The GDPR bogeyman is now preoccupying bankers in the U.S.
The EU’s General Data Protection Regulation (GDPR), which took effect in May of last year, gives customers the right to know what data institutions keep about them, the right to demand that institutions delete personal data and the right to be forgotten. So far, it’s only affecting U.S. banks that do business in the EU, but U.S. banks and financial services companies are coming to terms with the fact that similar regulations likely will take effect on their home turf.
“We have institutions and advisers having a debate about this,” said Bob Miller, vice chairman and CEO of Private Client Resources, a company that offers wealth aggregation and data management solutions for private banks, advisers and trust companies. “They are doing the right thing because of the inevitability of GDPR-like legislation here in the U.S.” Miller spoke as part of SourceMedia’s InVest event in New York this week.
A customer’s personal financial data is the cornerstone of any relationship a bank or financial company has with its clients. Bankers increasingly are looking to drive more revenue from customers through insights and product suggestions, but the use of personal data brings forth questions of how to use data in a transparent way and still hold the confidence of the customer.
For U.S. Bank, the customer’s need to know is crucial. “Monetizing data inherently is not a problem,” said Timothy Nagle, chief privacy officer and associate general counsel at U.S. Bank. “Basically, it is done to derive insight and understand trends so that we can develop products and services for customers to better anticipate their needs. Have we fully disclosed what we’re collecting and how we’re using it? Does the customer feel they have control over how we’re using that data and that we’re using that data responsibly?”
Essentially, customers need to know what happens to their data, said Philip Watson, head of the global investment lab and chief innovation officer at Citi Private Bank. “Clients want to be safe and understand how the company they’re operating with [is using the data], what are the controllers of the data and how processors of the data are going to use their data,” he added.
Despite customer concerns around data privacy, the unique aspect of financial services is that the quality and relevance of advice institutions offer customers is based how much data customers share with their financial services provider, explained Lowell Putnam, head of partnerships at Plaid. As a result, regulatory requirements like the GDPR can be seen as new lever to build trust with customers, he noted.
“Financial institutions touch the most intimate parts of our lives and yet basically have the lowest brand integrity,” Putnam said. “We can view privacy as an opportunity to try and build more trust and rebuild all of our brands.”