EBA seeks views on the use of consumer data by financial institutions

04 May 2016

The European Banking Authority (EBA) published today a Discussion Paper on innovative uses of consumer data by financial institutions, in line with its mandate to monitor financial innovation. The paper identifies risks and benefits for consumers and financial institutions, as well as for financial integrity in general. Feedback received on this Discussion Paper will inform the EBA's decision on which, if any, further actions may be required to mitigate the risks arising from this innovation, while also allowing market participants to harness its benefits. 
The EBA has identified a preliminary list of risks and potential benefits that the innovative uses of consumer data may bring for consumers, financial institutions and financial stability more widely. Institutions may obtain continuous insight into purchasing habits and preferences, as consumers engage in payment transactions through their accounts or cards. The work of the EBA focuses on the use of consumer data in the banking sector, including retail payments.
According to the Discussion Paper, potential benefits to consumers include cost reductions and improved product quality, while financial institutions can benefit from new sources of revenue and reductions in costs. The EBA also flagged risks for consumers, mostly in the form of information asymmetries, and data misuse and security. This in particular is the case when data usage is not properly described or updated in the contractual documentation provided by financial institutions, or when consumers may simply not understand the information on how their data may be used.
Risks to financial institutions are also identified in the paper. The questionable use of consumer data may expose institutions to reputational risks, while competitive distortions may emerge, as institutions which are not in a position to process consumer data may not be able to compete with new market entrants specialised in using consumer data. Issues related to data security are also valid for financial institutions, since they may become exposed to legal risks too if their IT and storage systems are compromised.

Next steps

Comments to this Discussion Paper can be sent to the EBA by clicking on the "send your comments" button on the website. Please note that the deadline for the submission of comments is 04 August 2016. All contributions received will be published after the deadline for submitting responses, unless requested otherwise.

Legal basis

Under Article 9 of its founding Regulation, the EBA is mandated to "monitor new and existing financial activities", "adopt guidelines and recommendations with a view to promoting the safety and soundness of markets and convergence of regulatory practice", and to "bring together all relevant Competent National supervisory authorities with a view to achieving a coordinated approach to the regulatory and supervisory treatment of new or innovative financial activities".