Priviti and Pinsent Masons have collaborated to prepare a white paper and sample consent management policy in order to help banks move forward with the adoption of innovative solutions that engender customer trust and meet the requirements of the applicable regulatory framework.
A consent management policy is needed to meet the interrelated regulatory requirements of the Second Payment Services Directive (PSD2), the General Data Protection Regulation (GDPR) and, for some banks, the CMA’s Retail Banking Market Investigation Order.
While PSD2 and Open Banking present exciting developments for financial services and has the potential to revolutionise how consumers engage with financial products and services, banks across the EU are under significant pressure to collaborate with fintechs, invest in innovation and develop new solutions. This collaboration usually involves data sharing with consumer consent and poses a significant challenge to incumbent banks.
Speaking at the Innovate Finance Global Summit, Dave Cunningham, CEO of Priviti, said:
“We are entering the Age of Consent. This landmark legislation, GDPR, impacts every organisation across the globe who hold personal data relating to European citizens. GDPR challenges many organisations’ business models and they are looking for bank grade security and protocol to manage their obligation to comply and avoid fines of €20m or up to 4% of group turnover.”
Internally, the challenge for banks is to ensure that they have taken all of the steps required to obtain valid consent. In the Open Banking world, this is not simply about asking the customer to sign terms and conditions. The ‘three step consent model ‘ of consent, authentication and authorisation must be understood and implemented effectively.