CCR Magazine

CCRi banner ad
You are here  :Home arrow News arrow Banks to face fines totalling €4.7bn in first three years under GDPR
Contact Us Newsletter Signup RSS Feeds

Latest News Headlines

Headlines

 
Commercial Credit News

Headlines

 
Banks to face fines totalling €4.7bn in first three years under GDPR PDF Print E-mail
Thursday, 15 June 2017
A new report from Consult Hyperion, commissioned by AllClear ID, forecasts that European financial institutions could face fines totalling €4.7 billion in the first three years under the new General Data Protection Regulation (GDPR). This forecast is conservative and excludes compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.  

The report GDPR: Banks, Breaches and Billion Euro Fines forecasts the number of data breaches in the European financial services sector over the next three years and corresponding fines under GDPR.

Under GDPR financial penalties for a data breach are substantial. Institutions can receive fines of up to 2% of the previous year’s global annual revenues for a first offence and 4% for repeat offences where the regulator has previously ordered remedial action. There are also possible criminal penalties for executives deemed responsible.

GDPR’s 72-hour breach notification requirement means managing and responding to a data breach in an open and effective manner is critical. Regulators have significant discretion in the level of penalties they can levy, and are required to take planning, customer notification and mitigation into account in the decision.

“The highest risk item in the GDPR is the 72-hour breach notification requirement, and banks are not mitigating this,” said Tim Richards, Principal Consultant, Consult Hyperion. “Data breaches are an unfortunate fact of life for financial institutions, and our analysis suggests that there have been no fewer than 27 data breach incidents among European Tier 1 banks in the last decade, with some banks as multiple offenders, potentially liable for fines at the 4% level. This indicates an 8% chance that any Tier 1 bank will suffer a data breach in any given year. These figures, we believe, are conservative, and banks are not prepared for the consequences under GDPR.”

To compound the issue, new European regulations such as PSD2, ePR and AMLD4/5 will mandate institutions hold more data and make it available over open interfaces, just when data loss becomes especially dangerous.

With less than a year before GDPR goes live the report advises banks to take urgent action to meet GDPR and other legislative requirements to avoid financial and reputational loss.

The report offers pragmatic advice to financial institutions to mitigate the risk of a data breach and ensure compliance. Three key crucial elements are required - the expertise to deal with breach-specific issues including identity theft, the specialised manpower to handle the volume of queries generated when the breach is publicised, and the infrastructure for secure communication channels to notify customers.

“A poorly managed customer notification in the wake of a breach makes you look like a fool. Financial institutions are myopically focused on preventative measures, ignoring the importance of the resilience. History tells us that companies that have dealt with data breaches poorly have seen loss of customers, reduced earnings and board level resignations, while those with a prepared plan and a managed response have sidestepped these issues,” said Bo Holland, CEO, AllClear ID. “GDPR raises the stakes even higher. With only 72 hours to react, financial institutions that have not invested in response readiness will face the most serious fines and collateral business damage.”

The figures were compiled from an analysis of historic data breach figures, adjusted for the size of financial institution. GDPR sanction levels were then applied to the data. It was assumed that breaches were at the lower end of the GDPR fine scale, which is €10m or 2% of global annual turnover.
 
CCRI
3 October - Guoman Tower Hotel, Central London 

CCRInteractive, in association with Marston Holdings , is the largest and leading one-day conference from the publishers of CCRMagazine – a truly national and international event for the credit industry.

This landmark event allows delegates to: Learn best practice of how to increase profitable sales in today’s economy. Understand the key compliance issues and how they will impact upon you. Discuss the legislative and regulatory framework and how it will effect you. Consider the potential effects of Brexit on your business. Discover the latest innovations in the market to improve your collections. Motivate your staff to achieve ever improved results.

To book to attend in 2017, contact Stephen Kiely  or Alison Lucas. To find out more about being part of this landmark event, please contact Gary Lucas
CCRI 

 Forums International Ltd

Forums International Ltd

 Attendance at your first meeting is free of charge, and please quote reference 'CCR2016' to receive the special 10% discount off of your first annual subscription.

Find out more here.

latest issue

CCR Cover

The latest edition of CCR Magazine, the leading editorial publication in the UK credit industry, is out.

Read the latest issue online

The Credit Excellence Awards

Awards 

Tuesday 3 October - Guoman Tower Hotel, Central London


Do not miss your chance to meet and network with the Winners and Finalists at the Credit Excellence Awards, in association with Hoist Finance.


To book your place to attend, please contact Alison Lucas.


subscriptions

CCR is the premier magazine for consumer and credit professionals. It provides an independent voice to the industry, breaking major news stories and running in-depth features.

As a magazine, it works with and campaigns on behalf of the credit industry to promote its importance as a centre of potential profit and business development to the wider business world.

Subscribe to CCR Magazine

CCR World Magazine


 

Providing information and analysis for thousands of senior credit professionals worldwide, every quarter.

Find out more

GTS Media Ltd
81 Cambridge Road
Southend-on-Sea
Essex
SS1 1EP

Registered in England No: 05483197