The credit industry is gearing up to be rocked by three major regulatory changes to the financial services sector in the next 12 months. Eric Crabtree, global head of financial services at IT solutions company Unisys, explains how to adapt to the new regulatory environment
The European General Data Protection Regulation (GDPR) and the second Payment Services Directive (PSD2) will force all institutions to treat customer data with the utmost care or face potentially ruinous fines. Meanwhile the Competition and Markets Authority (CMA) has also mandated that by 2018 all financial services providers must offer their customers the ability to manage their products, regardless of provider, via a single mobile application of their choice. This means that, despite the strictures of GDPR and PSD2, lenders must make their data open to each other's platforms.
A rock and a hard place? Perhaps, but not insurmountable. The industry is already coming up with solutions to the challenges, and we are seeing how these innovations will revolutionise every aspect of credit.
Technology and data science innovations are being talked about in terms of creating loyalty and competitiveness at the front end, but in fact they will affect every aspect of the business all the way through to predicting risk and even incorporating artificial intelligence into collections strategies at the back end.
GDPR combines updates to the age-old data protection regulations with a global community. It is a set of rules and guidelines around how you gather information about customers, how you store it, for how long, how you move it around, how you export it within and outside Europe and what you do with it. Its main aims are to make sure customers maintain some control over their personal data and some assurance that it is being handled right. This could mean that outsourcing collections work overseas to reduce costs is suddenly not so easy.
This will be compounded by PSD2, which exists to regulate payment services, increase competition in the payments industry and level the playing field. This, combined with the CMA's ruling on making products available on mobile, is where open source banking becomes inevitable in every boardroom's agenda.
While all this sounds like a risk and compliance nightmare for the industry, it is all good as far as the customer is concerned. They will get more choice of products and providers, a fairer marketplace, and more control and safety for their personal data.
So how can we give them this? Every director around the boardroom table will be asking their own versions of this question. Product directors will ask how they can widen market share and create new products; sales and marketing directors will be asking how they can differentiate from the competition; chief technology officers will be nervously asking how their infrastructure will cope; compliance and risk directors will be panicking about how to interpret the regulatory guidelines without risking massive fines, and chief executives/chief financial officers will be rubbing their hands together at the prospect of the immense rewards for getting it right.
Tech to the fore
One fact is certain: nobody can afford to sit in the status quo - that would be unsafe in the new regime. Everybody needs to do something, and this is where the industry is looking to tech providers to answer their problems.
Nobody has all the answers yet, but those who are moving quickest and conducting the most proactive reviews and changes are the ones who see this as a business and corporate challenge, not just a risk or compliance problem.
As one example of where tech is already making a difference but simultaneously setting a tough challenge, the adoption of biometrics to authenticate customers is rapidly becoming mainstream. Fundamental ID info, all of which will be stored as individual customer data, has far reaching issues if compromised. Under GDPR, businesses have to consider where they'll be in couple of years, what sort of new data they'll be gathering, setting themselves up to store info they don't currently store. A lot of old-school lenders in the market simply won't be geared up to think about this.
The solution, therefore, is not simply technology: it's fundamentally a business consideration at a strategic level. It will require a complete overhaul of culture and way of thinking, not just plugging in a new piece of kit.