It has been two years since GDPR was introduced. The legislation provided individuals with the right to access their personal data held by organisations and understand how it is used. To request personal information, individuals raise a Data Subject Access Request (DSAR). When GDPR was first introduced, financial services saw an increase in the number of DSARs. Two years on banks are still having to deal with fluctuating volumes. With huge amounts of customer data, DSARs are a time consuming and manual task.
DSARs are requested by both individuals and Claims Management Companies (CMCs). Banks need to be careful as CMCs are using DSARs to fish for opportunities. Acting on a client’s behalf a CMC will request all information relating to the customer. They will then identify any omissions or errors and use them to seek compensation for mis-selling whenever possible. The resulting costs to banks can be punitive.
The Cost of CMC Complaints
With a focus on successfully winning compensation, the smallest error or overlooked piece of data will be pursued. For example, if a CMC receives a DSAR response which is missing the T&Cs for a mortgage, they may try and claim your customer was not aware of a particular piece of information, which could lead to a mis-selling claim. Failing to provide this information in the DSAR response puts the bank at a strong disadvantage in evidencing what the customer agreed to. This can then result in being unable to refute the claim and cost the bank significant sums of money.
As in this example, often it is the case that the missing information was present in the bank’s systems but hidden in plain sight. As such, banks are having to pay fines and handle complaints for not providing information that they do have but were unable to locate in a reasonable timeframe. Remember, it is also important to keep pace with the other incoming DSAR requests.
Once the CMCs have been successful in pursuing a particular product or bank, they can then capitalise upon the situation by searching for other, similar opportunities for their now significant customer base, built on the back of PPI claims. One successful mis-selling claim could be the catalyst for many more.
Inadvertently breaching data regulations is unnecessary, frustrating, and costly. But the repercussions go beyond financial cost. DSARs are another step in the customer journey. Requests returned with missing or incorrect information could negatively affect customer experience. In the competitive banking market, any opportunity to position the bank as responsive and accurate is important. Adverse publicity generated from legacy PPI mis-selling generated a large amount of adverse publicity, eroding customer trust for organisations that now work so hard to treat customers fairly.
So how do banks avoid this problem?
Banks hold customer data across different departments, often in multiple legacy systems. The challenges associated with gathering data in this environment means that without proper processes in place it is easy for human errors to occur. One individual can have a high volume of dispersed data in a bank. Trawling through systems and documents is often a laborious and time-consuming task. One request may involve multiple departments. Missing one link in the chain could risk the DSAR being incomplete and a claim resulting. An efficient and consistent process is needed to ensure all parties collect the required information.
Fluctuating DSAR volumes cause added pressures on staff and workload management. An increase in requests quickly creates backlogs and the potential for human error increases as teams struggle to meet the demand. As CMCs see the pattern of errors and the potential for successful claims, they will file more requests which has a snowball effect on the volumes.
Improving operational efficiency helps banks deal with these problems and avoid unnecessary costs. A well-defined process ensures consistency and speed in handling the requests. Mapping out a clear process and identifying where data is held will enable teams to work thoroughly and efficiently. Data gathering becomes more manageable and the risk of complaints is reduced.
Once the fundamentals of process and data management are in place, banks can consider further steps to optimise the process. Automation can be used to accelerate request handling and will also further minimise the risk of human error, protecting the banks from unnecessary claims. An iterative approach towards automation allows improvements to be made in steps, minimising disruption, and improving outcomes quickly. As improvements continue to be made, automations can be built upon to optimise the process end-to-end.
Implementing an automated audit-trail to track each request and evidence that all data has been collected can also help to reduce compliance concerns. Quality control teams no longer need to rework requests, reducing overheads in one of the most labour-intensive parts of the process.
Missing information can cost banks money, time, and reputation. But these costs can be avoided. Our DSAR Checklist draws on our experience helping banks to achieve operational efficiency and identifies practical steps that banks can take to work towards optimising their DSAR process. Incremental improvements will help banks to improve efficiency and reduce operating costs. With a faster and consistent process in place, you can reduce the risk of unwanted and unnecessary CMC complaints.