facebook accounts available on the dark web for as little as £1.29 ($1.70), and similar tools for Instagram for £0.87 ($1.15) and Twitter for £0.87 ($1.15).
The personal finance experts discovered tools to help hack Gmail, commit phishing attacks and bypass phone verification available on the dark web for as little as £0.87 ($1.15). They are also found a plaintext database of Twitter account details with millions of emails and passwords available for £31.86 ($41.60).
Staying Safe Online
Deborah Vickers, channel director at moneyguru.com said: “Our social media accounts put our lives under a microscope and these details are frequently stolen and sold to unscrupulous companies so they can target you with advertising. By using your data against you, criminals can lock you out and take control of your accounts, which could cause serious reputational and financial worry.
“Rather concerningly all three dark web markets that we researched (Wall Street Market, Dream Market and Burlusconi Market) are currently offering ‘164m LinkedIn user records’ including separate pieces of information such as email addresses, names, passwords for only £7.65 ($9.99).
“However, it seems that as more data breaches occur, the more aware the general public are becoming of the issue which could be causing the significant price drops of personal data on the dark web. Our research into personal data and how much it's actually worth on the black market is shocking to say the least. It just goes to show how vital it is to protect your data where possible to avoid facing costly consequences.”
So What Data Can Criminals Buy on the Dark Web?
The marketplaces Money Guru searched were ‘Dream Market’, ‘Burlusconi Market’ and ‘Wall St Market’ (three of the most popular current markets since the fall of the Silk Road) all of which provide goods including:
With businesses embracing big data, new tech and digital media, the role of traditional CFO is evolving from financial expert to strategic partner, data analyst, talent curator and more. With the support of several data streams, James Booth, Chief Financial Officer at Instant Offices explains for Finance Monthly what this new era of the multidiscipline strategist means and how there is more potential than ever for CFOs to be the architects of change within business.
Around 75% of CFOs worry Brexit could have a negative impact on business in the long-term, compared to just 9% who don’t, according to Deloitte. Along with Brexit risks, weak demand and the prospect of tighter monetary policies are ranked as the top worries for CFOs in 2018. Despite high levels of uncertainty across the board, research shows CFOs are still highly focused on growth plans, and the level of desire to expand business over the next year is at its highest since 2009.
According to research, 44% of CFOs have reported recruitment difficulties and skills shortages in 2018. To add to the challenge, The Open University Business Barometer revealed a massive 91% of UK organisations say they have had difficulties hiring skilled employees in the last 12 months.
78% of UK CFOs believe stress levels are set to rise in the next two years as workloads increase, business expectations grow, and companies face a lack of staff, according to Robert Half. Research also shows CFOs expect their finance teams’ workloads to increase, while 52% are planning to hire interim staff as a short-term solution.
Research firm IDC predicts that by 2025, we’ll see 163 trillion gigabytes of data output every year. And a recent study by Accenture suggests that by 2020, 90% of a CFO’s time and efforts will be spent on working with data scientists to turn data into actionable insights that organisations can use for strategic decision-making.
Studies from Verizon show that 59% of cybercriminals are motivated by financial gain and are likely to target finance and HR – areas which fall into the CFO realm – suggesting CFOs are going to be expected to take a proactive approach to cybersecurity.
In Q2 of 2018, CFOs listed the following as strong priorities for business in the following 12 months:
The CFO Must Become a Leader of Innovation: New tech, including AI, will become a core part of the innovation strategy within businesses looking to remain competitive, and CFOs will be required to understand the opportunities presented by new tech to drive growth. By 2020, 48% of CFOs are set to be using AI to improve performance.
CFOs Must Embrace Big Data: According to a report by the ACCA and IMA, the CFO and finance team is set to be at the heart of the data revolution. In order to make sense of the large volumes of data the world will be generating by 2020, CFOs will need to be able to accurately interpret data to generate quality, actionable insights for CEOs and board-level decisions.
The CFO Must Manage Risk Under Scrutiny: As tech grows and presents more complex risks to business, expectations on the CFO will be high. They’ll be required to implement and manage cutting-edge risk management processes within the finance department and business as a whole. A proactive approach towards threats will be key. One report by NJAMHA showed four in ten finance chiefs currently own or co-own cybersecurity responsibility within their organisations.
The CFO Must Prepare Talent for the Future: Prepping talent for a finance role was once the domain of HR, but in order to prepare new employees for the future of finance, CFOs are going to be required to increase involvement to ensure new employees can multitask, show technical competence and handle business strategy. Around 42% of CFOs are also prioritising soft skills as a key element for future hires.
The CFO Must Be a Leader in a Rapidly Changing Workplace: With the consumerisation of real estate becoming a global trend, more businesses are choosing an agile approach to office space to expand into new markets, reduce costs, increase networking opportunities and improve staff happiness. Tied into this, the modern CFO will need to develop leadership skills to not only manage talent but also implement development strategies that work across remote teams with geographic and language differences.
Today, the role of the CFO has evolved from financial expert to a multidiscipline strategist. In addition to traditional accounting and finance responsibilities, by 2020 research shows the top priority for CFOs will be keeping pace with technology and harnessing big data.
Nowadays, CEOs expect CFOs to have an impact on business direction and strategy more than ever before. And while the question of who owns analytics is still an open question across sectors, according to a report by Deloitte, finance is the area most often found to invest in analytics at 79%, and CFOs can use it to bridge the gap between strategic and operational decision-making.
More than a third of financial institutions (37%) find that legacy data platforms are the biggest obstacles to improving their data management and analytics capabilities, according to research from Asset Control. Whereas, for 31%, the cost of change is seen as the biggest hindrance to progress.
The poll of finance professionals, conducted through Adox Research Ltd., also revealed that for more than half of financial institutions (56%), the integration of legacy systems is the biggest consideration as they plan investment in future data management and analytics capabilities.
“What we’re seeing is financial institutions being held back by legacy data management platforms which they have acquired or developed over the years. These systems can slow down organisations as they are costly to maintain, miss audit or lineage information, often cannot scale to new volume requirements, and do not quickly and easily provide business users the data they require. While businesses recognise there is a need to update their data management systems they are sometimes reluctant to do so due to cost of change and perceived difficulties of integrating their systems with new solutions. Although I understand where these concerns come from, businesses also see the risks posed by inertia,” says Mark Hepsworth, CEO, Asset Control.
However, when it comes to considering new data management and analytics capabilities, firms remain focused on the fundamentals. More than a third (36%) of respondents cited ease of use and flexible deployment as their top business consideration, while 41% deemed ROI to be the biggest determiner.
“It is clear that while firms are currently being held back by the cost of change and legacy systems, they can see that both these challenges can be overcome with the right solution. While ROI is, of course, important in any business, these organisations must also consider how much their current data management systems are holding them back by delaying processes, lowering productivity and causing data discrepancies because they lack a clear and comprehensive view on their sourcing and validation process,” adds Hepsworth.
(Source: Asset Control)
In today’s digital world, data is a vital asset that gives organisations the ability to uncover valuable insights about customer behaviour, which ultimately provides businesses with a competitive edge. However, new research commissioned by managed services provider Claranet has revealed that UK financial services organisations are struggling to capitalise on the vast amounts of customer data they collect.
The research, which was conducted by Vanson Bourne and surveyed 750 IT and Digital decision-makers from a range of organisations across Europe, is summarised in Claranet’s Beyond Digital Transformation report. The findings reveal that despite the increasingly large quantities of data that the financial services sector is now collecting, over half of UK companies (54%) struggle to use and understand their customer data to help them make important business decisions.
According to the survey responses, 43% of UK organisations in the financial sector cite centralising customer data as being a key challenge encountered when trying to improve the digital user experience, and 41% reported that they were unable to provide a consistent experience across channels as a result.
For John Hayes-Warren, Head of Vertical Markets at Claranet UK, the findings highlight how the often-siloed and legacy approaches to data management are preventing businesses in the financial sector from exploiting the potential of the information at their fingertips.
Hayes-Warren commented: “Data has quickly become an incredibly valuable asset in the financial sector and the source of important intelligence that can be applied to respond to changing customer demands. Most businesses are sitting on vast amounts of data and those that can harness it effectively can gain a much deeper understanding of their customers, better predict, improve and personalise the customer experience and, ultimately, create stronger brand loyalty and repeat business. It’s therefore troubling that over half of UK financial services organisations are reporting challenges in this area, so addressing data management shortcomings needs to be a priority for any business that is passionate about delivering a positive customer experience.
“To realise the benefits of data you’ve got to be able to combine and mine different repositories of data and make it actionable in real time. However, that’s something that is often frustrated by legacy systems and batch processing. These unconnected and incompatible IT systems create data siloes and prevent data and insights from being discovered and actioned within organisations,” he continued.
“Cloud technologies can help a great deal, providing the tooling and infrastructure needed to collect, process, and analyse vast sets of data from across the organisation and make it actionable in real time. By creating a platform that can capture and analyse data from across an organisation, leaders can discover unique insights, issues and opportunities that will ultimately help them achieve the competitive advantage they seek,” Hayes-Warren concluded.
(Source: Claranet)
As brands think about targeting the student market, it would be very tempting to stereotype and develop marketing that is all about partying and watching daytime TV. This approach is doomed to fail because the student demographic is actually much more diverse and discerning.
According to Creative Orchestra, less than 60% of students are under 21, almost 40% study part-time and half of those are aged 30-50. In the UK, there are almost half a million students from overseas, and the number is growing.
The main reason why banks are interested in connecting with students is that while they may not have much cash initially, over time they usually become more financially secure and interested in additional products and services such as credit cards, loans and mortgages.
Genuine concern for customers
Despite the dangers of generalising, there are some traits which marketers should be aware of. As a whole, students tend to have a strong sense of social responsibility. When asked, 74% believe that ethics are very important and 65% believe that it’s very important to be environmentally friendly. These beliefs affect the purchasing habits and demands of future students but it is important that brands don’t make claims they can’t substantiate. Students know the difference between genuine claims and spin and are increasingly drawn to ethical financial institutions.
Building a reputation as a brand that truly cares will get cut through with this demographic. Customer Thermometer research highlights that people want to connect with a brand that shows it cares about them. This is heightened for student consumers who are usually financially stretched and may feel more vulnerable, living away from home and making independent, financial decisions for the first time. Sensing that a bank understands the pressures they face and is always ready to help, rather than hinder or scold, can go a long way in forging a strong customer relationship.
In addition, our ‘Connected Customer’ research shows found that a long-term relationship happens when companies become a meaningful part of a customer’s everyday life. Making their life easier and delivering what is promised both contribute to finding a place in their emotions. When students sense that “this company helps me when things go wrong”, they begin to move along the engagement journey from interest to loyalty. There’s a real opportunity for banks to show genuine understanding and flexibility towards students and as a result to win a customer for life.
As well as supporting students when things go wrong or finances are tight, banks should also be thinking, what additional services and products can we offer that will enhance their life? This is because there is a direct correlation between the number of additional products held, such as overdrafts, loans and insurance, and higher levels of engagement.
The personal touch
Finally, banks should use the reams of rich customer data, aggregated across multiple touch points, to target students with hyper-relevant and engaging messages at opportune moments.
Banks must profile and target properly, taking time to understand their audience, rather than lumping all students in the same category. Students will not tolerate being bombarded with unsolicited messages. Less is more and they appreciate creative, clever and entertaining campaigns that are personal to them. The good news is that sophisticated data-driven marketing is totally attainable now, so long as the data is clean.
The student market is highly lucrative and if banks get their marketing and customer experience right, they could win an advocate for life. To win the affections of students, brands must provide a meaningful and personalised solution with products and services that really add value. Any bank that does this will soon discover they have an army of loyal brand advocates who are engaged and bring long-lasting financial rewards.
Karen Wheeler is the Vice President and Country Manager UK at Affinion
Louise Green is the Chief Marketing Officer at Bureau van Dijk, a Moody's Analytics company. It is committed to empowering customers to make better, faster decisions, by providing the most reliable private company information in the market. Below, Louise tells us about Bureau van Dijk’s Corporate and Financial Solutions and the importance of comparability and efficiency when it comes to data and company information.
Tell us about the key corporate and financial solutions that Bureau van Dijk offers
We aim to make our customers more successful by providing company information solutions that help improve efficiency, grow revenue and mitigate risk.
How much do you know about who you are doing business with?
Whether it’s the financial strength and longevity of your suppliers, your clients’ ability to pay, complying with regulations, protecting your reputation or understanding new and existing markets, more certainty is always welcome.
We capture a wide variety of data, then we treat, append and standardise it to make it richer, more powerful and easier to interrogate. In fact, we capture and treat data from more than 160 separate providers, and hundreds of our own sources, to create Orbis, the world’s most powerful comparable data resource on private companies.
Orbis has information on around 300 million companies in all countries. It’s the resource for company data.
The company reports are detailed and comparable, and comprise:
Our customers, including financial institutions, corporates, governments and academia, use our products for a variety of purposes.
Compliance and reputation management
With comprehensive global coverage, the richest source of corporate structures and beneficial ownership data available, plus information on PEPs and Sanctions, we are the resource for compliance and onboarding.
Financial risk
Our standardised financials help to assess and benchmark companies globally. We offer financial strength metrics using a range of models and include a qualitative score when detailed financials are not available.
Tax and transfer pricing strategies
We combine our comprehensive company information with transfer pricing functionality, so customers can plan, set policies, manage risk and document compliance processes.
Customers can also fine-tune policies, create robust audit-defence analysis and prepare TP documentation. We’ve created a full document management system to help with BEPS and country-by-country reporting requirements that helps customers become more efficient.
Business growth and strategy
Research new markets and industries, understand the M&A landscape and foreign and direct investment.
Orbis includes information on:
Data is getting bigger all the time, which makes extracting value from the numbers more difficult and time consuming. One of the ways that we increase efficiency is by making it simple to compare companies internationally.
Using our solutions, customers can interpret data quickly, and automate and centralise much of their research.
In what ways have Bureau van Dijk’s offering evolved over the years?
Bureau van Dijk has been an innovator in private company information since its beginning. We first delivered company information to clients on CD - then DVD-ROMs. This was a ground breaking way for companies to quickly research other companies. While we still offer on-premise solutions, our data and analysis resources today are accessible in the cloud, in third-party platforms and through integration into systems and workflows.
Our products are just as innovative today. For example, it’s not just that we offer the world’s most powerful comparable data resource on private companies, or the extensive corporate ownership structures included within it, it’s often how you can combine datasets in new and innovative ways to create better solutions for customers. For example:
Customers can blend our data with internal data to refresh and enrich CRMs and other internal databases. Our unique company identifiers and bespoke matching services help to create links between disparate datasets across organisations and create single views from data silos.
We recently updated the interface for Orbis and several other products to make them even easier to search for and visualise data with pivot analyses, heat maps, dynamic company structures and more. These and other changes were made based on interactive feedback from our customers. We bring data to life in new ways with reports and dashboards that give a clear, intuitive view into the information that matters most.
How important is it for businesses to trust a data specialist like Bureau van Dijk when it comes to data and company information?
At Bureau van Dijk, we’re in the business of certainty. It’s vital that companies know who they are dealing with. Before embarking on a major investment, a new third-party relationship or procurement decision, companies need to have confidence that the information they base their decisions on is accurate and comprehensive.
As businesses can be global and often complex, it's harder to get a clear view of all entities involved and who holds control. We make it easy to analyse management and ownership structures. Orbis includes extensive corporate structures so you can assess the complete group or take the financial stability of the parent into account.
Having a clear view of ownership also helps our users comply with sanctions lists, anti-money laundering legislation and to perform the other crucial due diligence checks that are intrinsic to global business.
What are Bureau van Dijk’s goals for the future?
Our mission has always been to provide the most reliable private company data on the market. We will continue to enrich and expand our private company information database. This means identifying and integrating new, reliable information sources and standardising data to make it more comparable and useful for our customers’ decision-making processes.
Contact details:
To find out about our free trial scheme, please visit www.bvdinfo.com or email bvd@bvdinfo.com.
Telephone (London): +44 207549 5000
Two years on from the CMA market review which initiated Open Banking, Jake Ranson, banking and financial institution expert and CMO at Equifax, anticipates profound long term impact.
Open Banking was established to encourage competition. It’s well known that current account switching remains low, but this doesn’t reflect the full story. The initiative has been a wake-up call for traditional banks to improve their understanding of their customers and tailor services to their needs. Consumers won’t necessarily have to switch to experience improvements in their banking services.
Since inception two years ago, Open Banking has prompted exciting and much needed product developments to facilitate faster and more effective banking services for consumers. Many providers have applied for Open Banking regulatory permissions, showing the huge appetite to offer new and improved services.
The services that will really take off are the ones that give consumers transparency, control and save them valuable time. Consumers need a compelling reason to share their data, whether it’s faster lending decisions or the ability to access financial products better suited to their needs, and providers must articulate the value clearly in order to succeed.
The potential next steps are vast. We could see services that go beyond banking data, encompassing for example social media information so that consumers can manage their data in one place to gain easier access to tailored services. More and more companies are likely to get involved, potentially including players as varied as online estate agents and debt management companies.
Momentum is building but there’s still a need to educate consumers on how Open Banking can improve their financial lives. Equally important is reassurance that they maintain control of their data, it will only be used with their permission and they can revoke access at any time.
This week Finance Monthly talks to Daniel Kjellén, CEO and Co-founder of Tink on the democratisation of data and what this means for both financial services businesses and consumers.
Open Banking was designed to open the retail banking market by giving everyone access to the data they needed to deliver banking services. Initially viewed as a massive boon for fintechs, and a worrying threat for banks, the mindset of the latter is shifting.
They may have been slow to start, but today the majority of retail banks are waking up to the opportunities offered by Open Banking. Banks are realising that the new battleground is the level of valuable insights and product offerings, tailored to the individual, that can win over consumers. And the key to unlocking this customer value? Data.
But CIOs and product analysts will be only too aware that data was relatively unmanageable until fairly recently. Historically, legacy systems and fragmented technology stacks have meant that getting the right data-sets in one place has been a huge struggle for banks.
What’s more, being able to use these data-sets to create data-driven insights and support data-driven sales has proved even more of a challenge. This means that, until recently, banks and consumers alike have been unable to make full use of the financial data at hand to make better, more informed decisions.
Out-engineered or the opportunity of a lifetime?
Banks might still be grappling with trying to make the best of their consumer’s financial data. But heel-dragging is not an option.
For several years, banks have been under siege from all sides. The technology that allows consumers to grant third parties access to their financial data has existed for some time, and agile fintechs have out-engineered banks in the field.
There’s no question that the advent of Open Banking has widened the data floodgates now that banks have had to open up their APIs. With data more readily accessible, third party providers in all sectors - from finance to insurance - can begin to compete with the traditional banks by introducing innovative new products and services.
What’s more, these challengers have the advantage of being more agile with their time to market; getting new software off the shelf and into people’s pockets in a fraction of the time previously taken.
Banking on the future
Banks have work to do. They’ve been caught napping by these nimble fintechs who have stolen a march.
Regulation is really only the rubber stamp on a technology-led revolution that was already well underway. Banks are now waking up to the same opportunities by partnering with agile industry players that can leverage the financial data at hand.
They need to act now to keep pace with the new market entrants who have already tapped into a world where the access to financial data is democratised, to build newer and better products for consumers. Instead of inventing the wheel once again, banks can choose to invest in the best technology that will provide them with the right data-sets that will both give them a holistic overview over their customer’s finances, and the ability to deliver data-driven sales and insights, tailored at the individual.
Why does this matter?
Open Banking has changed the way consumers can choose to manage their finances. By democratising the access to financial data, consumers are beginning to understand, and take advantage of, the benefits of sharing their financial information with third parties.
Once faithful to traditional banks, people are becoming increasingly fickle - flirting with other providers to find the best deal, service or experience on the market.
It might be intelligent personal finance technology that can predict consumer spending habits and provide advice and recommendations based on these predictive insights. Or it might be a current account platform that allows people to monitor and change their mortgage and savings in the same place, despite using different providers.
Whatever the specific solution, consumers are feeling the benefit of increased flexibility and choice, and demand for new ways to manage money is growing.
It really is win-win-win
Banks must stop viewing the democratisation of data as a zero-sum game - where their loss is a fintech’s or another bank’s gain. Instead, they should see it as an opportunity to gain an advantage by ensuring that their data analytics capabilities keep them one step ahead of their rivals.
While aggregation is just one part of the puzzle, the democratisation of data opens up a wealth of opportunities for banks. Data-driven banking will allow banks to make better commercial decisions based on their customers behaviour, while PFM (personal finance management platforms) will help banks give their customers a better experience.
There is a huge opportunity for banks to successfully monetise Open Banking through identifying where they can offer customers a better deal to meet their needs and targeting them accordingly with a personalised offer.
In this brave new world of banking, the winners will be those who decide what their unique offer to consumers will be and focus on doing it better than anyone else in the market. This might be providing the smoothest UX, the best predictive personal finance management platform, or the slickest analysis and insights tools. Or it might be offering the best products in one particular area - for example the most competitive rates on mortgages or loans
Unlocking this opportunity might require developing new customer centric platforms in house or buying technology of the shelf by partnering with fintechs to take advantage of their technology solutions.
But one thing’s for certain. Far from sounding the death knell for the banking industry, the democratisation of data will become the smart bank’s secret weapon for winning their segment.
General Data Protection Regulation is a ‘game changer’ for the financial services industry and many small firms are unlikely to be fully compliant with the new rules.
Nigel Green, the founder and chief executive of deVere, is speaking out since the implementation of GDPR, a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.
Mr Green says: “GDPR is a game changer for the financial services industry – the biggest shake-up I can remember.
“Not only is it protecting clients further by putting them back in control of their personal data, but it is going to make the industry work smarter, harder and better.”
He continues: “One of the main day-to-day ways GDPR will impact financial services is that no longer will firms be able to poach staff asking them to bring client data with them. Unfortunately, this has been a highly unethical modus operandi for many smaller financial companies for far too long. This is now no longer possible.
“Another key way that GDPR will affect the admin operations of financial services companies is the storage and management of the data. Holding data without good reason to do so will no longer be allowed.”
Mr Green goes on to add: “Despite them having ample advance notice, due to the breadth and scope of GDPR, and because it represents a fundamental shift for some companies’ business models, many smaller firms will find it extremely challenging to meet the requirements.
“It is likely that they will have found, and will continue to find, it difficult to dedicate the time and resources to getting this right and being fully compliant – especially as many are still struggling with the costs and demands of Mifid II and other complex regulatory reforms.
“As such, we can expect that many smaller firms will be hit with hefty fines for failing to meet GDPR’s stringent standards.
“Bearing this in mind, GDPR will prove to be a ‘burden’ too heavy for some smaller companies, forcing them to exit the industry.”
The deVere CEO concludes: “GDPR represents a watershed moment for the financial services sector. This is an opportunity for all firms to redouble their efforts to overhaul their business practices where necessary, ensuring the clients’ interests are always front and centre.”
(Source: deVere Group)
Much that has been written about the General Data Protection Regulation (GDPR) relates to the burden of obtaining proper consents in order to process data. This general theme has provoked questions about whether and how financial institutions can process data to fight financial crime if they need consent of the data subject. While there are certainly valid questions, GDPR is much more permissive to the extent data is used to prevent or monitor for financial crime. Richard Malish, General Counsel at Nice Actimize, explains.
Clients and counterparties will oftentimes be more than happy to consent to data processing in order to participate in financial services. But consent can be withdrawn, so offering individuals the right to consent will give the impression that they can exercise data privacy rights which are not appropriate for highly-regulated activities.
Rather than relying on consent, the GDPR also permits processing which is necessary for compliance with a legal obligation to which the controller is subject and (2) processing which is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
Some areas of financial crime prevention are clearly for the purpose of complying with a legal obligation. For example, in most countries there are clear legal obligations for monitoring financial transactions for suspicious activity to fight money laundering. The European Data Protection Supervisor stated in 2013 that anti-money laundering laws should specify that "the relevant legitimate ground for the processing of personal data should… be the necessity to comply with a legal obligation by the obliged entities…." The 4th EU Anti-Money Laundering Directive requires that obliged entities provide notice to customers concerning this legal obligation, but does not require consent be received. And the UK Information Commissioner's Office gave the example of submitting a Suspicious Activity Report to the National Crime Agency under PoCA as a legal obligation which constitutes a lawful basis.
Very few commentators have attempted to cite a legal authority for anti-fraud legal obligations. The Payment Services Directive 2 (PSD2) requires that EU member states permit personal data processing by payment systems and that payment service providers prevent, investigate and detect payment fraud. But PSD2 has its own requirement for consent and this protection may fail without adequate implementing legislation in the relevant jurisdiction. Another possible angle is that fraud is a predicate offense for money laundering, and therefore the bank has an obligation to investigate fraud in order to avoid facilitating money laundering.
"Legitimate interests" are also permitted as a basis for processing. However, this basis can be challenged where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Financial institutions may not feel comfortable threading the needle between these ambiguous competing interests.
However, the GDPR makes clear that several purposes related to financial crime should be considered legitimate interests. For example, "the processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest" and profiling for the purposes of fraud prevention may also be allowed under certain circumstances. It is also worth recognizing that many financial market crimes such as insider trading, spoofing and layering are oftentimes prosecuted under anti-fraud statutes.
Compliance with a foreign legal obligations, such as a whistle-blowing scheme required by the US Sarbanes-Oxley Act, are not considered "legal obligations," but they should qualify as legitimate interests.
While legal obligations and legitimate interests do not cover all potential use cases, they should cover most traditional financial crime processing. Some banks have been informing their clients that a legal obligation justifies their processing for AML and anti-fraud. Others have included legal obligations and/or legitimate interests as potential justifications for a laundry list of potential processing activities.
Financial institutions should use the remaining days before GDPR's effective date to provide the correct notifications to data subjects and confirm that their processing adequately falls under a defensible basis for processing. And with this basic housekeeping performed there is hopefully little disruption to their financial crime and compliance operations.
The financial services industry has witnessed considerable hype around artificial intelligence (AI) in recent months. We’re all seeing a slew of articles in the media, at conference keynote presentations and think-tanks tasked with leading the revolution. Below Sundeep Tengur, Senior Business Solutions Manager at SAS, explains how in the fight against fraud, AI is taking over as a dominant strategy, fuelled primarily by data.
AI indeed appears to be the new gold rush for large organisations and FinTech companies alike. However, with little common understanding of what AI really entails, there is growing fear of missing the boat on a technology hailed as the ‘holy grail of the data age.’ Devising an AI strategy has therefore become a boardroom conundrum for many business leaders.
How did it come to this – especially since less than two decades back, most popular references of artificial intelligence were in sci-fi movies? Will AI revolutionise the world of financial services? And more specifically, what does it bring to the party with regards to fraud detection? Let’s separate fact from fiction and explore what lies beyond the inflated expectations.
Why now?
Many practical ideas involving AI have been developed since the late 90s and early 00s but we’re only now seeing a surge in implementation of AI-driven use-cases. There are two main drivers behind this: new data assets and increased computational power. As the industry embraced big data, the breadth and depth of data within financial institutions has grown exponentially, powered by low-cost and distributed systems such as Hadoop. Computing power is also heavily commoditised, evidenced by modern smartphones now as powerful as many legacy business servers. The time for AI has started, but it will certainly require a journey for organisations to reach operational maturity rather than being a binary switch.
Don’t run before you can walk
The Gartner Hype Cycle for Emerging Technologies infers that there is a disconnect between the reality today and the vision for AI, an observation shared by many industry analysts. The research suggests that machine learning and deep learning could take between two-to-five years to meet market expectations, while artificial general intelligence (commonly referred to as strong AI, i.e. automation that could successfully perform any intellectual task in the same capacity as a human) could take up to 10 years for mainstream adoption.
Other publications predict that the pace could be much faster. The IDC FutureScape report suggests that “cognitive computing, artificial intelligence and machine learning will become the fastest growing segments of software development by the end of 2018; by 2021, 90% of organizations will be incorporating cognitive/AI and machine learning into new enterprise apps.”
AI adoption may still be in its infancy, but new implementations have gained significant momentum and early results show huge promise. For most financial organisations faced with rising fraud losses and the prohibitive costs linked to investigations, AI is increasingly positioned as a key technology to help automate instant fraud decisions, maximise the detection performance as well as streamlining alert volumes in the near future.
Data is the rocket fuel
Whilst AI certainly has the potential to add significant value in the detection of fraud, deploying a successful model is no simple feat. For every successful AI model, there are many more failed attempts than many would care to admit, and the root cause is often data. Data is the fuel for an operational risk engine: Poor input will lead to sub-optimal results, no matter how good the detection algorithms are. This means more noise in the fraud alerts with false positives as well as undetected cases.
On top of generic data concerns, there are additional, often overlooked factors which directly impact the effectiveness of data used for fraud management:
Ensuring that data meets minimum benchmarks is therefore critical, especially with ongoing digitalisation programmes which will subject banks to an avalanche of new data assets. These can certainly help augment fraud detection capabilities but need to be balanced with increased data protection and privacy regulations.
A hybrid ecosystem for fraud detection
Techniques available under the banner of artificial intelligence such as machine learning, deep learning, etc. are powerful assets but all seasoned counter-fraud professionals know the adage: Don’t put all your eggs in one basket.
Relying solely on predictive analytics to guard against fraud would be a naïve decision. In the context of the PSD2 (payment services directive) regulation in EU member states, a new payment channel is being introduced along with new payments actors and services, which will in turn drive new customer behaviour. Without historical data, predictive techniques such as AI will be starved of a valid training sample and therefore be rendered ineffective in the short term. Instead, the new risk factors can be mitigated through business scenarios and anomaly detection using peer group analysis, as part of a hybrid detection approach.
Yet another challenge is the ability to digest the output of some AI models into meaningful outcomes. Techniques such as neural networks or deep learning offer great accuracy and statistical fit but can also be opaque, delivering limited insight for interpretability and tuning. A “computer says no” response with no alternative workflows or complementary investigation tools creates friction in the transactional journey in cases of false positives, and may lead to customer attrition and reputational damage - a costly outcome in a digital era where customers can easily switch banks from the comfort of their homes.
Holistic view
For effective detection and deterrence, fraud strategists must gain a holistic view over their threat landscape. To achieve this, financial organisations should adopt multi-layered defences - but to ensure success, they need to aim for balance in their strategy. Balance between robust counter-fraud measures and positive customer experience. Balance between rigid internal controls and customer-centricity. And balance between curbing fraud losses and meeting revenue targets. Analytics is the fulcrum that can provide this necessary balance.
AI is a huge cog in the fraud operations machinery but one must not lose sight of the bigger picture. Real value lies in translating ‘artificial intelligence’ into ‘actionable intelligence’. In doing so, remember that your organisation does not need an AI strategy; instead let AI help drive your business strategy.
