2008-2018, two turning points for the financial services sector

10 years after the last financial crisis, a new upheaval in banking

It’s been 10 years since the global financial crisis, considered by many to be the worst since the great depression. New regulations like the Banking Act of 2009, the FSA Remunerations Code, Know Your Customer (KYC), accompanied by stress tests, have been put in place in this decade to prevent future failure and protect customers.

10 years on, and banks are facing an imminent and much-needed restructuring. They have new regulatory challenges GDPR and PSD2. Just like 2008 became “Day Zero” and a turning point for banks, 2018 will mark an unprecedented technological upheaval that will be the starting point of “true digital banking”.

Banks will be stretched during their compliance journeys. Another great difficulty for banks that haven’t been mentioned enough is that the demands of PSD2 (further sharing of data) and GDPR (further protection and privacy of data) can be seen as contradictory, so banks need to navigate both regulations cautiously, otherwise they may find themselves in a Facebook-esque data confidentiality scandal.

Indeed, there are lessons to be learnt from Facebook. One would be consumers, regulators and governments are becoming savvier about data privacy. The second would be banks do not have a lot of time to get prepared before the GDPR deadline passes on May 25th, 2018. Finally, organizations are not solely responsible for the confidentiality of their customers’ data, it is a shared responsibility between a business and its customer.  

There is a big opportunity, however, because GDPR compliance would go a very long way to secure customer trust. Banks should start seeing the benefits of compliance quite quickly: better customer retention, faster route to revenue and enhanced product and service innovation.

To master future opportunities, banks have to master their data first.

Banks and customers share responsibility for data confidentiality

The new regulations will have a direct impact on day-to-day operations for banks. On one hand, PSD2 will force banks to open up their archives on customers’ spending data. The idea is to offer customers a better banking experience, up to par with what they have come to expect in with Amazon and Uber.

On the other hand, GDPR forces banks to ensure the privacy of the data they are holding for their customers. They will need to show consumers they are managing customer data efficiently, and are able to erase customer data when asked to do so. If banks do not comply they will incur substantial fines. However, customers will need to be responsible as well and understand what data they are providing to banks and how financial services firms will be using their data.

The European Banking Association (EBA) said in a report 55% of banks in Europe expect an increase of operational risk in the next 12 months. Managing customer data and analysing it well in compliance to PSD2 and protecting the privacy of customer data as required by GDPR will result in a sharp increase of customer trust.

Regulators are able to call for ad-hoc reports now, in addition to the regular quarterly and annual ones. Currently, the complex IT structures found within banks do not help them providing ad-hoc reports, and do not pay sufficient attention to data privacy. Clear and quality reporting is based on three things, data quality, quantity and actionability of the insights provided in the reports. How can banks manage not only compliance, but excellence, in a short period of time?

A suggestion to improved data management would be to add a middle layer into IT systems that would wrap around all core IT systems, bringing them together and condensing all systems of record into one layer. Adding an extra layer on top of core IT systems would be much faster than a complete overhaul of their systems some banks are contemplating. It can also bring in extra benefits such as providing new insight which could improve revenue, widen profit margins and ensure efficiency.

This could meanwhile 2008 was the year people distrusted their bank more than ever, 2018 might be the year that trust returns if compliance is efficiently handled.

Compliance and communication are major challenges

Ensuring data confidentiality is a worldwide issue for businesses. As we saw with the Facebook and Cambridge Analytica scandal, governments, regulators and ordinary citizens take data privacy very seriously. Compliance is a complex, data-related problem. Adding a middle layer in IT systems will allow banks to combine data quality, quantity and actionability and make them compliant with upcoming regulations. It would also avoid spending additional resources in overhauling their core IT infrastructure.

Beyond a data issue, banks need to educate their customers about the potential of their data: seven out of ten consumers are not comfortable sharing their data with third-party organisations. Customers should also be told that their data is also their responsibility and be able to understand, in simple terms, how their data is being used by banks.

10 years after a catastrophic financial crisis, banks are now pre-emptively placed in a “controlled crisis” by regulators, which will enable them to seize the opportunities of the digital age, help them to regain the customer trust and ready them for further restructuring of the sector.

In the end, this could be the year both consumers and banks may get to win.