BAI Publications
 
Friday, July 25, 2008   
 E-mail This Page   
November/December 2004
Volume LXXX Number VI
Published by BAI
Subscribe to Banking Strategies...it's a must read
CONTENTS
Table of Contents || Publisher's Perspective || Focus on the Front Line || Front-Line Performance Gap || Leveraging Human Capital || Relationship Management By the Book || Not Everyone Wants a Relationship || Banks, Consumers and Trust || Segmentation: 5 Poisonous Flaws & 5 Proven Antidotes || Time for a Clean Sweep? || Driving Toward a Holistic View of Payments || Cutting the Strings || Proactive Privacy || About Banking Strategies - Past Online Issues - Article Archive

Proactive Privacy

By Robert Stowe England

Banks seek a win-win approach to using customer information.

Is privacy simply a compliance issue, just another requirement for banks, or does it also provide a marketing and a customer relations opportunity? And do privacy rules and practices have a negative effect on the value of all the business line mergers completed and anticipated in the financial services industry?

Those questions are on the minds of many bankers as their institutions grapple with current and prospective regulations regarding consumer privacy. Unquestionably, this constitutes a compliance burden. But privacy could also provide some institutions with a competitive advantage if they succeed in showcasing policies that go beyond what's required to satisfy customer preferences while still preserving cross-sell opportunities.

Cleveland-based KeyCorp, for example, has integrated its privacy protocols into a master customer list across all lines of business as a means of assuring that privacy issues are handled appropriately at every stage in the bank's interaction with its customers. This includes honoring customers' preferred way of being contacted, whether it be by phone, mail or e-mail.

"We could have just done the minimum to comply," says vice president and chief privacy officer Brian Dean. "Instead, we spent a little bit extra to give our client base additional preferences. If we contact them exactly when they want and provide the products they want, we'll be their trusted advisers. And, that's what we're seeking."

While not every institution will be inclined to spend $5 million on the effort, as KeyCorp did, many may want to go beyond minimal compliance as the privacy rules become ever more complex. Concerns by policy-makers, consumers and activists have risen as the banking industry continues to consolidate and traditional lines increasingly blur between banking, brokerage, insurance, investment banking and mutual fund companies. This consolidation allows for greater information-sharing and cross-selling across all those business lines.

Related Sidebars

Happily, privacy laws have not yet hindered the ability of banks to make the most of these business line mergers. "Does it cramp a bank's style in achieving the Holy Grail of cross-selling? The answer: it is not a terrible impediment," says Tanya Azarchs, an analyst with Standard & Poor's Rating Service in New York.

The reason privacy regulation has been relatively benign so far is that it centers on an "opt-out" approach, which means that customers can be marketed to unless they specifically request not to be solicited. The percentage of customers who choose to opt out has remained very low. If, however, banks are required to ask customers to opt in to information-sharing and marketing with affiliates, such a change will have a significant effect on current practices. Indeed, California now requires such an opt-in and banks have had to remove California customers from their marketing list systems since July 1, pending appeal of a court ruling.


"The industry right now is in an awkward in-between position," warns Jo Ann S. Barefoot, a regulatory expert and principal of Jo Ann Barefoot & Co. in Columbus, Ohio. "Banks are collecting a lot of customer data and not yet delivering a visible benefit that the consumer really values. The industry needs to get the issue on a footing where it's seen as a win-win scenario rather than a win-lose scenario for consumers."

All the more reason, perhaps, to go beyond minimal compliance.

Sticking Point

Privacy is a pivotal concern in banking because it goes to the critical question of trust. "Customer trust is one of our core values. And the protection and proper use of customer information is a key part of establishing that trust," says Campbell Tucker, director of the privacy office at Wachovia Corp. in Charlotte, N.C. (For more on this subject, please see "Banks, Consumers and Trust,")

On the other hand, financial institutions face a lot of pressure to cross-sell more products to prospective and existing customers, which requires the use of detailed customer information. "People tend to think of money in the vault as being the key asset of the bank," Tucker says. "But customer information and how we use it is in some ways equally as valuable."

Yet, banks' interest in using customer data can clash with customer demands for privacy. The real sticking point occurs when a bank wants to share its customer data with a partner to cross-sell products from other banking divisions, such as credit cards, mortgages or car loans, or perhaps more importantly, to cross-sell non-bank products such as insurance and mutual funds. How much customer data can or should the bank share with the partner, affiliated or non-affiliated? Privacy regulations promulgated in recent years bar some information-sharing and require notices that allow customers to opt out in other areas.

Some of this regulation came about in the wake of reported abuses of customer privacy that surfaced in the late 1990s. For example, U.S. Bancorp of Minneapolis was investigated for sharing information with a Connecticut-based telemarketing company, including customer names, marital status, occupation, Social Security numbers, birth dates, homeownership status, transactions, account balances and credit limits. The telemarketer, Member Works Inc., sold 70,000 customers of U.S. Bancorp a range of products from telephone service to travel packages, according to the bank. Federal investigators charged that the telemarketer automatically withdrew payments from a checking account without written customer authorization.

In 1999, U.S. Bancorp paid $3 million to settle claims filed by Minnesota Attorney General Mike Hatch while insisting it had done nothing wrong. In 2000, the bank also reached a settlement on a number of class action lawsuits filed in federal court, in which it agreed to pay small claims to those who felt they had been harmed.

Partly in response to all this negative publicity, Bank of America Corp. adopted a blanket policy in the late 1990s that it would no longer share or sell any customer information with third parties. The position went beyond what the privacy laws required at the time. Wachovia and U.S. Bancorp have now taken a similar approach. U.S. Bancorp, for example, states clearly in its privacy policy that except for credit reporting and other limited non-marketing situations, "we do not share confidential customer information outside our affiliated family of banks and customers. You do not need to request this confidentiality — it is our standard practice."

Bypass Policy

Some banks have concluded that they need to go the extra mile in ensuring good customer relations by limiting the frequency of solicitations based on information shared among affiliates. KeyCorp, for example, keeps track of how often the bank or any of its affiliates contacts a customer. Its policy states that there can be only five touch points — or solicitation contacts — in a given year, according to Dean.

Wachovia has a similar policy, tracking how often each customer across its affiliates is contacted by a phone call, by U.S. mail and by e-mail. Internally, this is dubbed the "bypass policy," meaning that once a limit is reached for a given channel of communication for a given customer, the system bypasses that individual for the rest of the year. While declining to provide specifics, Tucker says the maximum for phone calls is the lowest, with a higher number of e-mails allowed. Wachovia set the highest limit for U.S. mail.

Careful use of outbound communications can help keep the marketing channels open. The less customers are bombarded with solicitations, the less likely they are to opt out of a marketing system when given the chance to do so.

Banks can also help themselves by improving the way the privacy notice is written, experts say. On the surface, it would seem that sending out the perfunctory notice, with the requisite legal language, might make the most sense, if one were concerned about keeping the number of opt outs low. It is widely agreed that privacy notices are difficult to read and that very few customers read them. Part of the blame falls on legal requirements that make it difficult to write a breezy and reader-friendly notice. Federal banking regulators are looking at ways the notices can be improved.

But overly dense notices can clearly alienate customers, so some banks are taking steps on their own to make them more useful. Wachovia, for example, begins its notices with a section titled "Privacy at a Glance," which crystallizes the main points of the privacy policy and puts the opt-out choices at the very beginning of the notice. It notifies customers that Wachovia does not share information with third parties and offers customers the chance to opt out of sharing non-transactional information with affiliates. Even though its notices prominently feature opt-out choices, Wachovia's opt-out numbers for sharing with affiliates remain "relatively low," Tucker says.

In addition, Wachovia provides information on how a consumer should respond if he or she is a victim of identity theft, including people to contact. It also provides tips on avoiding fraud. Wachovia decided to add these features after learning from focus groups that this is one of the things that customers wanted to know about in a privacy notice. This extra step by Wachovia provides an added value to consumers and addresses the challenge raised by Barefoot, i.e., that customers tend to see information-sharing as benefiting banks, but not themselves.

A December 2003 consumer survey by the Ponemon Institute of Tucson, Ariz., ranked 25 banks by how strongly they seemed to be committed to protecting their customers' privacy. The top five, in order, were: Washington Mutual Inc., U.S. Bancorp, National City Corp., Fifth Third Bancorp and BofA. The study did not identity banks that were ranked from sixth to 25th, although Citigroup Inc. scored among the top 10 in the ranking of most trusted companies of any type (not just banking) in a more recent Ponemon survey. Some of the banks in the December 2003 survey scored well below the top five, suggesting these institutions are not taking the privacy issue seriously enough.

"Banks that don't 'get it' think privacy is a matter of regulatory compliance," says Larry Ponemon, president of the like-named institute. Such banks might be assuming "they're doing a good enough job" because the rate at which customers opt out of sharing information under the privacy notices required by federal law is low, perhaps as low as 2% of banking customers, he adds.

This may provide an opportunity, Ponemon says, for banks that are more proactive about protecting privacy to attract customers from banks that are less diligent, particularly given current public concerns about fraud and identity theft.

Mr. England is a freelance writer and author based in Arlington, Va.

Copyright © 2004 by Banking Strategies, published by BAI.

back to top
 
© Copyright 2008 BAI. All Rights Reserved Contact Us  |  Site Map  |  Our Terms and Conditions  |  Web Site Specifications  |  Home