General Data Protection Regulations (GDPR) benefits for financial services firms do exist.
Despite the “rules, rules, rules” nature of compliance and operations, not to mention the financial consequences for failure to comply with GDPR, today’s newly passed EU regulations serve as a reminder for investment managers both inside and outside the EU that it pays to play by the rules.
Some advisories that are legally obligated to comply will drag their feet, while others not required to act (yet) will kick the can down the road. In either case, the reluctance of the former and the procrastinatory nature of the latter will result in insufficient or negligent compliance, hurting both types of RIAs in the long run.
Whether your financial services company is forced to comply or not, there are ways to use GDPR to your advantage.
GDPR is a good excuse for an operational spring cleaning and overhaul.
Our previous blog highlighted the new policy’s requirements and the ways to prepare for when the ruling goes into effect. Fulfilling these requirements includes updating your documentation around data management and security practices, as well as training your employees on proper handling and disposal of data.
Compliance is a big (and necessary) task, and while you’re making changes to documentation and training, think about improving the documents related to daily reconciliation reporting, incorporating elements of GDPR where needed.
Use this time to ensure your middle- and back-office operations staff has both the training and resources to not only successfully complete the tasks, but doing so in accordance with the new regulations.
Greater trust in your investment management advisory is in part a result of improved operations (above), and building goodwill does lead to tangible results.
That garnered trust means a client will stay with you rather than leave for a competitor. A Capgemini Consulting report revealed that 74% of consumers would switch banks or insurers if a data breach occurred.
Those people will instead go to a firm where they know their data is protected and privacy is guaranteed. Make sure you are that firm.
From a research and marketing standpoint, GDPR sounds like a bummer. Individuals can opt out of sharing their details or ask for their data to be removed at any time, data which your firm uses to identify the right investment products or services to sell to them.
But really, what’s so bad about that? Sure, it might look pretty keeping a large set of data points in your CRM or portfolio accounting system to use for marketing, but your firm would’ve wasted effort and resources marketing products and services to those who were never interested in the first place.
At least with GDPR, individuals will be notified how their information is being used, and if they give their consent, you’re getting an early indicator that a prospect might be interested in becoming your client, or an existing client is interested in a new product or service your firm offers.
Even if you are not responsible for your firm’s marketing and research efforts, your operational overhaul by implementing GDPR could provide a more reliable data set for other departments to use in helping sell the right product and services to interested clients, which results in more revenue for your organization, securing your own position.
GDPR shouldn’t be seen as “just another regulatory hurdle” in preventing money managers from running their business the way they want to.
Rather, these compliance guidelines should be seen as an opportunity to strengthen your operational foundation, which will lead to greater client loyalty, thanks to your commitment to data privacy when others failed.
Your accumulated goodwill might even generate new revenue streams, as a result of individuals bringing their business to your organization. Your firm’s research and marketing efforts will be aided by focusing on streamlined data sets, courtesy of GDPR.
Being a force for good in the digital and cybersecurity world does pay.