The financial services industry doesn’t look anything like it did 20 years ago. The number of new entrants has skyrocketed, challenging established notions of how, why and when customers can engage with banks and other organisations. But some things never change – and compliance is one of them.
At the Privacy Compliance Hub, we know fintechs are under constant pressure to rapidly deploy new applications and services. But these businesses typically hold and process large amounts of customer data, and innovation cannot come at the expense of privacy compliance. We work with startups such as Globacap, Wayhome, tomato pay, Credit Kudos and Onfido and have seen how making privacy a priority can pay dividends.
With heightened regulatory and industry scrutiny of data security practices, and more customer pressure when it comes to preserving privacy, those that take compliance seriously will stand head and shoulders above the rest. Here’s why.
Customers care about privacy, particularly when it comes to their financial information, and are taking action to protect it. A third of UK organisations lose customers after a data breach and four in 10 customers say they’ll never return to a business after a security issue. Other research has found 92% of people feel uncomfortable about the number of companies that collect data about them and 90% are shocked by the number of companies who have access to their data. Demonstrating good practice in this area will boost the confidence of customers – now and in the future. It’s what our co-founder Nigel likes to call “putting the PR into GDPR”. The question you have to ask yourself is, do you want to be like Apple or Facebook when it comes to privacy?
Fintech innovation may move at a fast pace but there’s lots happening in the regulation arena too. Entrepreneurs risk finding themselves in breach unless they keep up to date, particularly if they plan to expand internationally. A recent study found 64% of fintech firms failed to meet the GDPR compliance requirements and software vulnerability was the biggest issue. Another fintech cyber security survey found 98% of the top 100 global startups have vulnerabilities in their websites and mobile applications. Peter Edenholm, chief operating officer at tomato pay, says the Privacy Compliance Hub has made keeping up with privacy regulation as easy as it can be. “We meet regularly as a team and catch up informally in between to review what we’re doing and any regulation updates. For any new company that needs to achieve compliance, the Hub’s step-by-step process will help them understand their obligations very quickly.”
The World Economic Forum reported the pandemic led to a 50% increase in cyber attacks, with 71% of security professionals reporting an increase in threats since lockdown started. Experts say the rise in employees working from home has created more chances for attackers to find vulnerabilities, a risk that is likely to continue as organisations expect to combine remote and office work in the longer term. With 90% of UK data breaches being down to human error, regular training is essential. Jacob Herandi, finance project manager at Wayhome, says working with the Privacy Compliance Hub has made this easy to keep on top of: “The guidelines for champions, holding meetings and putting processes in place were especially useful. The Hub allows us to keep track of which team members have completed the built in training.” According to Accenture, the average cost of cybercrime is $16.7 million (£11.7 million) for banking companies, 28% higher than for other industries.
A competitive edge
In a competitive sector like the financial industry, a brand’s reputation could be the determining factor between success and failure. Disruptive fintechs typically have a smaller workforce, and a more agile approach to new ways of working than larger incumbents. This makes it easier and cheaper for new policies and procedures to be implemented and adopted company-wide. Organisations that get this right – like tomato pay, which appointed privacy champions in three key areas – know privacy compliance is an ongoing effort. “GDPR is not something you can just do, and you’re done – you have to keep doing,” Peter Edenholm said. A strong and aligned data protection and compliance strategy can drive revenue and fuel growth. It shows your commitment to the safety and security of your customers and can be a key differentiator in acquiring new business.
Fintech innovators that ignore privacy and security risk management are likely to be seen as too risky for potential clients and trading partners to engage with. That’s particularly true of those that provide software or tooling for traditional banks to make sense of their customer data. Taking the GDPR seriously is a badge of competence that will make clients more comfortable when working with new partners. But more than that, privacy is much more than just an obligation – it is a human right and a business imperative.
To receive our fantastic monthly newsletter, please leave your details below. We won’t use your email address for anything else and you can unsubscribe whenever you like. We are a privacy company after all!
Build a culture of continuous privacy compliance
At the Privacy Compliance Hub, we make compliance easy for everyone to understand, care about and commit to. We call it a culture of continuous privacy compliance. Our platform, created by two ex-Google lawyers, provides a structured programme to follow, giving you the confidence you’re keeping your customers, investors and the regulators happy. Discover how it works here.