ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Compliance and Risk

Finding Compliant Ways to Use Consumer Data to Better Serve Consumers

August 31, 2021
Reading Time: 4 mins read
Finding Compliant Ways to Use Consumer Data to Better Serve Consumers

By Mark Cunningham

With consumer data privacy laws banging on pots and pans in the compliance kitchen, banks are being forced to re-evaluate their marketing practices to identify areas of potential risk. Direct-mail campaigns aimed at purchased lead lists have long been a mainstay of bank marketing. But as more states place restrictions on how consumer data is used and stored, some banks are concluding that they may be better served by prioritizing customer retention above new customer acquisition.

The U.S. compliance landscape has always been thorny, but it’s become even more difficult to navigate following recent regulations that mark a paradigm shift in how consumer data is protected. On the regulatory front, California’s Consumer Privacy Act is leading the way, followed closely by a wave of similar bills from other states. Meanwhile, companies like Apple and Google are leading the commercial data privacy charge.

Consumer data is becoming not merely a secured entity but an almost wholly protected one where companies may be required to limit the sharing of consumer data with third parties and delete consumer data after use. As much as banks want to do right by their customers, these limitations are a bitter pill to swallow considering the tremendous investment financial institutions make in customer acquisition and prospect marketing each year.

Fortunately, there are notable exceptions to consumer data privacy rules that suggest customer retention as a less fraught path to revenue growth than net new customer acquisition. (Note: This article mainly focuses on the CCPA, since this law is already in effect and is being used as the model for similar consumer privacy bills nationwide.)

Transactional exemption to retain consumer data

The CCPA establishes nine exemptions to a consumer’s right to have his or her data erased. Perhaps the most useful for bank marketers is the “transactional” exemption, which allows businesses to retain a consumer’s data to complete the transaction for which the personal information was collected; provide a good or service requested by the consumer (or reasonably anticipated within the context of the ongoing business relationship with the consumer); or otherwise perform a contract between the business and the consumer.

While the transactional exemption does not give banks carte blanche to keep customers’ information— determinations must be made on a case-by-case basis—justifying retention of a bank customer information is frequently straightforward. Financial institutions obviously have an ongoing need to retain account holder data, and a customer who takes out a 30-year mortgage can expect his or her information to be retained for the life of the loan. But it can also be appropriate to maintain data for a turndown. For example, say a customer applied for a first-lien home loan with a bank in 2018 and did not meet the required minimum credit score at that time. Banks that accompany each turndown letter with an offer of credit improvement solutions and a promise to check back in once the consumer’s credit is repaired have effectively established an ongoing business relationship that could fall under the transactional exemption.

What these scenarios all have in common is that they relate to use of a bank’s existing database of customers and prospects, not a purchased lead list for which it can be difficult, if not impossible, to prove the existence of a transactional business relationship.

Permissible use of personal information by service providers

A typical financial institution engages numerous service providers to process personal information on the bank’s behalf. While the CCPA imposes limits on the sharing of consumer data with third parties, it also grants exceptions for “permissible use” of a bank’s customer data by third-party vendors acting on behalf of the bank and in support of providing consumers a net tangible benefit.

Permissible use of a consumer’s data includes sharing information with vendors to determine if and when the bank can best serve the consumer with the offer of a loan.

Provided they adhere to Fair Credit Reporting Act guidelines, third-party vendors can view the consumer’s data, identify the relevant opportunity with a net tangible benefit and notify the consumer of a potential benefit on the bank’s behalf by, for example, generating and delivering a firm offer of credit. (Note that firm offers of credit are not subject to the same disclosure requirements as loan applications and therefore do not trigger any compliance-related actions should the consumer decide not to obtain a loan.)

Ideally, third-party vendor software and processes should integrate with a bank’s existing systems and compliance practices. Banks should ask third-party vendors how they are using data in accordance with CCPA, the European Union’s General Data Protection Regulation and other regulations.

Regulators hold banks responsible for the actions of their third-party vendors, so banks should ensure their third-party vendors are meeting all guidelines and work with vendors to develop best practices that include the regular, voluntary compliance audits. Banks can require a third-party vendor that generates firm offers of credit to receive approval from the credit bureaus on the collateral firm offers of credit to be sent to consumers. Additionally, banks can add their own legal opinion or opt-out messages to meet general consumer marketing opt out disclosures.

Consumer data privacy is only likely to become more regulated in the future, but that doesn’t mean that banks can’t find compliant ways to use consumer data to gain competitive advantage and better serve consumers. A customer retention strategy focused on mining a bank’s database for new opportunities of tangible value is an easy way to generate new business without running afoul of tricky data privacy issues associated with purchased lead lists. And banks can even continue to use third-party assistance in this endeavor without taking on undue compliance risk.

Mark Cunningham is an entrepreneur and business strategist who co-founded Sales Boomerang, where he now serves as president and COO.

Tags: California Consumer Privacy ActDataData privacy
ShareTweetPin

Related Posts

FDIC issues relief guidance for Mississippi, Tennessee banks affected by storms

FDIC issues relief guidance for banks serving tribes in Arizona, Montana affected by severe weather

Compliance and Risk
July 17, 2026

The FDIC has released guidance with steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of the San Carlos Apache Indian Reservation in Arizona, and the Fort Peck Indian Reservation and the Crow...

ABA, 52 state bankers associations urge Congress to close stablecoin interest loophole

ABA, associations seek agency alignment on Genius Act implementation

Compliance and Risk
July 17, 2026

The National Credit Union Administration should coordinate with the banking agencies to ensure that Genius Act implementation is substantially similar among all federal payment stablecoin regulators, the American Bankers Association and three other banking sector associations said.

ABA: OCC should revise proposed changes to bank merger application process

ABA: OCC policy changes create uncertainty about minority deposit institution status

Community Banking
July 17, 2026

In a new letter, ABA cited several concerns about the OCC’s recent revisions to its standards for designating minority deposit institutions, saying the changes create uncertainty for institutions seeking to qualify or maintain MDI designation.

ABA, associations propose improvements to federal data privacy law

Banking agencies promise new approach for handling sensitive information

Compliance and Risk
July 16, 2026

The Federal Reserve, FDIC and OCC announced a “coordinated approach” for handling sensitive information used in bank examinations, including a new pledge to notify banks about data breaches that threaten to expose that information.

AI’s rapid rise compels smart risk management for banks

Risk and compliance as strategic growth partners

Compliance and Risk
July 16, 2026

Risk leaders must build relationships, credibility and trust at the bank so their input is valued.

Vought calls for more CFPB oversight, says open banking proposal coming soon

Vought calls for more CFPB oversight, says open banking proposal coming soon

Compliance and Risk
July 15, 2026

Congress should enact legislation to better define “unfair, deceptive, or abusive acts or practices” to avoid abuses by future regulators, and to fund the CFPB through congressional appropriation to make it more responsive to elected officials, CFPB Acting...

NEWSBYTES

Texas Bankers Foundation reopens flood relief fund following severe storms

July 17, 2026

FDIC issues relief guidance for banks serving tribes in Arizona, Montana affected by severe weather

July 17, 2026

Preliminary: Consumer sentiment increased 4.9 points in July

July 17, 2026

SPONSORED CONTENT

Why Your Systems Keep Slowing Down — and What to Do About It

Examiners Are Now Looking at Your Non-Core Systems

June 11, 2026
Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

June 1, 2026
A Modern Blueprint for Serving High-Net-Worth Families

A Modern Blueprint for Serving High-Net-Worth Families

May 28, 2026
Why Your Systems Keep Slowing Down — and What to Do About It

AI Is in Your Bank. Is Your Cloud Contract Governing It?

May 20, 2026

PODCASTS

Podcast: Understanding the 2025 Home Mortgage Disclosure Act data

July 8, 2026

Podcast: Financing America’s independence

June 29, 2026

Podcast: Talent and innovation in community banking

June 18, 2026

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2026 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2026 American Bankers Association. All rights reserved.