Operation GDPR for private banks and wealth managers

Almost two-thirds (65%) of players across the wealth management and private banking market say they are prepared for the EU’s General Data Protection Regulation (GDPR).

Almost two-thirds (65%) of players across the wealth management and private banking market say they are prepared for the EU’s General Data Protection Regulation (GDPR)

This is the key finding of an exclusive poll conducted by Private Banker International (PBI).

This is welcome news for the industry, as prior research by PBI had indicated some players were behind the recommended time plan for GDPR implementation. 

GDPR is due to become effective on 25 May 2018. The regulation is set to give consumers more control over their data and will impact every client that is subject to data protection.

Asked how prepared their firm is for GDPR, it is clear that 25% of organisation are making progress, but have some distance to go before being fully prepared for GDPR.

Some 10% of respondents told PBI their company was unprepared for GDPR.

A total of 60% of respondents said the biggest expected consequence of GDPR will be greater transparency for consumers.

Guenther Dobrauz, Partner and Leader at PwC Legal Switzerland Dobrauz, previously told PBI: “Segments of business which are directly client related, such as wealth management/private banking and retail ranking, are more impacted by the regulation than other segments.

“As a rule of thumb, wealth management with its high level of individualised services and client interaction will be most affected by the GDPR.”

GDPR matters to the wealth management industry as any non-compliance will result in hefty fines. Smaller breaches can lead to a fine of €10M $11.9m –or a fine worth 2% of annual company turnover being levied or €20M – or 4% of annual turnover for more drastic breaches.

While a primary objective of GDPR is to protect clients’ data, only 35% of survey respondents said they expect the directive to reduce the number of cyber attacks on businesses.

Under GDPR, a consumer or client can request companies to reveal any information held about them, with a maximum of 30 days to do so once requested.

Any data breaches must be reported to impacted clients within 72 hours of knowledge of the event and to the country’s data protection regulator.

Although respondents expect companies to be more transparent in informing their clients of a cyber attack, this does not mean cyber attacks will necessarily stop. 

One consequence of GDPR may lead companies to appoint Data Protection Officers (DPO).

The PBI poll asked whether firms were likely to appoint a DPO. The results to the question were inconclusive.

More than half of the respondents, 55%, said they were unsure; 15% said they would not hire one; and 20% said they already have a DPO. Only 10% of respondents said they will hire a DPO.

Most providers polled by PBI say that GDPR could exacerbate consolidation in the wealth management industry.

It is clear that firms are more ready than previously anticipated for GDPR. However, firms need to decide whether to increase headcount and how to share the burden among all lines of business, rather than just the compliance department. 

When GDPR come into effect it presents private banks and wealth managers the opportunity to optimise their data processes, win greater trust of their clients and give traditional private banking a chance to regain lost market share to new fintechs.

Although the industry must also focus on how it can protect consumers’data form being vulnerable from cyber attacks and how blockchain technology and GDPR can work in tandem with each other. 

For those investing properly in GDPR, there are more benefits than pain.