Data-sharing isn’t just good for customers – it’s what they expect
As part of Consumer Duty, the FCA asks for firms to consider not only their actions, but also those of other firms across the value chain. One way to achieve this, perhaps the simplest, is to share the individuals’ data. However, many firms don’t recognise the need to do it; some believe this it would be against GDPR or that consumers wouldn’t like it.
Consumer Duty is about putting the customer first – and not only is sharing the required data a simple, pragmatic solution to “work together across distribution chains to deliver good outcomes” (FCA: ‘Consumer Duty implementation plans’ 21 Jan 2023 – 6.4) it is also likely to be what customers expect.
Let’s look at each of these elements.
It is true that Consumer Duty itself doesn’t include a specific requirement for firms to share data, but the FCA does expect firms to work together: “In particular, manufacturers and distributors will need to work together and share information. To help ensure this happens, we have set a milestone for the end of April 2023 for manufacturers to complete all reviews necessary to meet the four outcome rules and share information with distributors to allow them to meet their obligations.” (FCA: ‘Consumer Duty implementation plans’ 21 Jan 2023 – 6.4) While ‘share information with distributors’ may not point specifically to consumer data, it would seem more than useful for others in the supply chain to be aware of any vulnerabilities, in order to avoid harms. Indeed, a great deal of Consumer Duty will run more smoothly if this is done.
It also avoids the consumer being asked time and again for the same information – in itself, this is not a ‘good outcome’ and can be a frustrating and stressful experience if someone is vulnerable.
Then there is data privacy (“GDPR doesn’t allow us to do this”). The privacy pushback simply isn’t true. Yes, data must be collected and stored in accordance with GDPR, but GDPR doesn’t prevent it. Indeed, in our conversations with the ICO, its view is that they would not want GDPR to in any way interfere with or subvert customers’ rights or needs.
In reality, what’s happening here is a mixture of misunderstanding of GDPR and firms’ information systems not supporting the secure sharing of data. Bearing these in mind, it’s possible that some pushback is based on avoiding what needs to be done to make it happen. Data-sharing can be granular – with the right systems, not all data needs to be shared, just enough to enable decision-making or reporting. When GDPR is cited as a reason for not sharing data, it feels hard to challenge – but in many cases it is that the systems in use are unable to share the right data, securely – it’s not GDPR itself.
Which brings us to ‘customer ownership’ – we don’t want to share the data because this is ‘our’ customer’. This strange phrase is accepted almost universally by everyone – well, everyone except customers themselves, who simply do not like the idea that they are in some way ‘owned’. Of course, the desire to hang on to hard-won customers is understandable, but it’s also questionable if doing so in itself creates an avoidable harm – which, like using GDPR as an excuse, is highly probable.
What is almost never discussed is what the customer’s views are.
Well, that’s not entirely true. When customers are polled for views on privacy, they understandably want it respected. The problem is that questions can be loaded. Ask anyone, “do you want us to share your information with anyone else?” and the answer will generally be no. But if we were to ask such questions in context, then the answer can be different. For example, “To make sure that we’re providing the right products and services, and that you are not exposed to risk, it’s helpful to share your information with companies providing this service – is this OK?”
We also need to consider that when a customer buys a product or service, they don’t see the entire supply chain. To them, it’s simply one transaction or service. When they buy insurance from a broker, they don’t expect to have to deal with anyone else – they expect everyone involved to know what needs to be known. Other information gets passed up and down the supply chain, no problem – so why not this? The customers’ expectation is that this is one transaction or service, whatever happens behind the scenes. Indeed, customers would likely be horrified to find that information about themselves is not shared by those working together to provide a product or service.
If something is relevant in any way to their situation or what they are buying, they would expect everyone involved to know, surely?
Like many things in business, it’s about putting the customer first. It’s hard to see how requiring customers to provide the same information again and again – and perhaps get different outcomes from different parts of the value chain – does this. Nor would it be what the customer wants or expects.
When it comes to supporting vulnerable customers, technology plays a critical role in delivering positive outcomes. It enables firms to implement consistent and objective assessment methods to generate an unbiased measure of consumers’ vulnerability and capture the quality of data required for consistent reporting.
Using the MorganAsh Resilience Systems (MARS) as an example, our assessments produce a Resilience Rating, which is much like a credit score for vulnerability.
Not only can this objective measure be shared across the value chain to ensure consistency and avoid assessment fatigue, it provides a top-level indication of vulnerability without sharing extensive personal data – meeting the GDPR principle of data minimisation.
