Banks restricted in the use of their customers' personal data

As holders of their customers' bank accounts and means of payment, banks process and protect vast quantities of sensitive personal data. However, they cannot exploit this data as freely as the American or Chinese tech giants, who have built digital empires by accessing consumer data. Let's take a closer look at the limits to the use of banking data.

What personal information can banks request from their customers?

Banks are subject to a duty of vigilance in the fight against money laundering and the financing of terrorism. As a result, they must have access to all information needed to estimate their customers' resources and assess their assets.

Banking institutions are obliged to clearly inform their customers of the reasons why this information has been requested, how it will be used, and the consequences of failing to respond.

How can personal data be used?

Coming into force on May 25, 2018, the General Data Protection Regulation (GDPR) aims to frame and harmonize the processing of personal data across the European Union. It aims to meet the new challenges posed by digital giants (GAFAM) but also by banks, which must enable customers to assert their rights.

Where personal or payment data is concerned, the right to portability applies. Any saver can therefore ask to have the data he or she has provided to his or her bank transferred to a third party of his or her choice. When they leave their bank, customers can also assert the right to be forgotten by requesting that certain data be deleted.

Making the most of personal data: a challenge for banks

Despite the wealth of data at their disposal, banks have a model that is far removed from that of GAFAM.

While each establishment has its own strategy, two main uses can be identified:

  • a commercial use, which consists of proposing product offers to customers that are likely to be of interest to them at key moments,
  • a use linked to risk management.

Banks can use the data collected to improve their management of credit default risk.

To be able to add value to their data, these players will first and foremost have to rethink their infrastructures, because while these are renowned for their robustness, they are not designed to enable databases to communicate efficiently with each other. These titanic projects are costly, however, and need to be carried out over several years.

Once modernized, information systems will enable banks to distinguish themselves from their competitors by creating data and accelerating time-to-market for new services. But for this to happen, banks will have to establish themselves as the consumer's main point of contact.