EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Co-authored by Kelvin Wong Senior Manager, Technology Consulting and Nathan Lautens, Senior Consultant, Technology Consulting
The data portability movement is a business world manifestation of changes we’re witnessing in social contracts that underpin our social, political and economic models.
In brief
- Data portability enables individuals to share data with third-party service providers while ensuring standardization, security and consent management are in place.
- While data portability unlocks a number of customer benefits and business model innovations, risks such as security and privacy will need to be properly managed.
- Financial institutions prepared with the right business model and foundational services now are well positioned to stay ahead of their competition in this portable data future.
At its core, data portability attempts to settle the debate of “data ownership and rights” vs. “data collection and custodianship.” Data belongs to the “data subject” and can be acted on by “data custodians” or “data processors” for a purpose with the data subject’s consent.
Practically, data portability allows data subjects to provide consent and allow their data to be securely shared using standard formats with accredited third-party organizations.
Data portability has actually been around for a long time. Think about all the documents an individual has to collect physically for getting a mortgage or information small businesses need to share to maintain their credit lines. Both of those are examples of data sharing/porting. But it’s clear that these constructs were not built for a digital-first world and are a source of friction for all involved parties.
Adopting common data sharing standards, putting in place accreditation frameworks and enabling an entire ecosystem to adopt the changes requires significant undertaking by organizations to provide their customers with these capabilities. This will also enable new business models and promote market competition, which are beneficial to both customers and service providers.
What are some of the benefits to customers?
Increased control of their own data – Data portability enables customers to be in control of and manage their own data. For example, it allows them to provide consent for use of their data, and for the ability to obtain, delete and share data. It will simplify processes, save time and reduce friction where customers have to collect data from multiple providers for any purpose. Together with portable identity, this opens up newer, simpler ways for customers to conduct their business.
Greater value from data– When data is tied to only one service provider, the value is limited to that one service provider’s set of use cases. However, when the data is shared more broadly, the value of that data against many other use cases is unlocked. Not all service providers are created equal. Very often, customers have to deal with significant friction when trying to avail themselves of a new service that their current provider doesn’t offer. Through portability, this friction starts to disappear.
Increased market competition – As friction disappears, customers can seamlessly transition services to the provider that suits their needs best, in both the short and long term. The implications of falling behind on product/service propositions and delivery are likely to be severe. This will spark a new race to innovate and improve service offerings, increasing competition in the market and a relentless focus on value.
What does this means for financial institutions?
As we enter this new paradigm of data portability, unsurprisingly there are many opportunities and risks that present themselves for financial institutions.
Opportunities:
Hyperpersonalization: Service providers need to develop the ability to provide faster and better advice to customers who choose to adopt data portability, enabled by a more comprehensive understanding of the customer. Customers can expect to receive hyperpersonalized offers from their service providers that have consent to use their data.
This will go beyond product recommendations towards timely and personalized product/service recommendations centered around customer advocacy. Service providers that excel and win will be those that orient themselves towards improving their customers’ financial health.
Business model innovation: Service providers can explore opportunities to add new revenue lines to their business through emerging models, including:
- Data monetization: Financial institutions have access to a very fast-growing data set on their customers, going far beyond traditional financial data. With transparent consent encouraged through financial and non-financial incentives, data can be monetized to improve cross-selling of own/partner product and services.
- Banking as a service/API monetization: Financial institutions may also choose to become service providers and support a diverse ecosystem of players. Many models have emerged in the recent past, from banking as a service to KYC as a service, to extending banking licence through white label deposit accounts.
- Lower cost of acquiring new customers: It’s likely that scaling innovative products and services will become significantly easier for service providers. With reduction of friction from the system, the costs associated with acquiring new customer will be significantly lower. Think about the various “switch to my bank” campaigns that almost all banks run, where they promise to ease the pain for the client to switch their primary bank account. While the experience for the consumer is simplified, it’s quite expensive and time consuming for the bank’s back office. That process and cost will be a fraction of what it is today.
Risks
Disintermediation of customer relationships: Given the greater control customers have over their own data and the choices available to customers as competition increases, incumbents will need to be more competitive than ever before. Traditionally financial institutions have had an advantage through unique access to their customers’ data, but data portability will erode that advantage. Disintermediation could be an outcome as customers interact with more third parties — for example, financial institutions and fintechs — to access banking services. To remain competitive, incumbents need to be hyperfocused on their customers and offer differentiated services.k
- Security and privacy: There are also potential risks to sharing data with third-party providers. These include data leakage, hacking and financial fraud. Clear rules for data accountability, liability and data protection solutions need to be in place to safeguard customer data. It’s critical to get consent management right, since customers could take legal action if institutions share their data without consent. The biggest challenge for incumbent financial institutions is managing reputational risk — over and above maintaining a strong posture on security and privacy.
How can financial service providers prepare for data portability
1. Define your strategy for data portability — for example, comply, fast follower, first mover/market leader.
2. Build the foundation required to exchange data easily and securely, such as developing scalable APIs aligned to industry standards.
3. Deploy solutions for identity and consent management and create simpler customers experiences.
4. Define priority use cases that complement your strategic business objectives.
5. Build out analytical capabilities and digital delivery capabilities that enable the organization to make use of the full potential of the available data.
6. Invest in cybersecurity capabilities such as a zero-trust architecture and DevSecOps approaches.
7. Effectively and regularly monitor customer consent to ensure compliance, and follow the latest applicable federal and provincial regulations.
The time to act is now
Customers are already using innovative value propositions that rely on portable data. However, these propositions use insecure and risky screen scraping. Fintechs have been using data aggregators to collect customer data on their behalf for use cases such as personal financial management for retail customers and accounting transaction reconciliation for small and medium-sized enterprises.
With data portability, screen scraping is likely to be replaced with secure APIs to protect customers from threat actors and supported by consent management solutions. Customer friction to switch providers will be reduced and customers can seamlessly sign up for products with service providers that best meet their expectations and needs. Those financial institutions that are prepared with the right business model and foundational services now will be positioned to thrive in this portable data future and stay ahead of their competitors.
Where does data portability stand today in Canada?
Bill C-27: Digital Charter Implementation Act, 2022
Bill C-27 is a reworking of Bill C-11, which was introduced in 2020 but fell through with the announcement of the federal election.¹ The currently proposed Consumer Privacy Protection Act in the Digital Charter Implementation Act includes the enablement of the following:
- Increasing control and transparency when organizations handle Canadians’ personal information.
- Giving Canadians the freedom to move their information from one organization to another in a secure manner.
- Ensuring that Canadians can request that their information be disposed of when it is no longer needed.²
At the time of writing, Bill C-27 is on its second reading stage in Parliament.
Québec’s Bill 64
On September 22, 2021, the Québec Government adopted Bill 64. The law affords individuals increased rights and control over their personal information, and increases the requirements of public and private sector organizations that hold personal information, including compliance with the collection, storage, sharing and retention of personal information.³
While these regulatory changes are coming into force in Canada, other jurisdictions have already witnessed and embraced this regulatory change. The EU introduced the General Data Protection Regulation (GDPR) in 2018 and Australia adopted the Customer Data Right (CDR) reform in 2017, just two examples of evolving regulatory reforms. This regulatory framework will be supported with open banking legislation, which will include requirements for what data is in scope and the API specifications. The legislation will outline the necessary guidelines that enable customer data to be seamlessly exchanged between financial institutions, given their explicit consent.
Summary
The data portability movement is a business world manifestation of changes we’re witnessing in social contracts that underpin our social, political and economic models.
Related articles
In today’s disruptive world, realizing your ambition and growing your business is an exciting challenge. EY has a long history of working alongside many of the world’s most ambitious CEOs, owners and entrepreneurs to support them to accelerate their journey to market leadership. Drawing on their successes, we have distilled these insights to create the EY 7 Drivers of Growth.
Using data and technology to help deliver efficient public services that meet citizens’ expectations is a priority for governments everywhere. Our teams advise public sector clients on a range of digital projects from small improvements to large-scale transformations.