For banks, insurers, pension funds, debt collection agencies and building societies sending out hundreds, even thousands of customer communications per day, there will always be risks that have to be managed. Both to the business and to the customer.
Staying compliant with standards and regulations that protect the resilience of the service, the security of customer data, and the security and sustainability of the supply chain is a good way to mitigate these risks, but it’s not always enough.
Compliance regulations can only go so far. Cyber threats are always becoming more sophisticated, and vendor accountability gets more diluted as you go down the chain. So, there is a business case to be made for going further than compliance. To show customers and shareholders that the customer experience is important and the supply chain is as risk-free as possible.
In this article we will run through the top 5 risks to businesses and customers, and help you discover opportunities for customer communications management to go further – to do better than the bare minimum.
Consumer Duty is the FCA backed regulation that came into effect in July 2023 to increase the level of consumer protection in the retail financial services market. The intention is to influence financial firms’ culture and conduct, to embed the delivery of good outcomes across the entire customer journey.
Consumer Duty came into force for all open products and will expand to all closed products in July 2024.
Compliance with Consumer Duty requires demonstrating that the business is driving better outcomes for customers. Firms have to be able to “..assess, test, understand and evidence the outcomes their customers are receiving.” This means sending the FCA documentation such as product and service governance frameworks, fair value assessment frameworks and customer support monitoring policies.
Non-compliance with Consumer Duty can expose financial services firms to reputational damage, disciplinary actions and financial penalties. The FCA enforces the regulation with proportionality depending on the vulnerability of customers, the complexity and risk of products, the size of the firm and the firm’s general ability to influence customers.
Key areas of risk include inconsistent language, poor user interface design, insufficient accessibility and inadequate attention to the digital customer journey.
Proactively tackling these risks requires firms to provide:
A holistic approach to driving better outcomes includes multiple aspects of customer communications. Financial services firms should:
Taking the following measures can help firms surpass compliance requirements and create a superior customer experience in financial services:
Non-compliance with data security regulations and standards such as ISO 27001, GDPR, and the PCI Data Security Standard can lead to high penalties or financial fines, financial losses derived from data breaches, litigation, business interruptions, reputational damage and loss of customers.
Compliance with the various regulations and standards involves several key steps. First, organisations should adopt a strong data governance strategy, covering aspects such as data aggregation, management, storage, security, retrieval and destruction. Implementing proper data security measures like Transport Layer Security (TLS) 1.2 – which encrypts all data “at rest” (stored) and when it’s transferred mitigates against the threat of any vulnerabilities.
It is important to conduct regular risk assessments and penetration testing to identify potential security loopholes and vulnerabilities. Companies should also obtain certifications like Cyber Essentials Plus and adhere to guidance from the Data Protection Act, GDPR and other applicable legislation.
Financial institutions can streamline login processes and improve security by adopting single sign-on (SSO) authentication measures and employing robust identity management solutions like Azure. This ensures that users have a secure and efficient way to access the various systems they need.
Going beyond basic compliance means focusing on a proactive approach to data security, rather than merely checking off regulatory boxes. Financial services companies should consider the following steps:
By adopting these practices, financial institutions can not only achieve compliance but also build a strong and proactive data security culture that helps to safeguard against increasingly sophisticated cyber threats.
Poor quality management in customer communications that leads to an inferior service is likely to end up in a loss of customers, lower productivity and increased costs as confused customers call into the contact centre or begin to distrust the brand.
As such, it is of great importance that financial services firms, or their CCM suppliers, adhere to applicable standards such as ISO 27001, ISO 9001 and BS 10008. While these kinds of standards are not regulations themselves, implementing their advice will help firms to be compliant.
Whether a CCM vendor or the financial services firm itself, anyone communicating with customers regularly and at high volume should establish effective quality management systems. One key component of these systems is quality control, which involves checking that processes and results meet specified requirements (like those laid out by ISO 9001 and BS 10008.)
Implementing quality management systems typically involves the following steps:
To truly excel in quality management, financial services firms should strive to go beyond basic compliance and incorporate a culture of continuous improvement. This can be achieved by adopting methodologies like Agile for sprint-based project management, and Prince 2 for large-scale structured projects with multiple stakeholders. Both are focused on delivering projects on time, within scope and on budget.
Furthermore, financial services firms can benefit from the following best practices:
Non-compliance with environmental regulations and standards can pose significant risks to financial services firms. These risks include fines, reputational damage and potential loss of business. Failure to adopt sustainable practices may lead to increased operating costs and material waste, further impacting the bottom line.
Adhering to standards such as ISO 14001 and certifications from the Forest Stewardship Council (FSC) or the Programme for the Endorsement of Forest Certification (PEFC) can help mitigate these risks by demonstrating commitment to responsible environmental management and supply chain practices.
To achieve compliance with environmental regulations and standards, financial services firms should consider the following actions:
Taking additional steps beyond fundamental compliance can help financial services firms achieve enhanced environmental management outcomes. These steps might include:
By proactively addressing environmental risks and going beyond basic compliance, financial services firms can enhance their environmental management practices, demonstrating their commitment to sustainability and creating long-term value for stakeholders.
Non-compliance with business continuity standards such as ISO 22301 can lead to significant risks like operational disruptions, financial losses, reputational damage and legal penalties. Implementing a robust business continuity plan (BCP) and disaster recovery (DR) strategy can help mitigate these risks by ensuring that critical systems and data are protected and recoverable in the event of a disruption.
To achieve compliance with ISO 22301 and other relevant standards, financial services firms should consider implementing the following measures:
In addition to meeting compliance requirements, financial services firms can implement the following strategies to enhance their business continuity and disaster recovery capabilities: