Open Banking And The Legal Right To Be Forgotten

John Bertrand

Open banking rests on enabling customers to give consent and control to a third-party relationship involving their data and transactions. This ability to help the customer manage this relationship is key for the bank. The customer has the right to terminate a third-party relationship at any time and request to be forgotten.

The legal right to be forgotten becomes European Union law with the General Data Protection Regulation (GDPR) in May 2018. The law gives individuals the right to have their data returned with no copies kept. This means banks and the third parties need to remove all data they are holding on that individual and demonstrate that all those records have been deleted.

The good news for banking is open banking is novel. The bad news is that banks have a culture of believing that data has little value once the immediate transaction has been completed, and data is treated as such. We have all had to give banks details about ourselves that we know they have because just can’t find the data quickly.

Most banks started with one service, then added new ones, and eventually they designed business silos using homegrown technology. As groups within the bank collaborated for regulatory and business requirements, data duplicated, triplicated, and quadrupled. To help solve this issue, many banks have created data lakes, which in turn have been duplicated and now resemble data swamps. The payment protection insurance saga in the UK, which is expected to cost the Financial Services Inquiry £35 billion, is an indicator of how loose the governance of data surrounding financial products has been. Deleting a customer’s data is not going to be easy when it’s being replicated in many parts of the business.

Technology, which has grown in leaps and bounds, needs to be used in open banking, especially for the consent and control of data. Each customer needs an electronic file they can see and be able to update their own information. Self-service is now a banking tenant, following in the path of service stations; after all when was the last time an attendant filled your car at the pumps? Once the customer has access to all their own information, if they choose not to continue working with a party, they know what data the party has and can request it be forgotten.

The bank now has one source of the truth – the customer – and its activities on behalf of a third party can be posted to an electronic file or platform. Upon termination of a business relationship, the bank can return the electronic certificate or encrypt the data and give the decoder key to the customer. These actions can be shown to the regulator, if necessary.

The technology is there, and open banking ensures that a fully transparent and comprehensive view of the data is available both internally and externally. Culturally there needs to be one source of the truth, easily accessible and able to be deleted upon request.

Open banking can become the new leading-edge model of data handling for the financial services industry. It may initially cost 10 times that of today’s annual homegrown data compliance processes, but think what we can do with accurate, customer-led information, stored once, and meeting customers’ legal right to be forgotten.

Learn more about the new business models enabled by Big Data morphing into vast data. See Data Lakes: Deep Insights.