TARGET Working Group response to the ESMA Discussion Paper – The Distributed... EBF comments to IRS and US Treasury Dept regarding the implementation of Section...
EBF advisor: Noémie Papp
Publication date: 4 August 2016
- Consumer data has been at the heart of the banking business model for a long time and it affects every level of banking activity. The large majority of data used, processed and collected by banks aims at improving the customer experience and satisfying customer needs, complying with legal and regulatory requirements and risk management (e.g preventing fraud and moneylaundering) as well as contributing to the business performance of banks.
- Confidence in banks as trusted parties is essential for their reputation, a fact which adds to the efforts and investments put into maintaining and improving setups ensuring the safety of customer data.The future performance of the financial industry will very much depend on the ability of financial institutions to use customer data, the interaction of that data with banks’ products and services, and most importantly, the ability of banks to maintain the existing level of consumer trust.
- Policy-makers should adopt a holistic approach and ensure that EU regulation is adjusted to the digital reality for financial services as well. The focus needs to be on regulating the activities rather than the institutions that offer them. This is not a call for new regulations but rather for adjusting, simplifying, removing obstacles and inconsistencies and modernising the EU regulatory framework.
- The recently adopted General Data Protection regulation (GDPR) is one of the most advanced regulatory frameworks in the world regarding personal data protection, with high standard safeguards for consumers and their data. It applies to any company that controls or processes personal data of natural persons who are in the EU. In the EBF’s views, there is no need for the EBA to take any further measures specific to the financial sector, especially bearing in mind the wide-ranging application of the GDPR. Privacy and data protection issues should be ruled by sector-neutral regulations. However, in its regulatory capacity, the European Banking Authority (EBA) should ensure through engagement with data Protection Authorities and the Article 29 Working Party, that measures to protect consumer’s data should be taken for any party that offers financial services and that is involved in accessing, storing, treating and managing consumers’ data, regardless of whether it is a traditional banking business or not (and therefore not normally falling within the EBA’s remit).
- The importance of having an appropriate competitive environment with a level playing field among all the different players which would ensure wide-ranging high standards and, in turn, enhance consumer trust, should be a key reason for ensuring that not only banks have to comply with high standards to be able to use personal data. Moreover, if such an environment is not ensured then banks will not be able to compete on an equal footing in the new digital era where data is the driver of business (e.g. ensuring high standards of data quality while at the same time being pushed for data portability at a price that does not reflect the true value of the data stored at banks can lead to a competitive disadvantage and a negative impact on the banking industry and their customers).