Martijn Hohmann, CEO and co-founder, Five Degrees 

The regulatory landscape

Banks and financial institutions are facing a myriad of regulatory challenges. Since the financial crisis of 2008, regulation has increased exponentially creating large volumes of complex rules for banks to follow and adhere to.

 Legislation such as the General Data Protection Regulation (GDPR) and the Second Payment Services Directive (PSD2) are re-shaping the way banks think about customer data.

GDPR regulation, effective from May 2018, is designed to align data privacy laws across Europe. The rules are reshaping the way organisations control data privacy as a way of protecting and empowering end-users across Europe.

At the same time, the Second Payment Services Directive (PSD2) requires organisations to open their payments infrastructure and customer data assets to third parties, provisioning for more flexible payment services for their customers.

The challenge for big banks

The implementation of the GDPR and PSD2 provides an opportunity for banks to review and renew their data storage and security protocols, and to increase customer confidence.

However, these new measures are creating technological and strategic challenges for banks to overcome.  Meeting these challenges requires a high level of operational planning, a clear focus on assessing and managing risks, and meticulous execution. Furthermore, banks will need to transform their infrastructure if they are to truly align with legislation.

Becoming GDPR compliant is an evolving challenge for traditional banks. The biggest hurdle towards achieving this is changing the way that customer data is stored.

Traditional big banks are using a variety of legacy systems which contain customer data. These systems operate in silo from each other which makes it difficult to have full visibility of operations at any given time.

For example, if a customer requests a bank to remove their data, the customer agent only has visibility and access to their own service function. This prevents the agent from being aware of additional products that could be storing the customer’s data. If these products are overlooked there is a high risk of GDPR non-compliance and large financial penalties.

PSD2 also presents a need to tighten up security protocols as banks are obligated to provide APIs to third parties. Without the necessary IT systems integrated into banking processes, financial institutions will struggle to facilitate complete access to customer data.

Digitisation to overcome regulatory hurdles

For banks to safeguard against non-compliance, they must put measures in place to consolidate their siloed operations. The only way to do this is for banks to fully digitise and centralise their data storage, and separate customer and product data.

At the same time, digitisation will mean that banks won’t need to ‘re-invent the wheel’ and provide bespoke changes to their processes every time a new piece of legislation comes into effect.  By digitising fully, banks will be able to establish a standard protocol for data processing, which will improve consistency and reduce errors.

A digital platform can help banks log customer requests and actions in a structured way, delete and manage data more efficiently, and improve security.  This makes it easier to provide better control over how data is managed, and secure access to APIs by third parties.

Our partnership with BillPro, a leading payments provider, is testament to the PSD2 compliant initiative we are provisioning for on a global basis. The partnership will make it easier for fintech companies to collaborate with banking and technology partners, enabling international businesses of any size to access cross border banking services and build their own financial products.

Future-proofing banking

It’s essential that banks not only future-proof their technological processes but they ensure that this is carried out on a human level. Banks must ensure that staff with responsibility for handling data requests receive appropriate training and that colleagues are aware of who should handle such request as a way of minimising human error. Training should be updated regularly, and all new staff need to receive data protection and training as part of their induction, reinforced with written procedures to demonstrate the protocols and policies are in place.

For banks to future-proof their operations they must go above and beyond what is prescribed and outlined in new and existing legislation. Banks must embrace digital transformation across their entire business ecosystem. This will ensure that they have a full and comprehensive overview of their data to manage and report effectively. At the same time, enhanced levels of security will enable banks to open up their APIs much faster.