FinTech innovation vs. privacy concerns

The Financial Technology (FinTech) platform of today (and tomorrow) is crossing an exciting border that results in the wholistic, end-to-end experience that today’s consumer wants and that tomorrow’s consumer needs.

Advances in Artificial Intelligence (AI), open-source development, cryptography, and other technologies are driving this new FinTech world. At the same time, FinTech is facing a complicated set of privacy concerns that it must solve to succeed.  

Consider this…

Consider first this scenario of customer financial needs: Amy receives a paycheck every two weeks from her employer through direct deposit into their bank checking account. Amy has also created a rule at her bank that triggers movement of a fixed amount from that deposit into her bank savings account once a month.

Additionally, Amy has a small stock investment account with a different institution and has established an automatic pull from her bank checking account into that stock account and invests in stocks after receiving advice from a financial advisor unassociated with either her bank or her stock account.

From time to time, she makes payments to individuals and companies from her bank checking account, including automatic payments to her two credit cards. Amy also sends and receives payments from a variety of third-party payment providers, such as Venmo, and transfers money into and out of both her bank checking and savings accounts. She appreciates the analysis of her spending through her one bank account, third party payment providers, and two different credit cards, but she would like a wholistic view and analysis of spending across all those mechanisms. Once a year Amy reaches out to a tax preparer, who both prepares her taxes and gives her high-level tax planning advice.  

In the past, and to an extent even today, Amy must interact with multiple people and companies to accomplish these simple tasks. Though she can automate some transactions, she still must set up multiple accounts with multiple institutions, visit a variety of websites, manage multiple login credentials, and receive insights on different accounts separately.  

The future…

The future looks much brighter. Increasingly today and certainly in the future, FinTech advancements allow Amy to visit a single financial portal through which she gets combined views, insights, and control over her money – in other words, smart, effective open banking. Open banking – a financial services model in which customers can seamlessly share their financial information with a variety of third parties – is made possible by FinTech innovations in AI, security/encryption techniques, and SDKs/APIs, which together automate processes, consolidate information, and arrive at deep insights in a secure manner.  

If technology innovations are the engine components that lead to these advanced services, personal information is the fuel. Without use and sharing of personal information, none of these FinTech advancements would be possible. This means that privacy is the other half of the equation. Especially given the sensitive nature of the information in question, applying privacy principles in a thoughtful manner is paramount for customer acceptance and trust.  

As financial services organizations begin to create seamless experiences for money transfers and payments, financial and tax advice, investment actions, spending analysis, and more, they also must create seamless privacy experiences related to transparency and consent. Moreover, these organizations must also establish the back-office capabilities necessary to manage the complex ecosystem of data collection, sharing, use, monetization, and deletion according to those disclosures and agreements.  

Fortunately, technological innovations in privacy have kept pace with other technological developments in FinTech. These innovations allow organizations to interface with the customer and manage the complexity that open banking and other seamless financial services create. Specifically, consent management platforms and Privacy Enhancing Technologies (PETs) combine to give financial services organizations the tools they need to do privacy correctly.  

Consent Management Platforms 

The purpose of a consent management platform is to receive, operationalize, and document compliance with individuals’ consents and preferences. Typically, a consent management platform will provide tools through which an organization can easily create appealing, consistent notice and consent experiences for users. Most robust consent management platforms can handle multiple channels, including text, websites and mobile device applications. These platforms also can customize experiences based on multiple jurisdictions – each of which may have slightly different requirements. This means that an organization can easily provide users transparency at the right time and through the right channel and present the right consent and preference options to the user at the right time and through multiple channels – all within context and in a way that helps those users make sense of the experience. 

Providing disclosures and receiving consent signals are only part of the consent management responsibility, however. An organization must also be able to operationalize a user’s consents and preferences, turning that information into applied rules regarding access, use, sharing, communications, and other real-world actions. Most robust consent management platforms enable all these actions as a central source of truth for consents and preferences, curating all downstream activities on a data-field/user/context basis.  

Finally, a consent management platform will record the complex combination of notices, experiences, and user consents/preferences to create an auditable, reportable trail that regulators and privacy professionals need to help ensure compliance. The reporting capability may also be critical for marketers and business strategists to gain insights into the value of campaigns, offers, and services so that they can adjust quickly as consumer interests change.  

Privacy Enhancing Technologies (PETs)

Though a broad category of technologies and methods, PETs deserve some attention, as they help organizations build products and services, especially shared offerings that require data sharing across entities, in a way that protects individual privacy. As one regulator, the United States Federal Trade Commission (FTC), states, “These technologies can keep a consumer’s communications private from a company, allow users to access data without the company learning who they are, or enable a company to use analytics and research to improve a product without gaining access to data about individuals.” 

Two of the many PETs that are applicable to the FinTech industry are Multi-Party Computation (MPC) and oblivious proxies: 

• Multi-Party Computation, or MPC, is a set of techniques, that “allows multiple parties to share data for computing tasks without revealing each other’s data.”  
• Oblivious Proxies are a way to divide up data between two entities in a way that decouples the content of the request/response from the identity of the user (often based on IP address).  

Summary

Today’s financial organization has at its fingertips exciting technological developments in AI, encryption, and other technologies that make meeting increasing consumer demands for seamless multi-party services possible. At the same time, these organizations must meet privacy concerns before regulators allow and consumers trust in those combined services. Fortunately, consent management platforms and PETs help FinTech fulfil increasing consumer needs for open banking and other seamless multi-party services while still protecting privacy. Strong, end-to-end consent and preference experiences that successfully operationalize requests according to each user, jurisdiction, context/channel, and data field will result in both the compliance and customer trust needed to move data across multiple entities. Similarly, PETs can provide alternatives to moving data in a personalized manner, reducing privacy risk and responsibilities overall.  

You might also like to read: