By Eric K. Murai
The disruption that the COVID pandemic had on our day-to-day activities is now all too familiar. The banking sector was one of the most affected sectors with governments urging citizens to embrace digitization; cashless transactions as part of the response to the virus. This accelerated banks’ transition to digital banking.
Banking transactions before the pandemic were more interpersonal and hands-on. Even though the digitization of banking processes was already underway, the pandemic accelerated the process. Banks had to adopt new technologies to enable them to continue serving their customers while still complying with the COVID-19 restrictions. Mobile banking, the use of debit and credit cards, and internet banking are just some of the digitization technologies that banks had to adopt and improve on to ensure continued seamless service to customers.
These technologies, although new, must also incorporate several legal frameworks to ensure compliance with the existing and emerging regulatory requirements.
Data protection will always be a big concern when it comes to digitization. For digitization to come into fruition data must be collected and then stored to be analysed in order to improve efficiency and offer personalized services. Banks need to put in place measures that will ensure that the risk of a data breach is minimized and the data collected is only used for the intended purpose and with the consent of the customers.
Banks should also invest in the necessary knowledge and cutting-edge technology to combat and avoid the growing sophistication of cyber threats that often lead to leaking of confidential customer information. This investment will help in maintaining customer trust.
Existing regulations and emerging technology
Digitization has also become a challenge to the existing regulations. The emergence of WhatsApp banking which allows customers to message banks with any queries about their finances and receive alerts of new products is one example of an emerging trend. It presents a new challenge for banks in terms of record-keeping capabilities, which are limited to seven years under Kenyan Law. It has also blurred the lines between personal and professional use of mobile devices.
Banks must therefore regularly examine their policies for all forms of communication that may be subject to regulation, as was the case with JPMorgan, which was fined $200 million in 2021 for failing to retain records of its staff members’ WhatsApp conversations about securities. The bank failed to preserve any of the records as required by federal securities legislation.
Leveraging Artificial Intelligence (AI) and technology
The use of AI and technology in banking has also increased. We have chatbots that interact with customers by replying to their queries and AI that helps in analysing and compiling data. It is important therefore for AI to be developed by people with diverse backgrounds and personalities so as to make them as impartial as possible and mitigate biased profiling.
Banks should also leverage on AI to do risk assessment tests and identify suspicious activities that pose a threat to data safety. Additionally, AI should be checked for adherence to increasing legal and regulatory standards for instance. AI should not be involved in final decision-making.
Banks’ priority should always be to protect their customers. All personal information collected should be used for only the intended purposes and with the explicit consent of their customers. This should also be reflected in the symbiotic relationship between telecommunication companies and banks. Data being passed between the two institutions should not be misused.
A data protection impact assessment should be done in order to evaluate the risks to the rights and freedoms of the consumer. It should be done before any contract is signed between the telecommunication company and the bank. This will aid in lowering instances of identity theft, data breach, data privacy and fraud.
The Kenya Bankers Association in partnership with the Central Bank of Kenya has a campaign dubbed “Kaa Chonjo” to educate consumers on measures of preventing fraud across digital banking platforms.
The optimal balance between promoting the development of innovative technologies and the requirement for effective regulation must be found. This will ensure that regulations do not interfere with the growth of technology. It is also crucial to note that banks will construct their own regulatory norms in order to establish and uphold public trust, accountability and responsibility.
They will strive to establish sufficient security controls to lessen the risk of cyberattacks that could compromise the assets of the organisations. The banks’ priority will always be to build, preserve and continue growing trust with their customers.
The Writer, Eric K. Murai is the Company Secretary and Chief Legal Officer, Family Bank Kenya.