In this dynamically evolving financial services ecosystem, success is determined by a willingness to innovate and to adapt to customer expectations for digital services that enhance their lives across multiple touchpoints. For traditional banks this means creating integrated experiences across industries.
The digital economy itself has snowballed during and since the pandemic. Lifestyle brands, ecommerce websites, social media and OTT platforms like Netflix are indicative of consumers’ thirst for a digital life journey.
The connectivity and engagement offered between these platforms creates historic opportunities for the banking industry to evolve – to offer different non-banking services and experiences through one financial services platform.
These blurred lines have transformed banking from a mere financial service offering to banking-as-a-service (Baas), offering integrated experiences: when you purchase a mortgage through a bank’s platform, you should be able to immediately access home furnishing or renovation services within the same application.
To get there, banks are focused on building APIs for deep connectivity, for the exchange of information and to forge partnerships with other platform businesses, fintechs and third parties on open networks. At the very heart of this is consumer data – and that is where the opportunities and challenges lie.
Interoperable ecosystems enable a golden source of valuable data and insights
The opportunities are widespread. When services are integrated between financial and non-financial players, it paves the way for the exchange of consumer data through secure channels between parties, enabling banks to provide a better value proposition to customers in service delivery and quality. This allows banks to create truly tailor-made services that meet the real-time needs for each individual on their life’s journey.
The implications are that data no longer sits tightly within one organisation – it moves between platforms and on open networks.
While consumers can agree to opt-in or opt-out to the sharing of their data, it is mission-critical for banks and their partners to enforce strict data protection and privacy controls. This is the only way to gain and maintain trust.
Governance and consumer protections are essential to trust
Many governments have also recognised the importance of data protection and introduced country or region-wide policies to ensure companies adopt best practice – recent research by UNCTAD shows that close to 80 percent of countries have done so.
In 2020, financial zones such as DIFC in the UAE had enforced their own versions of the European General Data Protection Regulation (GDPR) and the UAE Central Bank has introduced the Consumer Protection Regulation (CPR) – a framework for all financial institutions in the country.
Now, with a growing influx of digital services, the UAE government has introduced a federal law for data protection that circles around global best practices and enforces compliance for companies holding consumers personal data.
While the government has taken strict measures to protect data privacy, banks in the UAE can also adopt additional guidelines and processes to reassure customers and build even more trust in the digital economy.
Setting standards and boundaries with external partners
Most banks have championed the open banking network by creating secure APIs for deep integration with third-parties and fintechs for customer information sharing. However, different companies have different sets of APIs.
To seamlessly share information, while maintaining privacy, banks must reinforce strict data access controls, set limits on what and how data can be shared between parties. Contractual clauses can make sure this happens and guarantee that external partners comply with the standards and boundaries put in place.
Do the due diligence
From authenticating customers, requesting consent and managing it, to authorising data sharing, banks must create robust processes for each stage, assess all risks at every level and do continuous checks at regular intervals. This is because convincing consumers to share consent is a fairly easy task, but securely handling, storing, and modifying this data, while keeping hackers at bay is non-negotiable. The vetting of partners’ data storage capabilities and cybersecurity systems across the entire value chain will help.
Follow protocols and strict measures internally
The primary task for banks must be to introduce secure layers of cybersecurity measures to make sure their systems can support an interoperable ecosystem. Realigning the IT framework, governance policies and introducing additional security levels are a few ways this can be achieved. Employee behaviours should also be monitored to avoid internal data leaks and two-factor authentication will ensure that only specific personnel can access information.
We are operating in a world where customers will continue to demand integrated experiences from financial institutions but will not tolerate any compromise of their personal information – nor should they have to. Without question, banks must raise their defensive guards on data privacy and governance – because the future of the digital economy rests on security at every touchpoint.
Ahmed Abdelaal, Group CEO, Mashreq Bank
Follow us on
