Financial firms need to adapt to the EU ePrivacy regulation

Channels of eCommerce

Banks monitor multiple communication channels. EU financial regulations require financial firms to maintain voice data and a wide range of written and electronic communications. More often than not, this requires the installation of advanced monitoring technology, such as natural language processors and voice-to-text converters, in addition to tracking emails, text messages, chat, and other written communications. Essentially, regulators require firms to collect any and all communications that provide information about how, why, when, and under what circumstances financial transactions are performed.

As Simon Hornibrook, Global Head of Client Lifecycle Management and Operations Innovation at international financial company Nomura, explained in a recent report we created, “Regulators are much keener to understand not just the nature of the chat from a deal perspective, but also how did that deal go about getting done? Was the way the deal was struck appropriate?” And while regulators are demanding firms monitor and maintain growingly diverse channels of e-commerce, electronic communications also must be protected from unauthorized disclosure.

The EU ePrivacy Regulation

Financial firms across the continent are investing in data collection and management systems to comply with regulatory requirements. However, at the same time, banks are working to keep up with increasingly-complex rules regarding the protection of personal data.

Keeping up with financial regulation following the wave of new rules that came after the global financial crisis has been challenging enough for many banks. The General Data Protection Regulation (GDPR) has made achieving full compliance with European financial regulations a real challenge for most banks. And with the new ePrivacy Regulation adding key privacy protections to the data monitoring and management requirements already in place (including capturing metadata of all eComms), a challenging regulatory environment is about to become even more complicated.

The ePrivacy Regulation requires banks and financial institutions to protect personal data by implementing specific processes that safeguard the confidentiality of electronic communications. Penalties for violating the confidentiality, erasure, anonymity, and other privacy protections found in the ePrivacy Regulation result in steep penalties. Maximum fines for infringements of the rule go up to 20 million Euros or up to 4 percent of worldwide annual turnover, whichever is higher.

Data creates value and liability

While there’s a meaningful cost of complying with the new EU financial regulations, banks are making the best out of the new rules. “Some of the work we’re doing now is taking that data-rich conversation as an example, digitizing that data and starting to disseminate it, analyze it and start picking up some sentiment,” explains Hornibrook, “that’s more the value proposition.”

Transaction-related data is valuable, and smart financial firms are figuring out ways to use this information to help improve investors’ experiences. However, regulators are also requiring banks to protect the confidentiality of this information. Designing electronic communications monitoring systems that collect all relevant data while complying with the privacy protections imposed by the new EU ePrivacy Regulation. “Certainly, the technology is there now to do that,” Hornibrook says, “but getting organized and then storing it in the right way is still quite tricky.”