Open banking rests on enabling customers to give consent and control to a third-party relationship involving their data and transactions. This ability to help the customer manage this relationship is key for the bank. The customer has the right to terminate
a third party relationship at any time and request to be forgotten.
The legal right to be forgotten becomes law with GDPR in May 2018. The law gives individuals the right to have their data returned with no copies kept. This means banks and the third-parties need to remove all data they are holding on that individual and
can demonstrate that all the records are been deleted.
The good news for banking is open banking is neoteric. The bad news is banks have a culture of believing once the immediate transaction has been completed that data used has little value, and treated as such. I’m sure we have all experienced the need to
give banks details on our selves when we know they have this information but the bank cannot find the data quickly.
Most banks started with one service and then added new ones, and eventually designed business silos, e.g. cards using homegrown technology. As groups within the bank collaborated with each other for regulatory and business requirements, data were duplicated,
triplicated and quadrupled. To help solve this issue many banks have created data lakes, which in turn have been duplicated resembling data swamps. The PPI saga in the UK is expected to cost the FSI
£35 billion and is an indicator of how loose the governance of data surrounding this product has been. Deleting a customer’s data is not going to be easy as it’s being replicated in
many parts of the business.
Today technology has grown in leaps and bounds and needs to be used in open banking especially for the consent and control of data. Each customer needs an electronic file that they can see and update their own information. Self service is now a banking
tenant, after all when was the last time an attendant filled your car at the pumps? Once the customer has all the information, should they choose not to continue with that third party, they know what they have given to them and can request to be forgotten.
The bank now has one source of the truth, the customer, and their activities on behalf of the third party can be posted to that file or platform. Upon termination the bank can return the electronic certificate or encrypt the data and give the key to the
decoder to the customer. These actions can be shown to the regulator, if need be.
The technology is there and with open banking there is a need to ensure a culture of fully transparent and comprehensive view of the data is available both internally and externally. Culturally there needs to be one source of the truth, easily accessible
and in such a position that it can be deleted upon request.
Open banking can become the new leading edge model of data handling for the financial services industry. It may initially cost 10x that of the yearly homegrown data compliance processes of today but think what we can do with accurate, customer-led information,
stored once and customers having the legal right to be forgotten.