Data Protection and Fintech Image

Whilst finance and technology have been linked ever since the first ATM in the late 1960s, the advent of mobile internet has truly changed the game for financial services technology, or "Fintech", as it's commonly known.

Often deemed a decentralising force, many Fintech companies are seen as directly oppositional to large, traditional banks and offer radically different, user-centric, experiences of things like mortgages, insurance, and currency exchange.

In many ways, Fintech has thrived because of its willingness to capitalise on user experience. Much in the same way that activities like shopping, online dating, and scheduling taxi-cabs have been revolutionised through mobile applications, Fintech's accessibility, its transparency, and its attempts to keep charges to a minimum (all things banks have a bad reputation for), have led to similar disruption for the financial sector.

It's true that Fintech offers clear opportunity for a new, more efficient, effective, and – dare I say – human approach to finance, but it can also represent hidden risk. It could be argued that the speed, intangibility, and global nature of digital finance is in danger of creating unforeseen regulatory gaps as agencies like the Financial Conduct Authority (FCA) in the UK rush to keep pace.

We can see these concerns play-out in the media at the moment. For example, self-described 'beyond banking' app, Revolut, hit the news recently amid non-compliance accusations over money laundering.

Whilst Revolut vehemently denies any wrongdoing and CEO, Nik Storonsky, has clarified that the app simply reverted to its original anti-money laundering screening system rather than remove the function altogether (due to the technology recording too many false positives), the predicament nevertheless shed light on the internal struggle that exists for digital finance between customer satisfaction, speed, and matters of compliance.

Data Protection and Fintech

The truth is, although many new finance apps appear more human (in that they offer an open, honest, and jargon-free experience without the lengthy approval processes that banks enforce), they are, in fact, artificially intelligent.

That means that it's often complex algorithms – not humans – that process customer details and translate them into requirements and decisions for things such as mortgages, lending/borrowing, and what constitutes a safe or unsafe money transfer.

In many ways, the mechanisation of everyday financial services is revolutionary (it has been likened to the industry's transformation in the 1980s at the advent of computerised banking). Machine learning and AI mean that computers can write and test rules themselves. They can learn, for example, to make mathematically perfect lending decisions in seconds – possibly putting an end to unscrupulous and predatory lending practices (like the sort that contributed to the 2008 financial crash).

On the other hand, there is a cost of sorts used to generate this innovation and, for Fintech, this usually comes in the form of data. Big Data – such as the data gathered continuously by your smart phone (and which can be used to predict human behavioural patterns) – fuels Fintech in numerous ways. For example, financial technologies use our personal data to customise user experience, offering banking recommendations based off our spending patterns.

Fintechs also use data and predictive analytics to make credit and lending decisions, to manage risk, detect fraud, to fuel marketing, as well as devise customer retention/loyalty programmes. We shouldn't underestimate just how much Fintech relies on access to data, and what that data can be used for. After all, Big Data begs Big questions:

  • What happens if data security is compromised?
  • Who (or what) is held accountable by regulatory watchdogs for decisions made by robots?
  • Just how do Fintech firms protect our consumer rights?

Champions of Fintech argue that consumers, indeed, society, will benefit from increased access to more personalised, more cost-effective finance products that encourage fair competition and inspire change. However, those who are more sceptical argue that more data naturally equals more risk, pointing to cyber-security attacks like the one suffered by Tesco bank in late 2018. Tesco was fined £16.4M by the FCA for the breach which saw 34 unauthorised online transactions take place.

Others question FinTech's use of automated decision software, arguing that it could actually increase the risk of financial exclusion as customers with little or no digital footprint could become 'invisible' to applications that rely on data to profile people and assess risk. Similarly, customers might be unfairly profiled due to their spending or shopping habits being similar to someone else's that has been refused credit in the past. Lumping people together like this suddenly doesn't sound all that human …

With so much digital information available for Fintech firms to use and analyse, it is imperative that regulatory bodies like the FCA continue to question how Big Data is being used, and for firms to implement safeguards that ensure data is processed ethically and lawfully. This is particularly true under GDPR (or the UK's implementation of it, the Data Protection Act 2018). Under this legislation, data controllers must:

  • Be transparent about how they intend to use data (including putting measures in place to track and audit data use and for customers to access records about how their data is being used).
  • Obtain informed consent from data subjects to use their data in the manner they want to. Organisations risk breaching data privacy and data security laws if they carry-out group or individual profiling on data they only have implied consent for.
  • Ensure that automated decision software is fair and unbiased.
  • Protect data integrity by using only accurate data and updating this data as and when required.

As we might suspect, underpinning Fintech's regulatory obligations is yet another innovation, aptly named Regulatory Technology, or "Regtech" for short. Whilst not a new concept, the continued crossover between regulation and technology may well become crucial as Fintech encounters ever more regulatory and reporting requirements in the future. Extending disruptive digital technologies to regulation, indeed, seems like the next logical step.