As a financial institution, in the last few years, we have been performing some activities with the aim to improve our ability to contact and serve our clients in a more effective way thanks to the use of innovative tools and methodologies (e.g. real-time communication tool to address clients, which is enabled by Big Data streaming architecture, and real-time scoring relying on Machine Learning Libraries in a Big Data Environment).
In our Bank the retail and commercial banking areas use mostly personal and payment data from our internal transactional system, provided compliance with applicable rules/laws is ensured. This with the aim to understand specific aspects of our customers’ behaviour, in order to obtain the whole picture from a marketing or customer relationship management (CRM) point of view.
Basically the most useful types of data to define our customer’s financial behavior are:
a. Master Data - contact details (address and contact data: mail, mobile phone, etc.).
b. Account data (ID details such name and surname, citizenship, nationality, etc.)
c. Customer’s contact history (record of contact channels (e-mail, call center, etc.) used with customers during dedicated commercial campaigns)
d. Transactional data (cards, money transfer, payment, POS, etc.)
e. Cross selling purchases
f. Profit figures
g. Brokerage account activity
h. Loans and Mortgages.
Financial institutions rely mostly on internal sources, because these are considered more complete, secure and controllable, such as, for example, payment data from our internal transactional system.
Whenever possible, financial institutions may use consumer data from external sources according to national and EU laws and regulations (e.g. privacy and bank secrecy regulation).
An example of external sources are public databases, which provide data at an aggregated level (e.g. at territorial level); also other types of private databases provide data at single company level. In addition, other external sources can be third-party data providers, such as external assessment bureaus, commercial/financial info providers and “clickstream” information providers (e.g. UniCredit sites surfing analysis).
The most common purposes for which consumer data is used by financial institutions (compliant with the applicable local laws) are:
a. Credit Scoring
b. Customer Care
c. Next best product (or next best offer) suggestions
d. Retention, churn prevention
e. Targeting Campaigns
f. Customer profiling
g. Pricing Models
h. Cross selling
i. Omni-channel approach
j. Existing and new product/service monitoring
k. New product/service development
l. Evolution of business analysis (non-structured data management included); and
m. The time to market before selling the right product to the right customer at the right moment.
We believe that the use of consumer data will further enhance the customer centricity of the banking activity. The capability to process a high amount of information related to their own customers’ behaviour could allow banks to compete with other peers and players, by offering far more customized products according to customer’s digital experience and related needs.
We also believe that in the near future the use of external sources (social, internet and mobile logs, data management platform, Internet of Things, geo localization through Mobile Phone Cells or GPS, Beacons, etc) will grow at a fast pace, and even more sophisticated analytical methodologies (such as emotional marketing analysis, sentiment analysis, customer journey analytics) will be developed. This scenario would allow financial institutions to create even more targeted and timely offers for customers.
We believe that the above mentioned scenario will take place in order to meet the high expectations of increasingly demanding customers, in terms of bespoke offers (custom-made offer) at the right moment (real time approach).
In addition to the potential benefits already included in the Discussion Paper, we suggest to add a point related to new sources of revenues for financial institutions. In fact, financial institutions could leverage on their strong skills in protecting" customers’ data, in order to expand their businesses by offering electronic "personal identification services" (e.g. electronic signature, transactions, certified registry info) to their customers."
Rather than pointing out at specific barriers that prevent financial institutions from using consumer data in a beneficial way, we would like to highlight - also in line with the position of the European Banking Federation - that the current regulatory framework should be further improved, in order to make it fit with the new financial digital reality and new technologies.
In fact, the regulatory framework should allow financial institutions to make the most out of consumer data (based on consumer’s consent, when required), using existing innovative technical tools, as well as those that will be available in the very near future (as previously illustrated in Question 5 above).
Finally, it is important to highlight that international financial institutions face obstacles when they need to share or transfer data of their customers between different legal entities within the boundaries of their Group, due to inconsistencies among different national laws and regulations.
Additional important aspects could be incorporated to the potential risks listed in the Discussion Paper, such as:
a. The economic impact along with negative consequences on reputational risk that financial institutions should face in the event of ICT security incidents (e.g. data leakage/breach/loss that may compromise the security of the information).
In fact, the costs that financial institutions must bear, due to the corrective actions incurred to recover from ICT security incidents, may have negative effects both at tangible (economic losses and extra-costs) and intangible (reputational impact, loss of trust from customers, etc.) level. Hence, the above mentioned effects of a data breach or leakage justify the relevant amount of ICT investments linked to cybersecurity, in order to foster and improve the systems’ security to prevent and protect financial institutions from potential cyber threats.
Also, due to the implementation of the stronger provisions established in the upcoming General Data Protection Regulation and the Network and Information System Directive, Financial Institutions will have to set a more robust security system, as well as sound IT and organizational measures, in order to ensure data and system’s security.
b. The risk due to the availability of a high number of data that could lead financial institutions to make wrong decisions, if such data were not properly analysed.
It is important to ensure that the analysis of the “right” data leverages on new paradigms and processes, such as Big Data supported by cognitive computing and High Performance Computing technologies.
c. The risk related to the use of electronic identification (e-ID) and its related authentication processes with reference to new technologies and new players in the market. We believe that uniformity and harmonization of both authentication processes and cross border incident management at EU level could allow to mitigate such risks.
The digitalization of the economy has put financial institutions in the position to use consumer data in an innovative way. The risks identified in the Discussion Paper can be observed on a daily basis and are constantly growing both in importance and frequency.
Such risks threaten enterprises’ security, regardless of their size and nature of their business and dimension: the numerous cases of corporate data leakages recently disclosed demonstrate the pervasive nature and continuous evolution of these risks.
It is important to bear in mind that adequate both preventive and reactive measures have to be properly implemented by Financial Institutions, in order to contain the risks affecting an Enterprise and/or an Individual customer.