John Culkin, Director of Information Management, Crown Records Management
The EU’s new General Data Protection Regulation moved a step closer recently when MEPs voted in favour; how will it affect the financial sector?
The honest answer is that we are still waiting to find out – it could be well into 2015 by the time the regulation is enshrined in law; and inevitably the fine details are likely to change once national regulators and governments become involved.
But the initial indications are it could have a big impact on the financial sector, even affecting customers and their data that reside outside of the EU. Interestingly, the “data” discussed is not only electronic but also includes paper records, which is another consideration. And the setting up of a new umbrella Data Protection Agency will be watched very closely.
What do you see as the biggest challenges it could provide?
The devil is in the detail and depends on what makes it into legislation and is applied around the EU. But a requirement for all data breaches to be reported is a particular challenge.
At the minute there are no common guidelines as to exactly what constitutes a data breach e.g. staff viewing certain data; and yet the financial punishments – and the potential reputational damage – for reporting mistakes are significant.
The rules at present are simply not clear and there are fundamental questions to be asked. Leaving sensitive customer data on an usb stick on the tube is obvious enough but is leaving a customer’s name and address on a photocopied sheet on a desk at lunchtime a breach? Where is the line going to be drawn?
Banks will also be interested to know how far up the chain responsibility lies. If a small subsidiary or a small company owned by a larger one incurs data breaches, where does the responsibility stop?
Sanctions discussed so far are based on annual enterprise turnover; and with the apparent anti-City feeling in the EU the climate may not be favourable to watering this down.
Who are meant to benefit from these new regulations?
It’s intended to be the consumers; but I’m not entirely convinced. The regulations could actually increase costs, which are inevitably passed onto to consumers. The speed of progress on the matter since 1995 is not encouraging effective planning and retroactive changes are always more expensive to implement.
In your experience how well prepared are banks at present?
The banks are probably technically more than capable if the rules are clear and concise; which of cause they may not be. It may not be clear what constitutes customer data for instance. For example is data from social networks customer data or public data? What about customer service or sales data – does it need anonymising? The bigger challenge, however, is the culture change required – one that says the customer is all powerful and effectively is the owner of their data.
The ‘Right to be Forgotten’ for a customer has been much discussed and seems to be at the heart of new regulations; does this provide another huge challenge for the financial sector?
I believe it does. The regulation is likely to only apply to websites or marketing data rather than customer service records; but once the principle of the ‘right to be forgotten’ is enshrined then there is no end to the way it can be implemented.
The cost implications for all sectors could be huge if customers have a right to call and demand information is destroyed; it could lead to whole departments being set up to deal with such requests.
You can draw comparisons to the Freedom of Information Act, drawn up with good intentions by the Government but which now costs local councils millions of pounds as they are required to service FOI requests.
Imagine the cost implications for major banks as millions of customers demand to know what information is stored and choose what is deleted. How far back will documents have to be searched? And what about cross references in documentation? Where many customers are mentioned should some be redacted or the whole document destroyed? Again, we are watching the developments very closely.
The laws are likely to include a requirement for all organisations to employ Data Protection Officers. In your experience are businesses is the financial sector prepared?
The first thing people are asking is – will it be a designation or an actual role? Can our CIO not take it on? Can it be out-sourced to a company like Crown Records Management? Clearly if it requires an entirely new role then training and qualification will become an issue and there are, once again, cost implications.
As it stands there are plans for fines of up to five per cent of worldwide turnover for those who breach the rules. How is that being received?
These are big figures and could drive down competition when the lower-cost providers decide the EU is not worth the risk if they have large business interests in the Americas or Asia. Also, it would be difficult to ascertain how serious a breach should warrant a globally-based fine, especially if it only affects a single set of customers in a subsidiary in one country for example.
Interestingly, businesses that are issued with a valid ‘European Data Protection Seal’ would face immunity from fines unless the breach was “intentional” or involved “negligent incompliance”. But who provides the seal and what must be done to receive one is not yet clear.
So what would you say the general feeling is in the financial sector about these proposed regulations as it stands?
I would say people have put their heads in the sand hoping it won’t happen or that if it does, it is significantly diluted; and the likelihood is that will be the case. But even so there is also significant public backing for the principles behind these regulations – so this may only be the start of changes and not the end of them. There has never been a greater need in this industry to be prepared for significant change in information management and to be prepared to take advice.
Futureproofing Your Credit Management Now
By Marieke Saeij, CEO, Onguard
The pandemic has forced a shift in day-to-day operations for the majority of businesses. In particular, finance teams have found themselves attempting to balance long-term growth with the need for resumption of payments from current customers.
Growth depends largely on answering the funding requirements of customers who need finance, while payments rely on customers emerging from payment freezes, often requiring ongoing help. The first half of the year saw digital transformation accelerate under the economic pressures of the pandemic as organisations sough to achieve rapid efficiency gains and underpin business continuity. With so many potential unknowns continuing to affect customers, finance teams must now focus on one critical area – future-proofing their credit management.
This is a critical initiative. Finance and specifically, credit management, concerns the entire organisation and in tough times, will be crucial to survival.
A three-pronged approach is required to ensure growth by transforming credit management for the future. It consists firstly of the implementation of a data-driven strategy, secondly on increasing automation and deployment of artificial intelligence (AI), and thirdly, on retaining the personal touch.
Future-proofing with your data
The advantages of being a data-driven organisation are increasingly appreciated. It is why more than three-quarters (68 per cent) of finance professionals in the Onguard 2020 FinTech Barometer, said their organisation is already undergoing digital transformation.
Credit management founded on data insights can help to reduce the days sales outstanding (DSO) and allow credit managers to create a better understanding of risk profiles. Identifying payment patterns from the data produces better risk analyses and the ability to anticipate trends. The finance team is more rapidly alerted to the first signs that a customer will not pay, for example. Staff can then step in to resolve the situation, approaching the customer to discuss invoice payment. Data analysis will also predict a prospective customer’s expected growth, chance of bankruptcy or payment behaviour. This is not a capability many organisations currently have without laborious use of manual methods.
Once they have these insights, finance departments can better advise management at the strategic level, elevating their role within organisations. But finance professionals’ insights may also help other colleagues. One such example is sharing risk information with account managers, which will allow them to better calculate whether or not to approach a customer for upselling or new business.
Yet despite all the discussion of digital transformation, most organisations still only use a portion of their available business data. This is as true in credit management as any other area. According to the Barometer, only seven per cent of executives think their own organisation is already data-driven. It means the focus in credit management, as in other departments, must be on exploiting an organisation’s existing data riches because this is the most efficient and cost-effective route to becoming data-driven.
Start with your own and move to third-party data when you need to
Businesses should start by using data from their own consumer base, such as their customers’ payment behaviour. This is not only more cost-effective, but risk profiles based on an organisation’s own customers can reveal more about future customers than data from other companies. The risk profile scores based on internal data will therefore have greater predictive value.
External data can be expensive, as pointed out last month (July) by McKinsey, but its use can strengthen an organisation’s own data resources, bringing a wider understanding of the market that makes for better decision-making. An organisation can combine internal and external sources as it evolves to best suits its needs.
The gains from this hybrid approach are tangible and come as enhanced sales, improved products, better finances and more targeted marketing, supplying a better service that boosts satisfaction levels and leads to improved relationships.
Automation and AI
No discussion of future-proofing can take place without consideration of robotic process automation (RPA) and artificial intelligence (AI). RPA automates the hugely repetitive manual tasks in credit management that involve collection and collation of masses of data and divert skilled employees from more valuable work.
AI, however, is the group of technologies with more far-reaching potential, making smart use of all available data. It links everything from CRM and ERP system data, to all the cogs in the order-to-cash process. This includes linking accounts receivables management with data about customer acceptance and e-invoicing. AI integrates these processes, transforming efficiency and delivering new insights through its analytical power. For finance departments it will also link with recognised parties that provide credit information, as well as payment service-providers and an automatic payment processing solution.
This, however, is only the starting point. AI’s predictive capabilities help minimise non-payment risk, support the forecasting of cashflow and advise on follow-up actions. This includes, for example, whether individual customers will respond better to phone calls, or when there is no alternative to commencement of collection proceedings.
Using individual insights based on consumer history, AI can even help identify the best time to contact specific customers. This will this dramatically improve operational efficiency and if customers are approached in the right way, at the right time, will enhance relationships and bolster retention.
The personal touch
Although the future of credit management will hinge on effective implementation of the right technology, the importance of personal relationships must not be neglected. A future in which all contact with customers is automated will soon become unprofitable in credit management, where personal relationships are all-important.
It must be recognised that no two customers are the same and each needs to be taken on their own terms. Although data provides insight into overall payment patterns, it does not reflect the totality of the relationship with the customer. A credit manager, for example, might know that a single call is all it takes to trigger payment from a certain customer. Yet as much as AI will achieve, it still lacks the emotional intelligence to pick up on these kinds of nuances and subtle differences in character that make a difference.
This matters because customers will soon switch providers when service-levels drop or if they start to feel they are just being treated as a number.
One of the ironies, however, is that if an organisation has the right credit management solution, it will understand more about the customer and have a firmer basis for effective person-to-person interaction. If you know more about a customer, saying the right things to obtain the outcome you want is easier. This means finance professionals need to adopt a hybrid approach that combines the best data-driven tools with a heavy degree of personal involvement. This is the most reliable way of ensuring optimal performance, profitability and customer satisfaction.
There is nothing more fundamental to business than getting paid, but times are changing and data-driven credit management is undoubtedly the future. There can hardly be any argument about it. Basing decisions on data insights generates far better outcomes, delivers a substantial edge on competitors and injects agility into a team.
If another global wave of virus-outbreaks or other sudden disruptions strike the world economy, organisations need to be as agile as possible, ready to meet the challenges with credit management that is already future-proof. That requires becoming data-driven and the adoption of proven automation and AI. Yet reliance on technology alone will not guarantee success. Organisations must continue to recognise the importance of human interaction with customers, who may want to see a face or hear a voice when times are tough.
Alongside the implementation of solutions that deliver results quickly and cost-effectively, organisations need a hybrid approach, that uses the best of the conventional world and adapts it to the data-driven future.
Risk Mitigation vs. Risk Avoidance: Why FIs Need to Maintain Risk Appetite and Not Place All Bets on De-Risking
De-risking aims to protect financial institutions from the increasing pressures placed by regulators and threats, associated with clients operating in high-risk GEOs and market segments. Agnė Selemonaitė, board member of ConnectPay, states that FIs should not focus entirely on de-risking to mitigate all potentially dangerous prospects, rather strive to continuously improve their tools for risk control and consider dividing the market among banks and EMIs for more strategic risk management across the entire sector
October 22, 2020. The payments sector has always been under the microscope in terms of regulatory compliance. Now, with a number of scandals and compliance discrepancies, financial institutions have responded in a growing trend of terminating accounts deemed high-risk—a process also known as de-risking. While in the risk management space the term describes hedging against precarious exposures, within the payments sector it has become synonymous with avoiding risks.
Since the financial crisis of ’08, FIs have been hit with approximately $36 billion of non-compliance fines. The significant growth corresponds with the ever-tightening AML/CTF rules, as well as the general tendency of policies becoming more and more strict. With a continuously toughening regulatory environment, financial institutions are less inclined to take on dubious clients and would rather eliminate any viable threats than risk getting fined by the regulatory authorities. Agnė Selemonaitė, board member of ConnectPay, emphasizes that while de-risking is necessary, it should not become the basis of the entire approach to how financial institutions tackle risks.
Although de-risking has been gaining traction in the payments sector, it is important to disclose the shortcomings associated with the practice. The case of Malta, a EU country bordering the Mediterranean sea, is a good example of how strict de-risking policies can impact the payments landscape and alter a country’s image on a global scale.
Maltese FIs have been under mounting pressure from the European Central Bank, as well as local regulatory authorities due to a significant number of ambiguous industries thriving in the country. For instance, the gaming sector accounts for 13.2 % of Malta’s overall economic activity. Called out to re-evaluate their risk profiles and strengthen AML and CFT strategies, FIs chose to not risk sky-high fines, rather terminate riskier customer bases. This has pushed many businesses to direct their payments to out-of-country vendors, while Maltese institutions lost trust due to unbalanced de-risking.
“Now, businesses operating in higher-risk markets are hesitant to rely on a single regulatory jurisdiction to mitigate risk exposure in terms of payments security. Yet provider diversification leads to missing out on a number of benefits, for example, potential discounts, offered due to high payment volume associated with a client,” explained Agnė Selemonaitė. “We’ve noticed this tendency amongst our own clients too. Many are being overly cautious and choose to carry out only a small fraction of payments, fearing for things to take a similar turn, as it did in Malta, and become the ones deemed high-risk.”
“However, higher turnover helps to better mitigate client-specific risks. For instance, the more vendors from any given corporate group are onboarded, the more we can learn about the payment behaviors in their industry, and, consequently, introduce better risk controls to prevent ML, TF and other threats to clients’ funds.”
Ms. Selemonaitė notes that hasty de-risking could contribute to other issues as well, like the growth of the shadow market. “The higher number of such accounts are rejected, the more inclined they become to look for alternatives to continue their business,“ she adds. “In a way, de-risking might increase the very thing it aims to mitigate for a more transparent market.”
That is why it is crucial for governments to establish a clear position on where the entire country stands in terms of risk tolerance. “Regulators implement changes that are passed down to them by the government. If the latter clearly communicates their stance beforehand – there is less room for distrust and ambiguity from the business’s perspective too.”
Selemonaitė argues that FIs should retain a healthy risk appetite and pool more resources into controlling dubious activities, rather than rely solely on de-risking as the basis for risk mitigation. “De-risking is a necessity – we have leveraged the practice ourselves. However, we are more focused on enhancing our overall risk control capabilities.”
She also raises the idea that sharing the market between banks and EMIs may be even more reasonable in terms of keeping risks at bay. “EMIs are more agile and prone to technology innovation, this allows them to have laser-focus on a single sector and become experts on its common threats. Thus deliberate market division creates the conditions for more strategic risk management across the sector.”
According to her, encouraging a dialogue between the regulators, fincrime watchdogs, market players and other institutions is equally important, as they determine the ins and outs of de-risking. Selemonaitė notes Lithuania’s State Tax Inspectorate (in Lithuanian – VMI) initiative as one of the examples of encouraging back-to-back communication: instead of handing out fines for possible compliance violations, they reported them back to the companies and gave a timeframe to address the issues. “In 6 years, this helped cut down on the auditing almost twice, as well as increased general trust in VMI, which rose from 25 to 75 percent, showing just how important it is to maintain a direct line of communication between regulators and regulatees.”
The TMNL initiative in the Netherlands is also a good example of how consistent dialogue can pave the way for more efficient and transparent process control. Following the initiative, banks are working closely with government parties, such as the Ministries of Finance and Justice and Security, to combat threats related to AML/CTF compliance via real-time transaction monitoring network.
“A joint approach on detecting suspicious patterns enables to take a firmer stand towards mitigating risks, emphasizing the point that, essentially, this is a two-way street: further growth and security in the sector depends on both sides’ efforts to keep communication open and transparent.”
Overall, refusing to work with certain customers or markets focuses only on avoiding risks. As she summarized, “the main goal should be not to shy away, but to increase the capacity to control risks on your own terms.”
Cash and digital payments – a balancing act to aid financial inclusion
By Matthew Jackson, Head of Partner Development, EMEA at PPRO
The cashless debate is one that continues to spark both conversation and controversy. The pandemic, which has seen many merchants discourage the use of cash to limit the spread of the virus, has accelerated these discussions. M-Pesa, a Kenyan mobile money transfer service, for example, waved its fees to support the move away from cash during the pandemic. Today, many global economies are now questioning whether they should continue to offer cash payments or go cashless by converting solely to digital. Critics say this move would disenfranchise unbanked, cash-dependent consumers and does not drive financial inclusion, while others claim that a failure to go cashless limits innovation in the fintech sector. So, what exactly is the answer?
The solution lies somewhere in the middle.
The truth is cash and digital payments don’t have to be mutually exclusive; this is not a zero-sum game as the two payment options can exist together. According to recent PPRO data, over half of US and UK consumers will stop the checkout process if it is too complicated or their preferred methods are not available. Consumers prefer having multiple payment options, whether it be using a bank transfer, a credit card, a mobile wallet or even cash. Payment flexibility is a crucial factor in offering a seamless checkout experience. Some shoppers never carry cash while others view cash as the only way they want – or are able – to pay.
The key is for merchants to offer a personalised experience for each and every consumer.
The future of cash
Despite a seemingly rapid shift towards digital payment methods, cash is not going anywhere. Many regions across the globe are tied to cash-based payments. For example, in Latin America, 21% of e-commerce transactions are completed by cash. Via cash vouchers, many consumers are able to access the global, online marketplace: at the checkout page, consumers are shown a barcode for their order. They then take this barcode (either printed or on their mobile device) to a local convenience store or bank and pay in cash. At that point, the goods are shipped. Even here in the UK, approximately 1.3 million UK adults are classed as unbanked, exposing the large number of consumers affected by any ban on cash.
Cash is often preferred for a plethora of reasons: It can be easier to use cash for smaller purchases, older consumers may be wary of digital payment methods, and avoiding credit can help shoppers stay within budget.
Conversely this year, Bristol was revealed as the contactless capital of the UK, with London leading the way when all card payment types were considered. Tottenham Hotspur’s brand new stadium was also the first stadium in the UK to go completely cashless in a bid to provide the best possible fan experience. The stadium claims fans can now expect increased service speed, shorter queue times and better hygiene as staff won’t be handling cash. With many other venues following this trend, merchants must be able to provide multiple options to consumers or risk excluding part of the market.
Ensuring inclusivity with digital payments
Financial inclusion is not just limited to offering cash payments. Each region has its own nuances that influence consumer payment preferences. Consumers want to pay with the payment methods they are comfortable with; a majority of online shoppers will abandon their cart and purchase items on another site if they aren’t offered their preferred way to pay.
Local payment methods serve as the bridge to connect shoppers with merchants across the globe.
A great example of this is the rise of the mobile payment method M-Pesa in Kenya. According to PPRO research, more Kenyan consumers have a smartphone (60%) than a bank account (56%). Payment innovations have helped solve consumer needs and enable financial inclusion by turning a smartphone into a virtual bank account. Similarly, in southeast Asia, GrabPay, which started out as food delivery and on-demand taxi app, has evolved into a leading payment method used by 115 million consumers across the region. These sentiments resonate in the UK as well with 45% of UK consumers believing cash will be a thing of the past in just five years.
Striking a balance
Whatever the way forward, ultimately payment methods need to enhance the consumer shopping experience and a combination of both cash and digital payments is a way to enable this. For many regions the lines between cash and digital payments continue to blur. For example, in Argentina, Mexico and Brazil, cash-based payment methods like RapiPago, Oxxo and Boleto Bancario give many cash-dependent consumers a chance to shop online. Merchants must come to realise that cash can actually complement many digital payment methods, not necessarily restrict them.
To be able to continue to satisfy the needs of all consumers, merchants need to understand the factors driving consumer behaviors around the world and offer the specific local payment methods to fulfil those needs. In some cases, this is cash and others a digital method. Having a choice is what will not only drive inclusion but also increase sales around the globe. Innovation does not necessarily mean cashless, but rather the industry creating solutions to solve consumer needs.
How technology has made us communicate better in crisis
By Pete Hanlon, CTO of Moneypenny COVID-19 has taught us a lot. We have embraced technology, some might say, survived...
Futureproofing Your Credit Management Now
By Marieke Saeij, CEO, Onguard The pandemic has forced a shift in day-to-day operations for the majority of businesses. In...
Will covid-19 end the dominance of the big four?
By Campbell Shaw, Head of Bank Partnerships, Cardlytics Across the country, we are readjusting to refreshed restrictions on our daily...
Why cybercriminals have ‘Gone Vishing’ during the COVID-19 Pandemic
More than 215,000 vishing attempts in the last year alone As new coronavirus restrictions look set to confine much of...
Risk Mitigation vs. Risk Avoidance: Why FIs Need to Maintain Risk Appetite and Not Place All Bets on De-Risking
De-risking aims to protect financial institutions from the increasing pressures placed by regulators and threats, associated with clients operating in...
Using AI to identify public sector fraud
When it comes to audits in the public sector, both accountability and transparency are essential. Not only is the public...
Five golden rules of recruitment
Former investment banker and entrepreneur, Connie Nam, discusses five ways in which basing your recruitment process around understanding a candidate’s...
Using data analytics to improve SME cash flow and treasury management
The pressure facing SMEs this year is widely known, and they are looking for ways to improve their cash flow...
Why dependency on SMS OTPs should not be the universal solution
By Chris Stephens, Head of Banking Solutions at Callsign In our day-to-day lives, SMS one-time passwords, also known as OTPs, have...
The chosen one
By Jesse Swash, Co-Founder Design by Structure. The lessons for the future lie in the past. The same truths still hold. This time...