I usually blog on Education and FinTech topics. Follow me at @peterrliem @ Medium
It’s mid-January. Not an ordinary workday for me — it was my first day of work at BASIS ID. My first day consists of receiving instructions from my supervisor, Arseniy, who had flown off to Europe the day before and lunch with my boss, Akim, who was set to fly off in a week’s time.
Akim orders a bowl of dumpling noodles while I order a bowl of ban mian. We then discuss how things work at BASIS ID, its current progress, and its objectives in one year. “Trust,” he says, “We all work based on trust. In fact, everything works based on trust. Right now, at BASIS ID, we trust one another to deliver our tasks and to be reasonable in our decision-making.”.
The promises of the digital era seem to be overshadowed by cases of theft. We may be blessed to harvest the benefits of digitalised financial services. But yet we may be cursed, because going digital — especially at the infancy age — means many more ways for our data to be either misused or stolen. More instances of breaches and misuse have become clearer to us, and so have our sensitivity to how our data are managed and stored by organisations. In the process, we trust each other less.
This is a true phenomenon. In March, Edelman had released its trust barometers. It reveals that, for the first time in 5 years, trust in financial services had declined. Out of the 28 markets, 11 of them were in the “distrusted” category. 13 of the 28 markets also saw trust in financial services decline.
It gets worse for financial services. Double-digit declines were highlighted in six markets, in particular, France, Hong Kong, U.S. and UAE — financial industries in these countries were known to be one of their niches!
Trust is not just about reputation. Its impact on the companies’ sales prospects is remarkable — in fact, trust has a bigger effect on the companies’ sales prospects than on their reputation. According to Edelman, 41% of their respondents had chosen to use a company’s products and services when they trust a financial services company. Meanwhile, 31% of the respondents had either reviewed the companies positively or shared a positive opinion of them online. This shows how essential trust is to the companies’ sales prospects and reputation.
It would be foolish to dismiss Edelman’s findings on how trust affects your company’s financial performance. Look at Facebook. It had lost $50 billion in market cap within two days. Of course, given Facebook’s progress in technology, it can recover the value lost, but that is another story. But what about other companies? Can they really afford to lose that much?
Edelman identifies the top 2 factors that increased trust in financial services: in order; easily understood Terms and Conditions and reliable Fraud Protection.
Senator Kennedy to Mark Zuckerberg during Facebook's congress hearing session on 10th April 2018:
"Your user agreement sucks"
There are many cases of T&Cs that have put customers at a disadvantage. Ambiguous, long and vague T&Cs have long put some companies in a good position to get away with unethical practices, and very often at the expense of the customers’ welfare. That is why many people are sceptical of using the company’s product or service especially when it comes to financial products and services. Lots of money is at stake here, and people are not willing to lose that huge amount of money to companies that take advantage of the T&Cs. The lack of trust is evident here.
Financial services companies need to understand and appreciate the fact that customers give up certain aspects of their personal data so that these companies can conduct their on-boarding process, coupled with customer due diligence and KYC requirements. At the same time, customers expect some things in return, — and they are right to — such as a sincere assurance that their data will not be used for purposes other than those specified. However, this is a huge area where companies do not live up to their expectations, and escape the accountability to manage their customers’ data responsibly. And very often, companies claim that their practices were “specified” in the T&Cs and that their customers had agreed to the T&Cs. This explains why trust in the financial services has declined today.
The good news, however, is that Personal Data Protection Commissions (PDPC) in many countries are working on building the trust between the people and the companies. They now make it mandatory for T&Cs to be clear and precise, especially with regards to how and for what purposes will the customers’ data will be used. For instance, the General Data Protection Regulations (GDPR) and the Personal Data Protection Act (PDPA) specify the conditions for consent where the request for consent ought to be “intelligible and easily accessible form, using clear and plain language”. This move was intended for the purpose of strengthening the trust between the people and the companies, now that there is little room for companies to escape responsibility.
The success of today’s criminals and hackers — aggravated by the companies’ negligence on data security — is one of the major reasons why people do not have confidence in the financial services companies to manage or store their data. For this reason, many of them are reluctant to use these companies’ products or services, for fear that they will become victims of an identity theft one day.
What will convince them to use the financial services company’s product or services? Aside from the idea that a company should have maximum operational and technological security measures to prevent breaches, they are looking for some form of guarantee where it is hard for criminals and hackers to impersonate them in the case when their data gets stolen. For example, take the case of banks and their two factor authentication in the form of “tokens”. Here, the user does not just key in his own password, but he also has to key in the random code generated by the token that is with him. So the criminal or hacker will have to hack into the company’s system to gain the password AND steal the token from the user. While this may offer an additional layer of security, and subsequently, the reduced likelihood of identity theft, there can be more security measures in place.
One additional layer of security that companies can have in place is an extensive tracking system coupled with the customer’s ability to decide who can access their data. A tracking tool will allow the user to see where and who, based on their digital identities, are accessing or using his/her data. At the same time, the system will enable the customer to revoke anybody’s access to his/her own data anytime and anywhere. This is in line with the GDPR and other data protection regulations, where withdrawal to consent ought to be explicit and easy to be carried out.
From a business perspective, companies often find that they fall short of the requirements that are enforced on them. Due Diligence procedures and KYC regulations require them to identify their users appropriately for the purpose of ensuring that they do not admit people on the blacklist. Otherwise, if the companies are discovered to be doing so, their reputation will take a hit as people will begin to doubt the companies’ reliability in ensuring that their money are rightfully invested. This could explain why reliable fraud protection is one of the top 2 factors in gaining public trust: the people want an assurance that they are not financing or supporting any criminal activity indirectly.
Trust is not built on the basis of sharing good news with your audience. It is built on the principle of transparency. Many companies avoid sharing undesirable news with their audience for fear that the news may incite their anger and eventually, cause their mistrust in the company. In reality, like how our parents always tell us, hiding will only lead to more devastating consequences than if we were to be upfront with our progress, be it good or bad.
Take the case of Facebook again. One of the leading causes of the people’s unhappiness in Facebook is Facebook’s lack of transparency, as evident in Facebook’s privacy policy, terms and condition and user agreement — all of which are vague and ambiguous in meaning. Facebook’s unwillingness to share their status on such breaches as well as their next course of action did not help to ease the public’s unhappiness over Facebook’s data protection crisis.
Again, the GDPR was introduced to facilitate trust between the individuals and financial services companies. The notification obligation of the GDPR requires companies to notify the authorities within 72 hours after the breach had occurred as well as the affected data subjects without any undue delay. These requirements will push the financial services companies to have a sense of accountability and responsibility to inform and protect their customers. In return, because these companies have a sense of accountability and responsibility, the people will trust them and consequently, continue to use their products and services if the problem has been rectified.
At BASIS ID, there is a culture of accountability and responsibility. Regular updates (not just weekly meetings) is one of our practices, but we take it further by highlighting our concerns and listening to one another every time we plan something. The purpose of this culture is to facilitate trust among the staff, and then diffuse that element of trust to our clients and partners, and eventually, the rest of the world. Likewise, for the financial service industry, where we hope to see that the companies and individuals see the value of trust similarly.
Meanwhile, BASIS ID is more than a RegTech company. We are trust builders on a mission to build trust in the financial services industry. And we welcome any company who wants to be part of that mission.
_All findings and statistics shared in this article are from Edelman. Please click here to see Edelman’s full results on trust in the financial services industry. Alternatively, you can check out Edelman’s report at its website.
Cover picture was taken by one of the F10 staff at F10’s launch event in Zurich.