How Banks are Adapting to Digital Disruption and Data Privacy Regulations

Digital disruption, changing consumer demographics and preferences on how they engage with their banks, along with burgeoning regulatory requirements are having far-reaching repercussions on banking. And banking executives are feeling the pressure; 85 percent believe industry boundaries are being erased and new banking paradigms are emerging.

Digital Disruption


Banks that resist digital transformation will be punished by their customers, experiencing as much as a 35 percent erosion in profit margins. In contrast, banks embracing digital disruption—those creating new product and service offerings and empowering their customers with digital technologies—are headed in the opposite direction, realizing profitability growth over 45 percent.

Most banking leaders recognize the value of digital and have embraced technologies such as Internet banking and online lending applications. But this is just the start, and the next several years are going to be pivotal. For example, McKinsey predicts that as much as half of new banking revenue will come from digital channels by 2018, up from 10 percent in many sectors today. This growth will account for virtually every aspect of banking operations and services—payments, account management, insurance, wealth management, pensions, savings and term deposits, and lending.

Demographic Changes: Customer Preferences

While changes in customer preferences—both B2C and B2B—are represented across every demographic group, the new digital natives (Millennials) are at the forefront in bringing about a transformational shift in how banks interact with their customers. Their mindset is digital first, and they prefer self-service options in the majority of instances. An astonishing 81 percent of bank customers indicate they would not switch banks if their local branch closed. With Millennials comprising over half of the workforce today and more than 75 percent by 2025, banks must cater to their expectations and behaviors.

In addition, smartphones and other mobile devices are fast becoming the tool of preference for many banking interactions and transactions. 91 percent of Millennials use their smartphone to access their financial accounts; 41 percent choose their bank based on the conveniences—which includes mobile—it offers.

One of the factors driving this change is the fact that the digital banking customer expects their banks to protect their personal data. 86 percent trust their bank over other institutions to securely manage their personal and financial data. Yet, at the same time, when this trust is violated, the repercussions can be dramatic—from brand degradation, to customer exit, to lower revenues.

Regulatory Compliance: Complex Landscape

The post-Dodd-Frank banking regulatory landscape is increasingly complex. Regulatory supervision has moved beyond planning phases to implementation and ongoing management. Ethics, culture, and related accountabilities touch every aspect of banking operations, including the handling of customer data. There are a number of banking regulations that touch on data security and privacy—Safe Harbor (U.S. and EU), European Union Data Protective Directive (EU), the Payment Card Industry Data Security Standard (PCI-DSS), and the Electronic Communications Privacy Act.

Non-compliance with these data protection regulations can incur substantial fines and penalties. For example, failure to comply with directives in the European Union’s revised European Data Protection Directive (soon to be replaced by the further reaching General Data Protection Regulation – GDPR), can result in fines based on two to five percent of global turnover (or up to €100 million). The time to prepare for the changes in the directive is now, as planning and implementation requires sufficient runway.

Mapping Out the Digitalization Data Privacy and Data Protection Risks

In order to leverage the opportunities and tackle the challenges of the new digital and customer landscape, banks must concurrently address the electronic risks and implications of protecting client data and privacy. Data Privacy risks fall into two basic buckets—external movement and disclosure of client data, and internal movement and disclosure of customer data. There are at least four different digitalization risks that banks need to heed when crafting their data privacy and protection strategies:

1. Personal information. Online banking services and products capture personal information on customers such as names, addresses, account numbers, contact information, user names and passwords, among other data elements. This may also include birth dates, payment card information (PANs), social security and national identify security numbers, and driver’s license numbers.

2. Information usage and impact data. Digital data collection goes beyond personal information, encompassing online activities such as the use of online services. For example, banks collect customer or prospect IP addresses of the device used to connect to the online service, the type of operating system, and browser used. It also includes sites visited before and after coming to the bank’s online service, pages visited and the time spent on each, and the use of other online services.

3. Omnichannel and mobile banking. The majority of banking customers expect their banks to provide omnichannel transactional and service options. Use of mobile devices play a pivotal in this transformation. Forty-three percent of smartphone users have conducted mobile banking transactions in 2015, up from 39 percent in 2014 and 33 percent in 2013. Customers also want to move seamlessly between different banking channels—in branch, web, phone, email, and live web chat. The movement of data between this channels requires monitoring and management typically not accounted for in traditional banking models. This includes the need for customer consent.

4. Additional sources of information. Digitization normally expands the collection and exchange of data with external third parties such as co-branded partner sites or other sources such as credit reporting agencies, insurance companies, among others.

Data privacy and protection is not something that banks can ignore. Their very survival depends on their ability not only to adapt to evolving technological, demographic, and regulatory changes, but also how they address the associated risks. As Charles Darwin famously wrote over 150 years ago, “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.”

For an overview of the evolution data protection and privacy in the digitalization era and the steps banks can take to address data privacy and protection risks, download our white paper, “Retail Banking Client Data & Protection: Transformation Priorities to Establish the Leaders of the Digitalization Era.”

By: Scott Kosciuk, Clearswift

Additional Information

Adaptive Data Loss Prevention

GDPR Compliance

Contact a Data Protection Specialist  

Related Articles

GDPR: How to Prepare for a Borderless World of Data Privacy

PCI Compliance: How to Redact Credit Card Info from Inbound Emails

EU-US Privacy Shield – Clock is ticking on US Companies to self-certify!