On December 19th 2016, the Joint Committee of the European Supervisory Authorities (consisting of the European Securities and Markets Authority, the European Banking Authority and the European Insurance and Occupational Pensions Authority) (the “ESAs”), issued a discussion paper on the use of “Big Data” by Financial Institutions (“FIs”) in order to receive feedback from stakeholders on their preliminary assessment of the potential benefits and risks linked to the use of Big Data by FIs (the “DP”).
What is Big Data?
In the DP, Big Data is used to refer to the use of “high volumes of different types of data produced with high velocity from a high number of various types of sources, often in real time, by IT tools (powerful processors, software and algorithms).” The DP focuses on the use of Big Data by FIs in their processes, in the provision of services to clients and in client relationships. Examples of common business models are (financial and payment data) aggregator services, risk assessment in the banking and insurance sector, high frequency trading and deployment of investment strategies using non-traditional data.
These business models depend on internet, mobile devices and other internet-connected objects.
The DP includes a non-exhaustive presentation of the existing regulatory framework which the ESAs consider relevant for FIs to consider when using Big Data technologies such as:
- data protection rules (Directive 95/46/EC on Data Protection, repealed by General Data Protection Regulation 2016/279 applicable from May 2018; Directive 2002/58/EC on Privacy and Electronic Communications);
- cybersecurity rules (notably Directive 2016/1148 on Security of Network and Information Systems);
- consumer protection rules (Directive 2002/65/EC on Distance Marketing of Financial Services, Directive 2005/29/EC on Unfair Commercial Practices, Directive 93/13/EEC on Unfair Contract Terms and Directive 2006/114/EC on Misleading and Comparative Advertising);
- sectoral financial legislation (conduct of business principles and the prudential and organisational obligations under the Payment Services Directive, Mortgage Credit Directive, Consumer Credit Directive, Payment Account Directive, PRIIPS, Insurance Distribution Directive, MiFID II/MiFIR, UCITS, AIFMD, EMIR, Solvency II, CRD IV); and
- anti-money laundering rules (Anti-Money Laundering Directive 2015/849).
These rules impose obligations on FIs and provide for rights of consumers which relate, inter alia, to the collection and processing of personal data, to dealings with consumers, to the measures FIs are required to take to manage operational risks of their information processing systems and to the conduct of business with clients.
Potential benefits and risks
The DP points out that the use of Big Data could benefit consumers (e.g. tailor-made and better quality, more cost-effective services) and FIs (e.g. greater efficiency, better management of risks or fraud), but also could prejudice consumers (e.g. limitations to access, discriminatory pricing practices) and FIs (e.g. data privacy and security issues, reputational and legal risks).
Ultimately, the intention of the ESAs is to determine if any regulatory or supervisory actions are required so as to mitigate the risks of Big Data whilst still garnering the benefits of it.