In September 2017, hackers breaching credit-reporting agency Equifax accessed the names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers of 143 million Americans. A report by the House Oversight Committee later found the incident was “entirely preventable”. Last year, airlines British Airways and Cathay Pacific reported that hackers stole personal and financial details of millions of customers, including credit-card data. These incidences generated powerful headlines, but so far not much seems to have changed.
It took about a year for Equifax’s share price to recover to pre-breach levels, and the firm is generating more income today than ever before. And the firm’s CEO himself testified in front of the Senate Commerce Committee that consumers had little choice but to continue providing their data to the company: “This is part of the way the economy works.” In other cases, however, consumers do have a choice, though they rarely exercise it. Despite the UK’s introduction of Open Banking – giving consumers the ability to compare product offerings and exchange data between providers in a secure way – over a year ago, the rate of bank switching remains stubbornly low.
What’s going on? Are consumers ill-informed? Or do they just not care enough? It may not be that simple. Consumers want both: security and convenience. A PricewaterhouseCoopers survey found that 69% of consumers believe companies are vulnerable to hacks and cyberattacks and that only 25% believe most companies handle their sensitive personal data responsibly. But instead of accepting the burden of comparing offerings and switching providers, consumers prefer to believe companies to be on the hook: 92% of those surveyed agreed that companies must be proactive about data protection. The good news for banks: most consumers (42%) trust them more than any other industry, apart from hospitals.
The financial services industry over the past years has undergone immense transformation. Technologies such as artificial intelligence (AI), cloud computing and robotics have profoundly changed the way banks, insurance companies and, increasingly, technology players are delivering financial products to customers. Data is at the very core of all these technologies.
And the collection, use and sharing of data holds exciting promise. Firms such as Zest Finance, for example, are working towards reducing the impact of discriminatory credit data used in mortgage lending. Their AI-powered models make use of thousands of data points, but exclude signals that tend to result in bias. Zest is thus able to correct for bias against applicants based in rural areas, while not having to compromise on the ability to predict whether a borrower will pay back his or her loan.
While there is general agreement among industry executives and public sector leaders from central banks and regulators that data – if used responsibly – will yield substantial improvements to the way financial services are delivered and consumed, a senior stakeholders group working with the World Economic Forum ranked the inappropriate use of customer data as one of the top two risks facing the global financial system going forward. The International Monetary Fund (IMF) and the World Bank Group (WBG) echoed this sentiment in their Bali Fintech Agenda published past October. The agenda calls for the development of robust financial and data infrastructure that protects the integrity of data and financial services.
Given the centrality of data in the evolution of the financial system and the potential implications for trust and, eventually, financial stability of inappropriate data use, the World Economic Forum has been working with banks, insurance firms, tech companies, consumer groups, trade unions, central bankers, regulators, law firms and religious groups to develop global principles guiding the use, collection and sharing of data. We published a first set of principles in the fall of 2018.
While the Forum-convened working group drafted these principles, the dynamics underpinning the public data discussions changed substantially. The Facebook-Cambridge Analytica saga for example turned discussions around data use and privacy rights into headline news. The implementation of the European General Data Protection Regulation (GDPR) and consumer privacy acts subsequently passed in California and other US states meaningfully transformed the laws governing the use of personal data. What became clear then was that as the data conversation changed, so had the principles developed by the Forum-led working group.
Both private- and public-sector leaders explored how to reposition the principles at the World Economic Forum’s Annual Meeting in Davos in January. The group will reconvene this week at the occasion of the Spring Meetings hosted by the IMF and WBG in Washington, DC to discuss the updated principles and how each stakeholder group might align with them.
The transformation of the financial system as we know has only just begun. Everybody should be able to reap the benefits of this transformation. At the same time, consumers must be assured that they can do so safely and that, ultimately, they are the ones controlling the process. The principles for the appropriate use of customer data provide a framework for how to realize this vision. A lot has changed. And a lot more change will come.