On the surface, the start of 2012 doesn’t feel that much different than the start of 2011 - the economic outlook is still murky. Repercussions of the Dodd-Frank Act and other regulatory changes continue to loom and profitability for many financial institutions remains elusive. However, opportunities await in every challenge, including these. The trick is understanding what those opportunities are and capitalizing on them.
The biggest opportunity out there is reestablishing trust with customers, many of whom still feel badly burned from the financial and housing crises of ’08 and the still lingering negative effects. Reestablishing trust with customers requires a commitment to “do what you say and say what you do.” Although that may seem a hefty and potentially costly task, the fact of the matter is making and following through on that commitment will not only improve your customer relations, it will also lead to stronger regulatory compliance performance and higher profitability.
Understanding What the Customer of 2012 Wants
Ever since bank deregulation in the 1990s, financial institutions have been beating the door down to develop ever more sophisticated and elaborate products and services in order to attract customers away from the competition and to create ideal cross-selling opportunities. Just in the last few years, this includes the introduction of mobile banking, remote deposit capture and more. Clearly there is a market for such highly advanced products but in reality the average customer’s wants and needs really aren’t complicated or elaborate at all.
More than the latest technology-based product or the lowest priced product, what the majority of customers want from their financial institution is good quality, honest service; ongoing recognition by your staff; and a genuine appreciation for their business. In fact, Ted Triplett of ABA Bank Marketing reports that “according to recent research, bank customers actually reported that they would be inclined to pay higher fees if they would get better service in return.” Better and more honest service is a very broad term that can make it difficult for financial institutions to tackle unless they break it down. Here is ATTUS’ take on the top three things customers want most from their financial institution in 2012. Interestingly enough, these three items align with many of the recent and upcoming regulatory changes.
Protect My Information
The bottom line is that customers know that every time they go to the grocery store and use their debit card, shop online with their credit card or check their bank account balance via their mobile phone that hackers are lurking. Customers have grown far too accustomed to these conveniences to give them up but they want assurances from their financial institution and, quite frankly, any other organization they do business with that their information is being protected from internal or external data breaches.
In their GLBA, HIPAA or other related regulatory privacy statements, many organizations say they are concerned about consumer information safety and are taking steps to protect it, but the number of enforcement actions related to privacy issues in 2011 indicates not all of those claims stand up. “In the U.S., the Federal Trade Commission (FTC) reached settlements with Facebook, Google, Twitter, Skid-e-Kids and other companies on privacy-related issues. The Securities and Exchange Commission (SEC) fined three financial executives a total of $55,000 for privacy violations. And FINRA, the Financial Industry Regulatory Authority, fined advisory firms $600,000 for data protection inadequacies,” according to bankinfosecurity.com.
The Twitter settlement is quite noteworthy for those concerned about whether or not their own information security program would pass muster. The FTC’s settlement indicated that Twitter’s privacy statement claimed that it was “very concerned about safeguarding the confidentially of your personally identifiable information” and that it used “administrative, physical and electronic measures designed to protect your information from unauthorized access.” However, the FTC charged that, in fact, Twitter failed in several ways to actually protect that information, including the use of weak passwords that, in addition, did not set to expire after a certain period nor did they suspend after multiple failed login attempts. In addition, the FTC claimed that Twitter did not implement sufficient controls on administrative access or where employees stored sensitive information.
The key to protecting customer information is all within your Information Security Program. With the FFIEC’s recent Supplement to Authentication in an Internet Banking Environment that is now in effect as of the first of this year, you should already have a leg up with the completion of a current information security risk assessment. Just make sure that your Information Security Program performs as well as the intentions laid out in your written document, i.e. do what you say and say what you do.
Don’t Give Me a Dodd-Frank Guilt Trip
The Bank of America (BofA) debacle over debit card fees this autumn proved that consumers have little tolerance for taking the blame or the brunt of new regulatory changes. Among the various and sundry regulatory changes coming up in 2012 are 18 Dodd-Frank related implementation and effective dates. While it may be tempting to simply push back on customers with higher fees or other costs as a result of increased regulation, BofA can attest to the fact that strategy may very well back fire.
Keep in mind that the biggest opportunity for improved financial performance lies in reestablishing trust with your existing customers, as well as garnering a reputation as a trustworthy institution for prospective customers. Given this, slapping new fees on products to make up for lost fees in other areas would appear counterproductive. Take a note from L. Biff Motley of ABA Bank Marketing who suggests that institutions ease customers into new or different fee structures. “Customers like choices and better ways to accomplishing their goals, but they don’t like to be pushed into something new ‘cold turkey.'" Perhaps a new premium checking service with an initial modest fee as an alternative to free checking would make more sense than just imposing a $15 a month flat fee on all checking accounts.”
Congress’ reasoning for passing the Dodd-Frank Act was, in large part, to protect consumers. Whether you agree with that premise or not, many of your customers do buy it. If your institution wants to reestablish trust with its customers, you are far better off exhibiting the value of your product suite and the superiority of your customer service every time you interact with them, than to imply blame on their part through public rants about regulation or cold turkey fee increases. As discussed in the beginning of this article, if you prove your value proposition to your customers through excellent service, they will be willing to pay more, but first you have to prove yourself by doing what you say and saying what you do.
Treat Me Fairly
The Consumer Financial Protection Bureau (CFPB) is one of the biggest results of the Dodd-Frank Act and in 2012 financial institutions will really begin to feel its effects on the overall regulatory environment. It will have specific responsibility for nineteen consumer financial laws including Truth-in-Lending and Truth-in-Savings, as well as the ability to enforce eight additional laws issued by the FTC. Financial institutions and other organizations can reasonably expect that the rules governing Unfair, Deceptive or Abusive Acts or Practices (UDAAP) will top the priority list of all regulators. It is no coincidence that this parallels with customers’ third want for 2012 – treat me fairly.
This focal area of the CFPB has been one of the most concerning to financial institutions because the terms unfair, deceptive and especially abusive seem so broad. The CFPB published its first Supervision and Examination Manual in October and although it doesn’t clear up all the mystery, it is important for financial institutions to thoroughly read and review the CFPB’s definitions of those terms. To help you out, we’ve summarized them here so that you can make sure you are doing what you say and saying what you do.
• An unfair act or practice causes or is likely to cause substantial injury to consumers of which consumers cannot reasonably avoid and which is not outweighed by another benefit. The manual goes on to state the injury is typically monetary and that it can still be considered a substantial injury even if it caused a small amount of monetary injury but to a large group of people. In addition, a significant risk of injury can still cause a violation even if an actual injury has not occurred yet.
• A deceptive act or practice is defined by the CFPB as a representation, omission, act or practice that misleads or is likely to mislead the consumer, assuming that the consumers’ interpretation is reasonable and the result is a material effect on their choice. Institutions need to be especially careful in their advertising because according to the CFPB’s manual, deceptive acts or practices can include misleading cost or price claims or offering products or services that are not truly available.
• An abusive act or practice is described as one that “materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service.” It can also be considered abusive if an unreasonable advantage has been taken of 1) the consumer’s lack of understanding, or 2) the consumer’s inability to protect its interest, or 3) the consumer’s reasonable reliance on the financial institution or other organization to act in their best interest.
Final Words of Caution for 2012
Financial institutions and other organizations seeking to meet these three customer wants in 2012 are best served by seeing the connection between all three, in particular “protect my information” and “treat me fairly,” and their correlation to regulatory compliance. Consider that when Twitter settled with the FTC, they were dinged for having an inadequate security program AS WELL AS misleading users about the state of its security. A similar situation emerged for one of Twitter’s social media counterparts when the “FTC charged Facebook with eight counts of violating its users’ privacy that constituted ‘unfair and deceptive’ behavior.”
Don’t let the fact that these entities are governed by the FTC fool those who are regulated by other entities, such as the FDIC, the OCC, the NCUA, and others. In addition, don’t be lulled into a false sense of security just because you are using model disclosure forms. While they do provide you safe harbor for the regulation they correspond to, they do not provide you protection regarding anything outside of that regulation. For instance, like Twitter and Facebook, if you are not actually fulfilling the claims laid out in the disclosure, you could be liable for UDAAP violations on the grounds you were misleading consumers through false claims.
Bottom line, Information Security and consumer fair treatment should be major components in any organization’s business and profitability strategy for 2012. On these and other matters, your best bet is to do what you say and say what you do – keeping your customers happy and regulators satisfied with your compliance.
This post from Lori Moore, CRCM and ATTUS Technologies compliance director first appeared in ATTUS' free 'The Compliance Advisor' newsletter.