Financial regulators to assess companies' use of 'big data'

The Joint Committee of the European Supervisory Authorities (JCESA) outlined the intention in a new document detailing its 2016 work programme (4-page / 256KB PDF). The JCESA is made up of the European Securities and Markets Authority, the European Banking Authority and the European Insurance and Occupational Pensions Authority.

The Committee said its work programme will give a "high priority to consumer protection" and also look into financial innovation, including in the context of big data.

"A new area of the financial innovation work will focus on the opportunities and challenges related to the use of 'big data', as well as personal data, by financial institutions to profile consumers, identify patterns of consumption and make targeted offers, which raises questions about firms expected behaviours in order to comply with their overarching obligations," JCESA said. "The topic aims to analyse the adequacy of sectoral regulatory frameworks and identify any regulatory and/or supervisory measures which may need to be taken."

In the UK, City regulator the Financial Conduct Authority has outlined its intention to open a market study into insurers' use of big data. The initiative is expected to be launched shortly.

In its business plan for 2015/16, the FCA said: "We will identify potential risks and benefits for consumers, including whether the use of big data creates barriers to access products or services. We will also examine the regulatory regime to ensure that it does not unduly constrain beneficial innovation in this area."

Earlier this year, Association of British Insurers (ABI) chairman Paul Evans called on the insurance industry to "anticipate regulators" and develop its own big data code of practice. However, the ABI told Out-Law.com in February that it was not "actively working on a code of practice" at the time and was instead "at the planning and policy development stage in this area of work".

John Salmon, expert in technology and financial services law at Pinsent Masons, the law firm behind Out-Law.com, said: "As negotiations for the EU General Data Protection Regulation move closer to agreement, it is the right time for these industry regulators to consider how financial services regulation can be reformed in a way that avoids overlap and inconsistency with the general data protection framework."

“While the GDPR will set out rules of general applicability, there needs to be more clarity as to how these rules will apply in a financial services context, particularly where data can be used for profiling and making automated decisions on whether a particular financial product would be available to them”, he added.

In its work programme, the JCESA also said that regulators would continue to assess the risks and benefits arising from innovations such as the use of automation in the provision of financial advice.