The EACB is an umbrella association of (national associations of) co-operative banks. The EACB members currently use consumer data in different ways. They combine internal and external sources of data with a view to gathering information (also influence by regulatory requirements) and for improving the provision of banking services.
The types of customer data depend on the purpose they are used for, as well as on the specific situation on national markets. For example, processing of credit applications requires other data compared to mailings or other marketing activities. In addition, banks operating in France may use for the same purpose other types of data than banks conducting their activities in Finland. Based on the data mentioned in the EBA’s Discussion Paper, we would list the following data as being most used:
- ID details, such as first and last name, citizenship, nationality, place of birth, date of birth, age, gender, marital status, number of children and/or dependants, education
- data from the contractual relationship with the customer,
- transactional data (e.g. for payment orders, security orders) and transaction history,
- data from various credit agencies,
- contact details (telephone, email, etc.),
- data used for (mandatory) reporting purposes (AML, KYC, BCBS239, etc.),
- customer relationship history or customer service,
- online, mobile and behavioural data,
- campaign responses
- data from external parties (statistical office, car registry, national population registry office, terrorist financing/fraud/financial sanctions lists etc.).
Financial institutions rely for a large part on own data sources, with a heavy focus on data from the contractual relationship with the customer and account opening. An important problem sometimes posed by processing of those data is its availability only in the physical form on paper. External data sources such as the Central Credit register or other private credit assessment systems however, are also used (See above). Good examples are data sources that allow banks to verify information (governmental or private) in the area of AML, financial sanctions or fraud.
Financial institutions use consumer data most to fulfill the contractual relationship with the customer by having an insight into buying habits and their preferences e.g. for credit worthiness assessments. Based on that knowledge financial institutions can better target their product/service development, develop their risk management and risk prevention (eg. early intervention) policies, fraud intervention and take process automation decisions. In addition, ID data and payment patterns are used to fulfill legal requirements (eg. Anti Money Laundering, terrorist financing measures, freezing of accounts, reporting requirements) .
The EACB believes that data volumes and the use of new sources of data (Internet of things, sensor data, social data, data partnerships) will grow exponentially in the coming years and that data analytics will become an important battle ground for business.
To be competitive, financial institutions will have to and be allowed to improve the efficient use of consumer data. The aim is, inter alia, to:
- improve customer services and product quality through data analysis,
- From ‘next best offer’ to cross-selling and up-selling, the insights gained from big data analytics allows marketing professionals to make more accurate decisions. Big data analytics allows banks to target specific micro customer segments by combining various data points such as past buying behavior, demographics, sentiment analysis from social media along with CRM data. This helps improve customer engagement, experience and loyalty, ultimately leading to increased sales and profitability.
- to optimize credit checks and scoring,
Existing scoring methodologies assess credit worthiness based solely on a customer’s financial history. However, in order to ensure a more comprehensive assessment, credit scores could also include additional variables such as demographic, financial, employment, and behavioural data. By using advanced predictive analytics based on these additional data points, banks can significantly enhance their credit scoring mechanisms. FinTechs such as Kreditechs or Zest Finance have proven that it is significantly better to use a wider range of data, such as social media, than to focus on a narrow, often based on correlations or literature assumptions, dataset. These innovators are basing their models on the simple assumption that historic behaviour may be one leading indicator for future trustworthiness, but they weight the current behaviour much higher within their scoring methodology
- to anticipate consumer needs and provide customers with the right offer at the right time through the right channel via personalised and automated services and products.
- For example, banks can use transaction and propensity models to determine which customers have a credit card or mortgage that could benefit from refinancing at a competitor. This additional information can then be used when the customer contacts the bank through one of the various channels such as online, call center or branch channels. Furthermore the target picture for banks should be that the various in- and outbound channels can also communicate with each other (e.g. a customer, who starts an application online but doesn’t complete it, gets a follow-up offer in the mail or an email to set up an appointment at a physical branch location).
The EACB also observes a necessity - to avoid distortions of competition -to protect the databases of credit institutions, which have been built up over decades with considerable investments and which enjoy copyright protection. These databases are owned by the banks and must therefore not be opened to third parties for free.
It is becoming very challenging for financial institutions to track and identify all legal requirements on the mandatory deletion of data and to implement such processes in the ever increasing complexity of the core banking systems.
Furthermore, the defence against misuse of data remains a main issue, as well as protections against external intrusions on banking systems. Such threats will continue to pose a challenge regarding the ever increasing costs for data security as well as a significant reputational risk for financial institutions.
Yes, all in all, the benefits have been described appropriately.
However, it must be kept in mind that the data processing in financial institutions is in many cases needed by law, eg. to combat money laundering. This causes high costs. In addition, it must be ensured that the databases of banks will remain protected and not be opened to third parties (for free).
Besides, a standardised set of documentation that is required to fulfil the regulatory requirements EU wide would therefore help to avoid having to prepare the same information several times, should the consumer have accounts in multiple EU jurisdictions.
The currently existing national data protection law and the planned future General Data Protection Regulation (GDPR) set limits of the use of customer data. Of course, these limits can not be overruled by any requirements that the EBA could develop. Having said that, the EBA could support the European Banking Industry by evaluating the intensive use of customer data by credit institutions as useful and beneficial for both for the improvement of the customer relationship and the business operations of the bank. Such an opinion of the EBA could be used by banks as a part of a data protection balancing of interests to legalize certain data processing.
Furthermore, the work of the joint banking supervisors should not create new, special and restrictive requirements for the use of customer data by financial institutions. There must be a level playing field in the use of customer data between FinTechs and banks.
Looking into the technical side of barriers, the legacy IT infrastructures of financial institutions can create technical barriers to progress. Some old infrastructures are bottlenecks for banks in putting relevant information to innovative use. While regulatory requirements led to punctual improvements of the data infrastructure and system architecture, a more structural approach is needed to reap real benefits such as the additional revenue, product quality and cost reduction mentioned in the discussion paper. Also, data collection and the innovative use of those data was originally not necessarily in the banks’ core focus, which means that the quality of data that banks have is not necessarily the right one. The following challenges would have to be implemented in advance:
3. Modelling and simulation
6. Storage, streaming, security and processing
Each of these disciplines is tackled within separate data infrastructure hubs. Connecting each hub and reasoning the data gives a holistic picture on the consumer. As a further result, all available data has to be structured to make it further useful for analytics, modelling and simulation models. FinTech companies have the advantage that they start with a new infrastructure, which means that they do not have to adjust (and invest) to already existing rules.
Finally, organisations also face in some cases a limited skill set with regard to e-privacy issues.
Since financial services providers which are non-financial institutions (eg. FinTechs companies) are not held to the same high standards as financial institutions, and in particular banks, consumers may experience higher risk of breaches to their privacy by the less regulated institutions. Consumers may not be able to distinguish between financial institutions and simply financial services providers. This risk could be mitigated by applying the same standards for all institutions processing personal and financial data, regardless of the commercial sector the processing institution belongs to.
In addition, while advancements in the space of consumer data can make financial services faster and more convenient, foster competition in the marketplace and reduce costs, they can also increase security and resilience risks in the underlying IT infrastructure if they are not implemented with due diligence. Novel risk assessment methods may pose some prudential issues, as they were not tested by the assessment. The same can be applied on relying on Big Data as a source of data for preparing risk assessment.
In order to consent competition on financial products such as mortgages or loans, data collected in the Central Credit Register or private credit assessment systems of each Member State should be made available to the financial institutions operating within the Single Market regardless country of origin.
And finally, data is presently only passively recorded through transactional payment or account data. With the implementation of the PSD2 legislation the risk of having third party provider’s (TPP) hiding the consumer transaction, is limiting the ability of a bank to correctly interpret the customers need and the ability to support businesses.
Customers are often not aware that third parties have access to their account. Here more transparency should be applied.