ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

Finding Compliant Ways to Use Consumer Data to Better Serve Consumers

August 31, 2021
Reading Time: 4 mins read
Finding Compliant Ways to Use Consumer Data to Better Serve Consumers

By Mark Cunningham

With consumer data privacy laws banging on pots and pans in the compliance kitchen, banks are being forced to re-evaluate their marketing practices to identify areas of potential risk. Direct-mail campaigns aimed at purchased lead lists have long been a mainstay of bank marketing. But as more states place restrictions on how consumer data is used and stored, some banks are concluding that they may be better served by prioritizing customer retention above new customer acquisition.

The U.S. compliance landscape has always been thorny, but it’s become even more difficult to navigate following recent regulations that mark a paradigm shift in how consumer data is protected. On the regulatory front, California’s Consumer Privacy Act is leading the way, followed closely by a wave of similar bills from other states. Meanwhile, companies like Apple and Google are leading the commercial data privacy charge.

Consumer data is becoming not merely a secured entity but an almost wholly protected one where companies may be required to limit the sharing of consumer data with third parties and delete consumer data after use. As much as banks want to do right by their customers, these limitations are a bitter pill to swallow considering the tremendous investment financial institutions make in customer acquisition and prospect marketing each year.

Fortunately, there are notable exceptions to consumer data privacy rules that suggest customer retention as a less fraught path to revenue growth than net new customer acquisition. (Note: This article mainly focuses on the CCPA, since this law is already in effect and is being used as the model for similar consumer privacy bills nationwide.)

Transactional exemption to retain consumer data

The CCPA establishes nine exemptions to a consumer’s right to have his or her data erased. Perhaps the most useful for bank marketers is the “transactional” exemption, which allows businesses to retain a consumer’s data to complete the transaction for which the personal information was collected; provide a good or service requested by the consumer (or reasonably anticipated within the context of the ongoing business relationship with the consumer); or otherwise perform a contract between the business and the consumer.

While the transactional exemption does not give banks carte blanche to keep customers’ information— determinations must be made on a case-by-case basis—justifying retention of a bank customer information is frequently straightforward. Financial institutions obviously have an ongoing need to retain account holder data, and a customer who takes out a 30-year mortgage can expect his or her information to be retained for the life of the loan. But it can also be appropriate to maintain data for a turndown. For example, say a customer applied for a first-lien home loan with a bank in 2018 and did not meet the required minimum credit score at that time. Banks that accompany each turndown letter with an offer of credit improvement solutions and a promise to check back in once the consumer’s credit is repaired have effectively established an ongoing business relationship that could fall under the transactional exemption.

What these scenarios all have in common is that they relate to use of a bank’s existing database of customers and prospects, not a purchased lead list for which it can be difficult, if not impossible, to prove the existence of a transactional business relationship.

Permissible use of personal information by service providers

A typical financial institution engages numerous service providers to process personal information on the bank’s behalf. While the CCPA imposes limits on the sharing of consumer data with third parties, it also grants exceptions for “permissible use” of a bank’s customer data by third-party vendors acting on behalf of the bank and in support of providing consumers a net tangible benefit.

Permissible use of a consumer’s data includes sharing information with vendors to determine if and when the bank can best serve the consumer with the offer of a loan.

Provided they adhere to Fair Credit Reporting Act guidelines, third-party vendors can view the consumer’s data, identify the relevant opportunity with a net tangible benefit and notify the consumer of a potential benefit on the bank’s behalf by, for example, generating and delivering a firm offer of credit. (Note that firm offers of credit are not subject to the same disclosure requirements as loan applications and therefore do not trigger any compliance-related actions should the consumer decide not to obtain a loan.)

Ideally, third-party vendor software and processes should integrate with a bank’s existing systems and compliance practices. Banks should ask third-party vendors how they are using data in accordance with CCPA, the European Union’s General Data Protection Regulation and other regulations.

Regulators hold banks responsible for the actions of their third-party vendors, so banks should ensure their third-party vendors are meeting all guidelines and work with vendors to develop best practices that include the regular, voluntary compliance audits. Banks can require a third-party vendor that generates firm offers of credit to receive approval from the credit bureaus on the collateral firm offers of credit to be sent to consumers. Additionally, banks can add their own legal opinion or opt-out messages to meet general consumer marketing opt out disclosures.

Consumer data privacy is only likely to become more regulated in the future, but that doesn’t mean that banks can’t find compliant ways to use consumer data to gain competitive advantage and better serve consumers. A customer retention strategy focused on mining a bank’s database for new opportunities of tangible value is an easy way to generate new business without running afoul of tricky data privacy issues associated with purchased lead lists. And banks can even continue to use third-party assistance in this endeavor without taking on undue compliance risk.

Mark Cunningham is an entrepreneur and business strategist who co-founded Sales Boomerang, where he now serves as president and COO.

ADVERTISEMENT
Tags: California Consumer Privacy ActDataData privacy
ShareTweetPin

Related Posts

FinCEN to propose new rules on money laundering, whistleblower program

Treasury official outlines principles for Bank Secrecy Act modernization

Compliance and Risk
June 18, 2025

The Treasury Department is exploring ways to streamline the filing process for suspicious activity reports and currency transaction reports as part of a broader effort to modernize BSA enforcement, Deputy Secretary of the Treasury Michael Faulkender said.

ABA suggests splitting proposal to expand Fedwire, NSS operating hours

FATF releases revisions to international standard for payment transparency

Compliance and Risk
June 18, 2025

FAFT announced several revisions to its recommendation on payments transparency, which it said will enhance the safety and security of cross-border payments to better detect financial crime.

BAFT releases report on best practices, guidance for ISO 20022 migration

CFPB to delay small-business lending data collection compliance dates

Compliance and Risk
June 17, 2025

The CFPB will issue an interim final rule today to push back by roughly a year the compliance dates for its small-business data collection requirements, according to a filing in the Federal Register.

Is deepfake technology shifting the gold standard of authentication?

Will fraud prevention ever be autonomous?

Technology
June 17, 2025

Anti-fraud systems are learning to anticipate fraud rather than merely react to it. Better anticipatory abilities inch systems closer to full automation.

New infographics provide advice for identifying money mules, check fraud

Banking agencies seek public comment on strategies to combat payments fraud

Compliance and Risk
June 16, 2025

The FDIC, Federal Reserve and OCC issued a request for comment on potential actions to help consumers, businesses and financial institutions mitigate risks related to payments fraud, particularly check fraud.

CFPB claims ‘complex’ pricing drives up cost of financial products

ABA, associations reiterate concerns about CFPB nonbank registry

Compliance and Risk
June 16, 2025

ABA joined two associations in reiterating their concerns about the CFPB’s nonbank registry, which the current bureau leadership has proposed to eliminate.

NEWSBYTES

Treasury official outlines principles for Bank Secrecy Act modernization

June 18, 2025

Report: Bank merger activity continues at steady pace

June 18, 2025

CFPB proposes ending using civil penalty funds for consumer education, financial literacy

June 18, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.