Study: Fear of data breaches stifling bank innovation

According to research by consultancy firm Accenture, called “Privacy in Financial Services: Stature and Sustainability in the Information Age,” companies tend to tackle privacy, security, and data risks separately, which can mean risk management responses are fragmented, controls are ineffective, and commercial opportunities are lost.

Part of the problem is firms are more concerned with guarding themselves against the impact of a data breach than realizing any financial benefits of using the data and are more likely to put resources into protecting the customer data they have than use it to tailor specific products and services that might benefit clients.

Indeed, some 76 percent of the 100 North American and European privacy executives working in financial services firms that responded to Accenture’s survey said their organizations planned to increase their privacy investments this year, but the consultancy warns the lack of a clear strategy could hinder these investments.

“Consumers are willing to share information if there’s value in it for them, whether personalized offers, better services, or more competitive pricing. Firms that understand how customers perceive and value data privacy have a clear opportunity to differentiate themselves.”

Ben Shorten, Managing Director, Strategy & Consulting Group, Accenture

Accenture found that while nearly three quarters of firms use consent to gather customer data, they are afraid to leverage that information due to privacy compliance concerns: In fact, 87 percent of respondents said their firms experience delays in sales as a result.

The fear of being on the receiving end of a large fine under privacy legislation is part of firms’ reluctance to mine customer data. The study found 70 percent of respondents say the European Union’s General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA), which both enable consumers to request what information firms hold on them as well as delete data no longer relevant, have elevated privacy compliance to such an extent it is now considered a “key material risk.”

When asked which privacy risks will require the most effort to remediate over the next year, respondents most often cited privacy risk monitoring (51 percent), the accuracy and maintenance of records processing/information asset registers (44 percent), and records management and data retention/deletion (41 percent).

The report says while three-quarters (76 percent) of respondents plan to increase their privacy investments over the next year, companies without a clear privacy strategy could fail to reap the expected value from these investments—while those that create clear strategies and infuse a culture of privacy awareness across their organizations will differentiate themselves and build consumer trust.

In addition, as firms increasingly focus on demonstrating ethical and responsible use of data in their artificial intelligence and machine-learning algorithms, a new class of privacy risks related to data ethics could emerge. This presents another opportunity for firms to build consumer trust by providing greater transparency around automated decisioning models and introducing ethical guiderails for the use of personal data.

Ben Shorten, a managing director in Accenture’s strategy and consulting group, says institutions “should think beyond the compliance risks” and consider the broader opportunity to elevate the customer experience around privacy.

“Consumers are willing to share information if there’s value in it for them, whether personalized offers, better services, or more competitive pricing. Firms that understand how customers perceive and value data privacy have a clear opportunity to differentiate themselves,” he says.