Data

How US banks are preparing for the GDPR

  • U.S. banks and financial companies that operate in the EU or serve EU-based customers will soon need to comply with regulations that give customers control over how their data is used
  • The biggest challenge for banks is to track where customer data has been shared and to develop protocols to meet consent requirements
close

Email a Friend

How US banks are preparing for the GDPR

The race is on for banks to comply with the GDPR, the European Union’s landmark data privacy regulation.

On May 25, EU companies will no longer be able to collect and use personal data without the individual’s consent, under the General Data Protection Regulation. U.S.-headquartered banks and fintech companies with global operations are anxiously preparing to comply with the new rules, anticipating a time when U.S. customers will demand the same protections from their home institutions.

GDPR applies to any organization operating within the EU, as well as those located outside of the EU which offer goods or services to customers or businesses in the EU. “Personal data” can include basic personal identifiers like a name, photo, email address or bank details, as well as things like posts on social networking websites, medical information or computer IP addresses. Customers have the right to a copy of the data institutions keep about them, as well as the right to be forgotten, or demand those institutions delete that data.

“[GDPR] requires all companies that process personal data to be more diligent with data protection,” said Aite senior analyst Ron van Wezel. “Also, the Open Banking Initiative in the U.K. as well as the directive in the EU require banks to share their data with third-party providers, if the customer gives their consent to do so — the trend in Europe is clearly that customers get firm control of their data.”

For U.S.-based banks with a global reach, it opens up questions about how to handle EU customer data and make sure they obtain customers’ consent to collect and hold their personal information.

“Most of the [financial] institutions are getting to know the basics very well; they’re embarking on large data discovery projects and examining the legal basis for holding the data,” said Shane Nolan, svp of technology, consumer and business services at IDA Ireland, an Irish government agency that advises U.S.-based companies expanding to the EU. “In some cases, the bank may have data they may have acquired from a third-party marketing company and data could be related to prospects.”

Data ownership and usage is already an increasing concern among everyday consumers thanks to the growing number and size of data breaches that have occurred over recent years, including the massive Equifax breach last summer that compromised data of 145.5 million consumers. The time is right for financial institutions to open direct discussions with customers about data, according to Rivka Gewirtz Little, senior director of product marketing at NICE Actimize, a technology firm helping U.S. banks meet GDPR requirements.

“Institutions need to start that conversation with their consumers and educate them about what they do with their data,” she said. “Use of data [to prevent] financial crimes isn’t the same thing as data collection for marketing.”

In recent years, banks have seen customer data as an important intelligence source for personalized marketing offers or customer experiences. U.S.-based bankers are increasingly aware of the necessity to acquire customer data while balancing privacy concerns of customers. But banks need to go back to the subjects to confirm their consent to hold the data. Companies that don’t comply with GDPR risk between 2 and 4 percent of their revenue.

The biggest challenge for large banks is understanding where their data is stored, which vendors may have accessed it due to contractual obligations and how to stay compliant with the consent rules, as prescribed by the GDPR. It’s easier for fintech startups, however, which are unburdened by legacy systems.

“Different companies are at different stages — everybody has to do the discovery process, and the downstream effect is that this is going to be an ongoing process, a continuous feedback loop that becomes part of the fabric of how they do business,” said Baber Amin, who works at the office of the chief technology officer at Ping Identity, a company that offers identity and access management solutions for banks.

U.S. bankers are watching their European counterparts, anticipating a day they themselves lose their monopoly on customer data to merchants and retailers like Amazon (with customers’ permission). They’ve been working to get ahead of their own regulators when it comes to creating data exchange standards, knowing it can take 18 to 36 months to get a framework in place. It’s better that banks prescribe those standards themselves than let outsiders, such as regulators or giant retailers slowly encroaching on the financial services industry, come in and do it for them, according to Kevin Kohut, global API strategy lead at Accenture.

“If we don’t do it now organically, with everyone cooperating and collaborating, then at some point, some entity — government or otherwise — will order us to do it,” Kohut said. “And they may or may not prescribe the best way to do it.”

0 comments on “How US banks are preparing for the GDPR”

Data

‘Financial providers need actionable insights, not raw data’: Credit card company Petal spins off B2B data unit, Prism Data

  • Petal is a fast growing credit card company that uses bank history, not traditional credit scores, to make underwriting decisions.
  • The company is spinning off its technology to serve other players in the industry.
Zachary Miller | April 27, 2021
Data, Member Exclusive

‘We’re going to go where we need to go to solve the customer problem’: Inside Mint’s renewed push into personal finance

  • Mint was a pioneering personal finance app that faded to the background over the years.
  • After years of learning, corporate owner Intuit is out with a new update and strategy to expand beyond the firm's 25 million users.
Zachary Miller | March 19, 2021
Data, Member Exclusive

With income verification product, Plaid goes deeper into payroll data

  • Plaid launched Plaid Income, its income verification solution for lenders and consumers.
  • The product is the company’s second payroll data solution as it continues to expand into payroll related services.
Rimal Farrukh | March 12, 2021
Data

With Deposit Switch, Plaid helps banks better onboard their customers

  • Plaid announces the release of its automated account funding program, Deposit Switch.
  • Deposit Switch reduces friction during onboarding processes by allowing bank customers to digitally switch paycheck locations.
Rimal Farrukh | January 29, 2021
Data, EarlyStage, Member Exclusive

‘There are 400 million people in sub-Saharan Africa that don’t have formal credit files’: Pngme’s Brendan Playford

  • Africa is seeing the launch of a lot of new financial services and fintech.
  • That provides an opportunity for companies like Pngme to standardize and support financial data sharing.
Zachary Miller | January 05, 2021
More Articles