Consumer data privacy is more important than ever for financial services providers, especially in an era where data is migrating to the public cloud and providers are hyper-focused on culling data for stronger personalization.
But as long as big data breaches make headlines, trust in firms to protect data is eroding—and that erosion has a cost. Accenture’s “Data Privacy: A platform for building trust-based relationships in financial services” reports that large, private sector firms could lose an estimated $5.2 trillion in value creation opportunities over the next five years due to eroded trust in our digital economy.
Industry groups, led by the Business Roundtable, a trade association representing over 200 CEOs from leading U.S. companies are seeking common ground at a national level regarding a framework for consumer rights and data privacy. We hope a national privacy law emerges from this effort, in the interim, financial institutions should expect to face overlapping legal compliance requirements and potential litigation risk.
Building the foundation
Financial services firms should start by assessing how information enters their organization and how it lingers within applications. Likewise, they should examine the complexity generated by unstructured data sources over decades of organic and inorganic growth. Firms that can grasp their customer data challenges in innovative ways can differentiate themselves in a competitive marketplace.
Many institutions in the U.S. have put frameworks in place to respond to large-scale legislative requirements, such as the European Union’s General Data Protection Regulation (GDPR). These can be repurposed with a focus to proactively build stronger client relationships, and with an emphasis on five core capabilities:
Establishing a control framework
Each function has a role to play in a data privacy transformation, but all functions should be aligned in terms of business strategy and execution. As for the three lines of defense, each has a specific area of focus their senior stakeholders and teams should be paying attention to during the transformation.
- First line of defense: Business and operational management can help keep the focus on the consumer while dealing with near-term priorities such as how the business can process data access requests.
- Second line of defense: Those directly responsible for risk management can coordinate privacy policies and associated controls related to data collection and information request procedures, while providing a sustainable and suitably high-touch advisory model for the business going forward.
- Third line of defense: Audit functions should broaden their focus on privacy to properly address the expanded scope of programs and controls going forward, and to prioritize the items for management attention.
Beginning the transformation
In today’s data-rich business environment, financial services firms have an opportunity to seize. Through a comprehensive framework, and existing data privacy structures and processes, they can create more transparent, trust-based relationships with clients.
Why stop at mere compliance? Financial services firms can design a holistic approach that lets them create a differentiated, customer-focused outcomes.