John Riley, Senior Engagement Manager at global brand experience consultancy Prophet, offers three opportunities GDPR will offer the financial services industry.
May 25th, 2018 is almost here and nearly two years after the European Union’s 2016 announcement, the regulation partially designed to put individuals back in control of their personal data will come into force. And shortly in the wake of #DeleteFacebook and the Cambridge Analytica scandal, most banks and insurers are breathing a sigh of relief. After investing millions of pounds in GDPR compliance, appointing a Chief Data Protection officer and wrangling with legacy data systems, reporting and handling, most financial institutions feel prepared for GDPR D-day and potential smug compared to some of their counterparts in the tech world.
In many ways, GDPR has been a blessing in disguise for financial firms. After years of data negligence in the wake of the financial crisis, GDPR has forced banks and insurers to reckon with their housing and handling of customer data. From rationalising and streamlining a patchwork of legacy systems to a bias towards collecting vs. leveraging reams of data without a clear use in mind, in many ways, the EU’s controversial regulation is a blessing in disguise for CIOs and CTOs across the continent and beyond.
But the positive story shouldn’t end there. In the two years since the EU’s GDPR accountment, much of focus has been on compliance. Consulting firms, the accountancies, law firms and technology compliance experts have written extensively around how financial firms can be on the right side of the regulation – and avoid the potentially crippling fees for non-compliance. But it’s not all bad, and relatively little has been written about the opportunities GDPR represents for the future of financial services. So here I outline 3 opportunities for banks and insurers in the wake of GDPR:
1. Let’s start with improved data quality, including the ability to have a single view of the customer across data sources. From enhancing marketers’ ability to understand their consumers and target them more efficiently and effectively, to the ability to truly understand which existing customer truly provide value (and how one might target more consumers like those), the access to higher quality data focus around people (rather than products or policies) provides immense opportunities. General Motors has long ago realised the value of this 360-degree view of the customer through their DMP Project 360 – which brought together this view and enhanced the automaker’s ability to better serve customers across internal departments and the full customer experience. Insurers are notoriously bad at looking at the customers as an amalgamation of policies rather than people. They should relish the opportunity to enhance their GDPR compliance efforts with building people-orientated data management.
2. When it comes to innovation, the enhanced data quality and customer engagement required by GDPR, as well as the open banking directive, PSD2, should open whole new areas for products, solutions and services for banks. The success of firms like Revolut, Monzo and Transferwise have shown that there are clear unmet needs for consumers that the high street banks continue to fail to meet. Data – the lifeblood of these fintechs – has always been in plentiful supply at banks. GDPR makes that data infinitely more useful (better structure, more accurate, and more transparent AND creates an impetus for banks to actually ask consumers what they really want in exchange for that data. With these new assets, the banks no longer have any excuse. From streamlining cross border accounts, international transfers, and connectivity to banking adjacent services such as financial advice and wellbeing (and beyond!), the double whammy of these regulatory changes should accelerate, what has already been a fast changing industry in the UK.
3. Finally, when it comes to brand and reputation, GDPR provides a point in time opportunity to prove they deserve consumers’ trust. Institutions that try to sneak past May 25th – those that make as little noise as possible and barely comply with the regulation – will be leaving a massive opportunity on the table. Those that embrace this change – and champion their efforts to help move the EU towards a more ethical data future – will be demonstrating that they value their customers, their data and are leading rather than being led by the regulators. MasterCard stands out in this regard by proactively creating data portals where consumers can see all the data being tracked by the company – in a clear and easy to understand way. This is not to say that they are promising to never have customer data issues in the future, but rather that they are taking data protection seriously, valuing privacy and transparency and doing the best they can. Samsung proves a great example of how building good will during the good times provides a reputational buffer when things get tough.
So, as you make your final preparations for the end of May – review the final email text to your customers, run the final technical and compliance checks and conduct your last audits – remember, the journey is just beginning. GDPR is likely just the beginning of how the 21st century’s data revolution will continue to change the context in which financial firms must operate. Focusing not just on how to keep up and comply, but how to stay ahead and flourish will separate the banks and insurers of the future vs. those who will be left behind.
