Regulation
05/02/2018

What Facebook’s Data Debacle Could Mean for Banking


regulation-5-2-18.pngThere was a particular moment on the second day of his most recent testimony Facebook CEO Mark Zuckerberg struck a rare smile.

Zuckerberg, on Capitol Hill to answer pointed questions about the scraping of company’s data on 87 million of its users by U.K.-based Cambridge Analytica—was asked if Facebook was a financial institution.

The odd inquiry came during a string of questions from Rep. Greg Walden, the Oregon Republican who chairs the House Energy and Commerce Committee that grilled Zuckerberg about the massive company’s complex web of operations, which includes a mechanism for users to make payments to each other using popular apps familiar to bankers like PayPal and Venmo, as well as debit cards.

Facebook is not a financial institution in the traditional sense, of course, but it does have a clear position in the financial services space, even if just by its role in providing a platform for various payment options. It has not disclosed how much has been transferred between its 2 billion users, and it certainly has raised questions about how tech companies—especially those with a much narrower focus on financial technology, or fintech—collect, aggregate, use and share data of its platform’s users.

This relationship could soon change as Washington lawmakers discuss possible legislation that would place a regulatory framework around how data is collected. Virtually any industry today is dependent on customer data to market itself and personalize the customer experience, which is predominantly on mobile devices, with fewer personal interactions.

“I think it’s likely something is going to happen here, because we’ve kind of been behind the curve as it relates to [regulation], especially Western Europe,” says David Wallace, global financial services marketing manager at SAS, a global consulting and analytics firm.

While banks are somewhat like doctors and hospitals in the level of trust that consumers historically have had with them, that confidence is finite, Wallace says.

Survey data from SAS released in March shows consumers want their banks to use data to protect them from fraud and identity theft, but they aren’t crazy about getting sales pitches.

At the same time, payments services like Paypal’s Venmo and Zelle, a competing service that was developed by a consortium of banks, also collect data, but have a lower “score” with consumers in trust, according to Wallace.

Where’s the Rub?
The question from Walden barely registered on the national news radar, but it also highlights new areas of concern as banks begin to adopt emerging technologies like artificial intelligence, and market new products that are often driven by the same kind of data that Facebook collects.

The recent SAS survey also asked respondents about their interactions with banks, and how AI might influence those. Most of the survey respondents say they are generally comfortable with their bank collecting their personal data, but primarily in the context of fraud and identity theft protections. Sixty-nine percent of the respondents say they don’t want banks looking into their credit history to pitch products like credit cards and home mortgages.

As the Cambridge Analytica situation demonstrates, there is a fine balance that must be observed giving all companies the opportunity and space to succeed in an increasingly digital environment while protecting consumers from the misuse of their personal data.

Congress tends to be a hammer that treats every problem like a nail—so don’t be surprised if the use of customer data is eventually regulated. Thus far, the only regulatory framework in existence that’s been suggested as a model of what might be established in the U.S. is the GDPR, or General Data Protection Regulation, currently rolling out in Europe. It essentially requires users to opt-in to allowing their data to be shared with individual apps or companies, and is being phased in across the EU.

How that approach might be applied to U.S. banks, and what the impact might be, is still unclear. It could boil down to a “creepy or cool” factor, says Lisa Loftis, a customer intelligence consultant with SAS.

“If you provide your (health) info to a provider or pharmacy, and they use that information to determine positive outcomes for you, like treatments or new meds you might want to try, that might factor into the cool stage,” Loftis explains.

If you walk by a bank branch, whether you go in it or not, [and] you get a message popping up on your phone suggesting that you consider a certain product or come in to talk to someone about your investments without signing up for it, that’s creepy,” she adds.

Any regulation would likely affect banks in some way, but it could be again viewed as a hammer, especially for those fintech firms who currently have a generally regulation-free workspace as compared to their bank counterparts.

Jake Lowary