GDPR (General Data Protection Regulation) comes into effect this month, over 200 pages of EU data privacy regulations which will affect how companies manage, process and delete data.
Under GDPR, banks and other organisations who carry out identity checks and hold sensitive information about customers will have to be completely transparent about what happens to that data after it has been used.
Adequate KYC procedures can be powerful AML and risk management tools but the introduction of GDPR will have further consequences on the way businesses manage their customer data.
Data protection has always been a high priority for the financial sector, but the impact of GDPR will be widely felt. A recent YouGov survey found that only 29% of businesses have begun to prepare for GDPR, with 71% of respondents admitting to being unaware of the fines they might face if found in breach of the new rules.
The two main effects on KYC will be:
Increased security requirements for KYC data
Under GDPR financial institutions will have to be stringent in their control in the storage of data. Many companies are still not careful enough; employees may be inadvertently storing data in the public cloud, inexperienced managers allowing unsecured BYOD’s (Bring Your Own Device) and staff taking work and sensitive data home.
Information security protocols will need to be defined in each area of the business, and upheld within third party organisations, to ensure that the requirements of GDPR are fully met.
Increased use of automation
Data sensitivity has become so much more difficult in the digital age. Where a single photocopied passport might have been easy to keep track of, the amount of digital data and the simplicity with which it can be shared creates a heavy burden on those who hold it. Automating onboarding, monitoring and data enrichment processes will be required to manage the requirements of GDPR. And, while investment in technology developments in the data protection sphere continue to grow, so too does the investment in criminals in finding ways to penetrate it.