Ed Wallen is the CEO of C&R Software, whose mission is to humanize collections via its esteemed cloud-native, end-to-end platform.
Cloud platforms, software and services are providing financial institutions with the flexibility, scalability and economies of scale needed to compete in today’s markets, but the trend toward cloud-based IT is happening alongside two other trends that require consideration and management:
• The desire of businesses to do more with their data.
• Rising consumer and governmental concern about data privacy and security.
All over the world, with the EU in the lead, governments are becoming concerned with consumer data privacy and protection. The U.S., a laggard in data privacy, is finally starting to move in that direction, with most U.S. states heavily influenced by the EU’s GDPR, the General Data Protection Regulation, a “rights-based” approach that treats data privacy as a fundamental human right and emphasizes the ownership and control of personal data by individuals. That said, the central tenet of the GDPR contrasts sharply with the traditional U.S. regulatory approach of preventing and punishing harm done to consumers through unfair business practices.
This begs the question: Is complying with rights-based regulation all that different from complying with harm-based regulation? In most cases, no. What financial institutions (FI) must do to uphold consumer personal data rights and what they must do to prevent harm to consumers amounts to pretty much the same thing—at present, at least.
Although cloud-based services have made it much easier to access a wide range of data from both internal sources and third parties and to combine diverse data in innovative ways, rights-based thinking combined with growing public apprehension about data privacy seems to be contributing to the expanding scope of regulatory oversight. It may also increase the likelihood of enforcement actions and stiffer penalties.
With that in mind, here are three practical steps FIs can take now to stay ahead of the rights-based wave and mitigate compliance risks.
1. Modernize your tech.
Too many FIs are still operating with a range of technology systems, which makes it difficult not only to protect consumers’ data but even to know where it is and how it’s being used. Combine that with the range of state laws, and you’ve got a recipe for compliance disaster. If you’re not using modern IT platforms, software and tools, you’re exposing your organization to untenable risk. Given the continued rapid technological and regulatory change, no FI can afford to continue taking such risks.
2. Identify your compliance vulnerabilities.
Don’t just follow regulatory guidance, such as the three examples of data privacy and protection best practices (MFA, password management and system updates) in the CFPB Circular 2022-04. While helpful, these guidelines aren’t meant to be prescriptive or comprehensive. Instead, perform your research into what companies that are leaders in data privacy and protection are doing.
Look at well-established security standards, such as the NIST Cybersecurity Framework and ISO 27001. Use these advanced practices as a benchmark for identifying gaps between what your company is currently doing and what you could be doing. Then, do a risk analysis on the gaps to determine where it makes sense to invest in further data privacy and protection capabilities.
3. Partner only with third parties that are compliance-strong.
Ask yourself: Do they have a track record of regulatory compliance success, including with very large, complex client organizations? What kinds of certifications can they show you? Then, determine if they meet your baseline requirements.
What does the near future look like?
The challenges created by today’s intersecting trends toward cloud architectures, expanded data usage and data privacy protections are going to be worked out in the next few years. Solutions are likely to emerge rather quickly because all three of these important trends are headed in a beneficial direction for both businesses and consumers.
My point of view of the near future: Evolving versions of cloud platforms, software and services enable FIs to bring an expanding range of digital products and services to market and accelerate that process. Wider, deeper data analyses enable FIs to make more individualized, intelligent offers while helping consumers attain and maintain financial health.
At the heart of these interactions is much-improved consumer trust—trust that their personal information and data are protected and private. New opportunities abound.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here
