A quiet revolution is underway at the heart of many of our best-known financial institutions. A revolution stirred up by a surprising cross set of people: data specialists, product managers and marketers, united by one thing - the belief that an ethical approach to using data isn’t just compliance by another name but a new source of competitive advantage. The challenge that professionals at Barclays and other leading firms are addressing is operationalisation - how to make a values-based concept like data ethics integral to how they do business.
The demand for data ethics in financial services
When the Open Data Institute released the first Data Ethics Canvas in September 2017, few anticipated that some of the earliest adopters would be financial services businesses. The reasons retail banks like Barclays and Lloyds led the way on data ethics are well understood but worth restating. Firstly, financial services collect, manage and use a large amount of sensitive personal information. Ensuring both the ethical and legal handling of this data is crucial - from protecting the privacy and security of individuals to ensuring data isn’t misused in ways that are legal but that people feel uncomfortable with. Secondly, data ethics helps to build trust and maintain the reputation of financial institutions. Regulators, shareholders and employees all want to see financial services businesses behaving in trustworthy ways regarding data. Thirdly, data ethics plays an important role in preventing discriminatory practices. Financial institutions use data for lending, insurance, and other financial decisions. If data is not handled ethically, it can lead to biased outcomes and unfair treatment of individuals based on things like their demographic characteristics. Lastly, financial services are subject to data protection and privacy regulations, such as the GDPR (the EU’s General Data Protection Regulation), the GLBA (the Gramm-Leach-Bliley Act, a data privacy regulation for US-based financial institutions) and the CCPA (the California Consumer Privacy Act, often called “California’s GDPR”). Regulations don’t completely clarify what people can and can’t do. The GDPR, for example, is a principles-based, not a rules-based, regulation, leaving many grey areas undefined. Grey areas are places businesses rightly fear to tread. However, shining a light on data ethics in unclear situations allows for identifying unintended consequences and potential mitigation tactics. This opens up space for innovation in areas where the GDPR doesn’t offer clear guidance. The ODI has always suggested that regulations like the GDPR can help liberate businesses from uncertainty about what is acceptable. And to help people move beyond the basic questions the GDPR helps resolve, the ODI Data Ethics Canvas examines more complex questions like “Should we do this, and if so, how do we avoid bad outcomes?”.
The impact of data ethics on the finance sector
Research shows only 60% of consumers trust banks with personal data. The survey, which included 1,200 consumers across Europe, revealed that convenience is a key factor in technology adoption within the financial services sector. However, security concerns and a general dislike of AI-based services are barriers to widespread adoption. A steady stream of bad data news hasn’t alleviated consumer concerns. From biased algorithms to worries about credit scoring, customers are provided with little evidence to revise their opinions about the trustworthiness of their financial service providers. This is why Charles Randell, Chair of the UK's Financial Conduct Authority, has cautioned that the consumer finance sector may face a "Cambridge Analytica moment" if it fails to maintain public trust in its data handling practices. Whilst fears of a consumer backlash have played their part in catalysing a focus on data ethics in the sector, so has the recognition that closing the trust gap can offer businesses a competitive advantage.
“It’s important for customers to trust us with their data at the same level as they do with their money” - Russell Barton, Barclays Bank.
The potential for using data more effectively to benefit customers and the business itself has driven recent digital and data transformation efforts. Moving beyond simple transformation for the sake of efficiency, initiatives like Open Banking have highlighted the opportunities for trustworthy data use that also delivers innovation.
Fuzzy thinking stops the sector from embracing data ethics
Whilst many organisations have made great progress in implementing data ethics practices, a lack of skills holds the sector back. Most of the problem is foundational - people misunderstand data ethics and its role. Mention “ethics,” and many will imagine a common set of virtues and values. People think of ethical brands as those that actively communicate their environmental, supply chain and social efforts. These are, of course, admirable initiatives. However, ethics are not consistent across cultures, companies and communities. This, and a common assumption that an appropriate level of ethics is either unachievable or counterproductive in financial services, might make it feel easier to keep ignoring ethics and carry on. The presence of data regulation exacerbates any temptation to disregard data ethics and hope everything will be okay. There’s a belief that simply conforming to regulations like the GDPR makes the use of data ethical. This is not the case. The GDPR’s principles-based framework leaves room for interpretation. And in complex areas, for example, crime detection, following principle-based legislation and common sense is not enough. This is where data ethics skills and frameworks are essential. Knowledgeable data ethics practitioners understand how to guide organisations through ethical danger zones. They help surface the ethical values an organisation shares with its employees, customers and community. They implement practices that not only help businesses avoid the kind of reputational harm Charles Randell and others want the sector to avoid but also apply data ethics as a form of data design practice - a practice that ensures data projects create value whilst avoiding harm.
Operationalising data ethics in financial services
The desire to deliver trustworthy innovation and reduce the potential for harm is behind efforts to make data ethics part of data projects. This starts with integrating data ethics into data strategy. With any strategy, the key to success is execution. For data ethics, execution involves operationalisation - making data ethics integral to how a business collects, manages, uses and shares data. That journey starts with improving awareness and knowledge and designing ethical practices based on industry benchmarks. For Barclays and other financial institutions, this has involved a range of tactics:
- Creating an in-house community of data ethics practitioners: Skilled and certified data ethics professionals help embed ethical data practices that a business and others can trust.
- Co-creating ethical data practices: These might include design principles, practices, and approaches to data ethics that are particular to an organisation. This can be achieved by adapting proven tools to the company’s needs. At Barclays, this involved co-creating a bespoke Data Ethics Canvas with the ODI.
- Comparing approaches to data ethics with competitors: Benchmarking a business’ practices highlights the organisation’s maturity and development needs when it comes to embedding data ethics practices that build trust.
- Training data stewards: Increasing employees’ confidence in working with data to demonstrate trustworthy practices will require raising awareness of data ethics. This is followed by providing training for any employee involved in data collection, management or use, which for many financial services organisations is almost every employee.
Beyond skills and awareness, there are some common strategies for building brands that are trusted with data:
- Developing a data strategy that is more than just a plan for governing data. This entails understanding how data strategy can be better aligned with business strategy to build trust in ways that create an advantage for a business. The goal? A data strategy that is a plan for building and applying the infrastructure that the business and others can trust, one that ensures the way data is collected, used and shared supports both the achievement of business goals and the ethical, legal handling of data.
- Developing trustworthy data infrastructure. Identify the components of data infrastructure (data, people, policies, processes and technologies) that will need to be enhanced to build trust to support business goals and ensure a steady supply of data to generate insights and inform decisions.
- Developing processes that build trust. This involves identifying and evaluating business processes that can be implemented or improved to increase trust around data. Evaluating data’s lifecycle helps a company examine the complexity of data-related business processes. Ensuring the whole lifecycle is covered, building confidence that data will be looked after, that a company will comply with laws and regulations, and able to demonstrate to customers how they have invested in keeping data about them safe.
- Building a strong culture of trust and ethics. Building trust requires the support of all employees, particularly how they work and think together. This may require identifying changes to individual skills and mindsets and how work gets done.