Contact Chris or subscribe to updates for free - here

‘DON’T PANIC’ as GDPR deadline looms

The other week I was lucky enough to spend a bit of time with Dentons, who had Giovanni Buttarelli (the European Data Protection Supervisor) as a speaker. Obviously GDPR was top of mind for the audience and in particular some of the legal nuances with implementation.

There were a couple of key themes discussed.

Impact of Brexit:  This is becoming an increasingly pressing issue politically in the UK. Although GDPR will be implemented in May 2018, we also need to consider what will happen if the UK leaves the EU. At that point it will become a third country (unless in Single Market) with associated restrictions for data.

“Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data”. [link]

In order to establish adequacy, the view was that it would take considerable resource and time (more than a year). There is obviously hope for an agreed compromise, however preparations should take place.

Obtaining guidance and advice from the regulator:  Although national regulators like to help, they are limited on resource and with such a significant change will not realistically be able to provide tailored advice to each firm on request. While UK has been working hard, Germany and Austria are advanced and ready, so don’t expect too much direct guidance from the regulator. [It may be worth taking independent advice].

Priorities for enforcement: The change impacts a wide swath of industries and business and is a complex area. Firms who are non-compliant will most likely be viewed through the follow lenses.

  1. Is the firm actively trying to comply and doing something to improve their compliance? (i. doing nothing is not good).
  2. Has the Data Protection Officer been selected appropriately?  Do they have expertise and independence?
  3. Is the firm transparent with privacy issues?
  4. Is this explained to the customers/subjects in a simple form?

Lack of resource – risk of non-compliance

GDPR is a complex area, the legislation is complex and is requiring significant effort to implement.

The consensus across the room was that many firms have developed central programs that are already underway, with data discovery and some pre-work already in place.

However, what was also clear was that this is, only now, gradually rolling out to the wider organisation for implementation. With less than three months to implement, and fines in place for non-compliance (and especially if nothing is done), this could represent a material risk to many organisations. The changes are not insignificant.

Previously published at

Posted in Blog | Leave a comment

Credit Summit 2018

Last week was the Credit Strategy – Credit Summit, a smorgasbord of credit and collections related topics.

In our daily roles there is often intense focus on the collections and recoveries process itself. However, this week, in particular, is a nice change, allowing a step back to reflect on some of the wider economic and political influences impacting the industry.

With perspectives from three groups, what I will call the economists, the politicians and the industry, a couple of items stood out.

The economists

With some leading economic commentators and survey firms, this session really helped to set the scene. Some of the details we know, some were new, however the consensus was that we live in times of change. Economically we have been living in unusual times and, just like the recent snow which looked so calm and serene until it started to melt, when normal conditions return it is only then that the full impact of the events become apparent … a return to long term ‘normality’.

  • Economic growth: The UK is currently lagging in terms of growth (US 2.5%, rEU 2% and UK at 1.5%). The view was that the UK has not been investing in productive capacity (in part due to the uncertainty generated from Brexit).
  • Interest rates: These were expected to rise, probably to around the 2.5% range. This will be a shock to some consumers and businesses who have become complacent with low rates and ‘easy money’. Higher rates will improve the profitability of the banking sector though and we will need to watch for impacts in the loan space. However, with the high percentage of fixed rate mortgages, it is expected this will take time for the full impact to flow through to the mass market and therefore the economy.
  • Data and the data economy: This has been a big theme over the last few years, driving significant investment in business, in particular in the areas of Security, Fraud, Analytics and CRM. AI is an emerging theme, and expected to be disruptive, especially to the call centre business. However, what was also interesting was the levels of perceived trust consumers have with businesses; banks are trusted, however social media and even some governments and telecommunications companies were not. Still more to do in this space and with GDPR around the corner, this trend is expected to continue.
  • The elephant in the room: Brexit was the topic no one really wanted to talk about, it and its impacts were avoided. However, IPSOS data did point to 69% of businesses not confident that a deal will be a good one for business. Certainty is what they crave going forward.

The politicians

A couple of leading opposition politicians were available for this discussion, although unfortunately no one from the government was able to attend.

  • Concerns were highlighted around the impact of short term lending and its impact on some consumers. This was quoted as ‘borderline illegal at the extremes’.
  • The impact of universal credit and student loans were also both mentioned. Student loans should be thought of as a tax, rather than a loan, it was pointed out. Persistent debt and giving people a chance to get out of debt was a topic of conversation.
  • Overall there was some concern that the level of borrowing has been continuing to increase. Although the system is more stable than in 2008, an amber light should be flashing, especially with car finance funding 86% of all new car purchases.

The industry

The industry reaction was somewhat muted, typically taking a line between what is possible in the economy and allowed by the politicians. However, a couple of thoughts and discussions were evident.

  • Persistent debt and financial difficulties: This remains a theme, and many tools are being successfully put in place to address these issues from a collections point of view. However, the area is one where more effort must be made around the sustainability of the initial lending decision.
  • Data protection and GDPR: Clearly an emerging theme. Readiness for GDPR is still rather nascent and centrally controlled. It is imperative that this is rolled out and operationalised, and links heavily with issues of transparency and trust within the consumer base.
  • Automation and AI: Artificial intelligence (AI) in particular is an emerging theme and viewed as having potential to significantly automate processes across the credit lifecycle. It is already being used and tested in some banking scenarios, with a split between those that see this as cost elimination vs those that are seeing it as ‘service augmentation’. Watch this space; it is an area of opportunity.
  • Brexit: This is inevitably a significant change across the UK. Although details are still unclear, it is important to start to plan and have contingency plans. For example: considerations if the UK becomes a third country to the EU, procedures for customers outside the UK, processes if assets are taken outside the UK … all to be designed.

Overall a very interesting and thought-provoking exchange of ideas. A thank you to the Credit Strategy team for running a great session.

Previously published at

Posted in Blog | Leave a comment

Persistent Debt on Credit Cards: New rules from the FCA

On Thursday 1st March 2018 the FCA introduced their new set of rules relating to persistent debt for credit cards.

Although there has always been focus on pre-delinquency and early action to prevent escalating debt (CONC 6.7.2-3 are the relevant paragraphs), this has now been extended with specifics for the credit card market. These have been developed following the findings from the FCA credit card market study.

The changes are tucked away in the detail of the Consumer Credit Sourcebook (CONC), however, a quick summary of these is below.

Guidance on financial difficulties: There is now specific guidance in CONC on what constitutes appropriate action for customers in financial difficulties. (CONC 6.7.3A-D). It is also a requirement that firms have processes in place to identify these customers too.

In our experience most lenders have already been doing this and following these guidelines for a while, however this is now specifically mentioned within the regulation. It is worth checking compliance and your existing control framework.

Credit cards & persistent debt: There are now a series of rules and guidance relating to action that needs to be taken for customers in this category (CONC 6.7.27-40). These include:

  • A requirement to review customer accounts who have paid less than interest and fees over the last eighteen months. This needs to be reviewed for each customer monthly (a definition of a customer in persistent debt).
  • Customers need to be notified (and again at nine months) and provided options to assist repayment of the debt more quickly. This includes increased payments, or offering debt advice and other existing options for customers in financial difficulty. The duration of any repayment period should not extend beyond four years.
  • However, if a customer does not respond to the notification, the customer’s account should be suspended or cancelled (although not if this should generate further hardship).

These provisions are similar and link to much of the work already started around pre-delinquency. However, this is now more prescriptive, and the requirement to suspend/cancel customers’ accounts on non-response has direct customer implications. Processes and procedures around these will now need to be factored in.

Time to get ready?

Although the new set of rules was implemented on 1st March, firms have until 1st September 2018 to be compliant. This provides a window of time to review existing processes, procedures and ensure revisions are in place.

This is now regulation, will be enforceable and will form part of future FCA review, so now is a good time to get prepared and be ready.

Previously published at

Posted in Blog | Leave a comment