General Data Protection Regulation is an EU directive that requires entities that store and process consumer data and uses consumer data for the commercial purposes to give ownership of the consumer data to the consumer and gives them the right on how their data are being used.
GDPR is a regulatory environment which requires institutions to disclose the use of consumer data and to protect customer data privacy. Until now, the GDPR discussions have primarily focused on compliance requirements. However, for the open banking sector, this will open the door to innovative new business models for the better future.
There are currently two regulatory changes that are transforming the retail banking sector in the EU. GDPR and open banking have set the standards for how the financial data of customers are supposed to be handled.
Open banking is the European Union’s directive that requires banks to release data to third parties on the request of a customer. According to this directive, a customer could make their banking data available to third parties to execute financial transactions on their behalf.
Banks have traditionally viewed the protection of customer data as their responsibility. Data sharing tends to be risky in case of financial services and are subject to regulation and risk management. If done well, it can deliver the high level of data security through identity validation, fraud detection. At the same time, customer transparency and customer data control must remain at the centre of the table.
This will open an undividedly new run for retail banking keeping the customer in the centre. The market will be extremely competitive as the significant customer data will be beneficial for marketing and analytics.
If traditional banks do not keep up, the extreme competition will push them back in the market. This will eventually result in the fewer margins than the rivals.
These changes will eventually put banking in a position to go for machine learning where it may become a necessity for their survival in the twenty-first century. Banking can go with automation with the help of data science and machine learning, but the outcome (decisions are taken on behalf of customers) has to be explainable. There are certain limitations where algorithms can be applied.
While it seems unavoidable that open banking will result in loss of control by participating in larger profit pool by creating new service propositions including predictive analysis, machine learning and artificial intelligence to enhance financing to provide consumers with better business offerings. At the same time, this might restrict the entry of new businesses with a smaller scale.
Banks need to pay much attention to open their legacy systems to the third party through API; however, it is equally valid that third party service providers need to operate under the banking regulatory environment. If seen a positive side, a critical success factor for all parties will be their ability to ensure and secure the reliability of their service, protection of customer data privacy throughout this process.
It would be unfair to say that retail banking is not familiar with data science and its implications. Banks are using data science and machine learning in various aspects of customer service (chatbots), forecasting and for various documentation purpose. The increasing number of customer interactions, every bank has developed capabilities in data analytics, credit rating, fraud analysis, customer classifications and segmentation and many more. Moreover, if traditional banks are not quick enough to cope up with latest trends and take advantage of the customer data they have, they might soon start struggling to compete with technologically competent companies using agile work methods.
It will be up to member nations’ regulatory authorities how to interact and balance between GDPR and PSD2 (Payment Service Directive). This means the relevant data protection supervisor will enforce GDPR and financial regulators will be responsible for enforcing PSD2. The excellent collaboration is must between the respective regulators to ensure that both the regulations do not conflict with each other.
So far PAD2 is concerned, in addition to obtaining the consent from the customer, it will also require to have security measures to protect customers’ account data and transactional security. Besides, all participants of PSD2 will have to comply with new rules on strict customer authentication and a secure way of communication.
The open banking implementation entity has designed a dispute management system for the banks in case of consumer complaints, disputes and fraud. This scheme is voluntary and not just open to the member nations of open banking.
The regulation is not formed to replace the current legislative process or the existing government policies or agreement between the concern parties. This model does not provide any liability model, but on a positive note, it is at least a step forward to the road ahead.
GDPR poses a challenge to the traditional retail banking, but it can open new doors to the data science application. GDPR will push the retail banking industry towards better data security and use of customer data integration providing an excellent gateway for data science projects.