To navigate the perfect storm of financial services and privacy regulation, we have a common challenge. Both lenders and Credit Reference Agencies (CRAs) need to explain effectively and consistently to both regulators and customers how they use personal data when making decisions about consumers.
Intelligent use of data has long been a critical success factor in our industries. However, the opportunities are now greater than ever, with the proliferation of market and customer data, and the commoditisation of analytics technologies.
Critically, access to data can help lenders comply with financial services regulations, which demand that customers are treated fairly at all times. Based on a comprehensive view of a customers’ financial situation, lenders can offer them products that are appropriate and affordable. Credit applications can also be processed without bias, and customers who get into financial difficulty can be properly supported.
New financial services regulation
While the financial services regulator requires lenders to understand their consumers in more detail, major shifts in the regulatory landscape are set to impact institutions of all kinds.
The new legislation making the biggest headlines is the upcoming EU Data Protection Regulation, which was originally drafted to address data privacy issues in social media.
When the new rules come in, perhaps as early as 2015, consumers will have new powers, including potentially the right to delete their personal and financial records on request (sometimes known as the ‘right to be forgotten’). Penalties will also be much tougher for companies who experience data security breaches, or who fail to put the required data governance in place.
Navigating the ‘perfect storm’
The question is how to successfully navigate the axis of financial services and privacy regulations. Paradoxically, financial services regulations require lenders and CRAs to do more with customer data, while privacy regulations potentially restrict how organisations can use it.
To meet both requirements, lenders and CRAs must effectively communicate their shared reliance on customer credit data to regulators, both for making responsible lending decisions and for mitigating financial risks. There should be effective lobbying across the industry to ensure that the final draft of the privacy regulations is not too broad, and that rules are targeted specifically at sectors such as social media where consumers receive little or no benefit from the use of their personal data.
Secondly, lenders need to radically rethink the way that they communicate with customers with regard to how their personal data is used. Specifically, institutions must be very clear about when they are genuinely asking a customer’s permission to use personal data and when they are relying on another one of the grounds for processing which the law allows. In all circumstances, they must be completely transparent about how customer data will be used and communicate this clearly to customers in the terms and conditions of contracts and policies.
Thirdly, lenders and CRAs must inform customers about how their data is protected and how they can address any queries or grievances. Established processes already exist for resolving customers’ issues with their credit records, for example, and they should always know where to get help if they need it.
As a leading CRA, Experian welcomes any kind of new legislation that protects consumers’ rights and we are extremely conscious of our responsibilities in terms of how data is managed, processed and shared with lenders and regulators. That’s why we’re preparing early for the new privacy rules and urging our customers to do the same.
As a key part of our preparations, we are building transparency into every facet of our data policies and evaluating how we communicate the benefits of our data sharing practices with customers and regulators. Time’s running out, though, so if you’re planning to take similar measures, you might want to get started.