With this increased access to financial services, customers’ personal information has become readily available and easily accessible. Open banking APIs make it easy for FinTechs to work with traditional banking data. Further, the unstructured data available on the internet could be mined to gain new customer insights. While there are many benefits to mining customer data, the dark sides of digital technologies are underrepresented in current discussions on the digitalisation of financial products and services.
The current debate in this context seems to be skewed toward turf wars between old and new technologies, incumbent banks and challenging FinTechs, and other competitive factors, focusing less on the more important aspects of data ownership and consumer rights.
For example, in a recent article, The Economist[1] discusses ownership issues related to the increasing digital content in everyday technology such as cars, washing machines, and even sex toys! The story argues that if producers of these increasingly digitised machines and devices embed the rights to consumers’ personal data in their products and services, consumers’ data ownership rights and their abilities to secure these will reduce to symbolic power, making it impossible for consumers to claim ownership over data they are forced to share when using and/or consuming products/services they have rightfully paid for. This topic becomes significantly important in the financial services sector given the associated sensitivity and security considerations.
The same article concludes with a vivid call for debate, denouncing that “Ownership is not about to go away, but its meaning is changing. This requires scrutiny.” From this vantage point, it is clear that several ethical issues regarding FinTech need to enter public debate.
Regulations versus ethics
While regulations are in place to control the exploitation of personal information, it would be interesting to see the extent to which FinTechs enact these preventive processes and procedures against the unauthorised or exploitative use of sensitive customer data.
First, one line of exploration would be to determine whether current regulations are sufficient in protecting consumer data or new policies should be put in place to ensure better control. Indeed, some recent voices have spoken out against inert legal and institutional regimes that have thus far been unable to effectively regulate the scope of activity and intrusion violating consumer and intellectual property rights caused by disruptive digital technologies. Can PSD2[2] bring about significant reforms in this front? As it stands, traditional banking is becoming increasingly regulated, which provides some degree of security to consumers of financial services. However, FinTech is still poorly regulated, so there is more risk involved for consumers of FinTech solutions in society at large. For example, “know your customer” regulations as well as anti-money laundering and anti-terrorist financing regulations make traditional banks less inclined to provide financial services to certain parts of the market. FinTechs are yet to be fully regulated by these laws.
Additionally, as FinTech firms develop their technologies, customers are enabled to change their profiles online. However, in a recent report, the Financial Industry Regulatory Authority (FINRA) states, “If investors frequently change their profile, an effective practice is for broker-dealers to contact the investor to understand why the investor is making these changes.”[3] Thus, the technological empowerment of customers through a sense of ownership over their personal data is clearly a bounded choice that FinTechs should explore further. The upside of FINRAs report is that it prompts FinTechs, albeit without an enforcing regime, to comply with traditional banking regulations. The odd side is that FINRA considers customer profile changes harmful and assumes that FinTechs will determine customers’ real intentions to prevent fraud or some other harmful activity. Such a skewed view of customer data risks creating yet another rigorous apparatus that disadvantages customers vis-à-vis FinTechs.
Another rising concern is ensuring regulations are consistently implemented across FinTechs given their diverse offerings. While customers have access to more personalised products and services, they also face higher risks of fraud if their information is not handled securely or is compromised. Indeed, the FinTech financial ecosystem might be threatened if even a single untoward case is reported—unlike with traditional financial institutions, where only the specific entity is affected. Furthermore, there may be less transparency for customers regarding where their personal and publicly available information is being used, and they might become more sensitive towards online social engagement, thereby creating yet more information asymmetries that diminish customers’ right to their personal data. There is also an increased risk of criminals and terrorists exploiting technology to aid their activities. A recent article on Financial Times[4] also raises the question of whether regulations should be in place for smart-home appliances as data compromises there would mean directly intruding into someone’s private space. Given the increasing trade in customer data, we find this development particularly alarming in the FinTech context. Therefore, we urge debate and action among FinTechs to responsibly develop mitigating procedures.
Some considerations for FinTechs
First, many online trade sites offer their customers a repository containing historical purchase data. FinTechs could advance this practice by offering their customers a log containing information on how their personal data has been used. Customers should be able to disable the use of personal data along a sensitivity scale, allowing FinTechs to use certain types of data and prohibiting them to use other types of data.
Second, most online accounts contain asymmetrical advantages vis-à-vis customers. Customers rarely read account terms and conditions, which often contain clauses that give platform owners the right to use customer data for commercial or other purposes. FinTech firms—in fact all firms—should introduce logs informing customers to whom their data has been sold (or shared), and they should make these logs readily available to customers. This level of transparency should be the base threshold for all online customer accounts.
Third, FinTech firms could do more than this: they could allow customers to freely choose if they want their data to be shared at all and, if so, with whom data can be shared, what type of data can be shared, and for what purposes. This practice would give customers the chance to decide how their data will be used and to control the spread of information about their deeds while simultaneously allowing FinTech firms to develop services that are more closely aligned with emergent trends among customers.
We are aware that these points may seem inhibiting for business, but operating at the forefront of a data-driven age comes with the responsibility of outlining FinTech firms’ core business. We take it as a given that most platform owners consider information brokerage a part of their core business, but if this comes at the cost of customer integrity, it is questionable whether such opacity is ethical in the long run. The increasing advancement of AI solutions that span multiple devices and technological platforms should serve as an initial warning.
“Customer first” is a key mantra for many firms these days, and customer experience is at the heart of most firms’ strategies. In this business context, ignoring basic ethics might instantly pull a firm down on moral grounds. Thus, it is equally important for FinTechs to consider running an ethics engine in addition to their RegTech, cloud, or AI engines. Indeed, according to a 2015 WEF report[5], the organisation is already debating financial services firms’ ethical use of customer information, trying to ensure consistency across the industry and setting industry standards. FinTechs should welcome this type of initiative as it is in their interest to engage in standard setting that complies with sound and ethical business practices.
Robert Demir is a lecturer in strategic management at Lancaster University Management School. His research interests include open strategy, management innovation, and digital business models. He is currently involved in two research projects: organising for digitalisation and understanding how unsanctioned management innovations come about. Robert Demir also works as a consultant on strategic change, and he is an executive network facilitator in Sweden and China.
Raghuveer Ramkumar is a recent MBA graduate from Lancaster University Management School. Prior to earning his MBA, he worked as a strategy consultant specialising in organisational change management and digital business transformation with IBM for six years. His interests include digital strategy, innovation consulting, business transformation, and change management.
Sources:
- [1] The Economist, “Take back control: How digital devices challenge the nature of ownership,” Print edition, 30 September 2017.
- [2] The Second Payment Services Directive (PSD2)—A briefing from Payments UK, July 2016
- [3] FINRA Report on Digital Investment Advice 2016, page 11.
- [4] The Financial Times, “Vacuums that pick-up data as well as dirt renew privacy concerns”, August 2017
- [5] World Economic Forum, “The future of financial services,” June 2015
