Digital financial inclusion
Financial institutions and Fintechs must also implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information
The dawn of emerging technologies has enabled most industries, especially the financial sector, to expand their client base, allowing the financial sector to extend their services even to formerly unbanked individuals.
The high rate of unbanked individuals occurring in the Philippines stems from several factors. One reason is the lack of funds, as most unbanked individuals come from low-income households. Another is the lack of documentary requirements.
Lastly, a significant number of individuals would instead save through traditional methods for fear of innovation, especially the new technologies by the finance sector.
The government is continually addressing such concerns to help raise the number of banked individuals by promoting digital platforms providing ubiquitous digital services. However, in the wake of emerging digital technologies in the financial sector, one challenge is the threat of personal data misuse. Turning a blind eye to this concern will only derail the government’s financial inclusion efforts.
Banks and other financial institutions and Fintechs (financial technology) must bear in mind that they are personal information controllers (PIC) and must comply with the relevant provisions of the Data Privacy Act. These include adherence to general data privacy principles of transparency, legitimate purpose and proportionality, and upholding data subject rights.
Likewise, financial institutions and Fintechs must also implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing and exposure to unnecessary risks.
Banks and other financial institutions must be aware of their crucial role in promoting widespread trust, accountability and responsibility.
In the implementation of appropriate security measures, the industry must consider the nature of the personal information to be protected, the risks represented by the processing, the size of the organization and complexity of its operations, current data privacy best practices, and the cost of security implementation.
Financial institutions and Fintechs may consider the following:
1. The possibility of phishing. Timely notification or reporting of phishing emails or spoofed banking websites to data subjects and relevant authorities must be done for timely intervention.
2. Improvement of fraud detection mechanisms. PIC should regularly monitor accounts for suspicious activities, such as, but not limited to, deviations from past transactions.
3. Implementation of multi-factor authentication and encryption of data to ensure and reinforce other security measures already put in place.
4. Ensuring compliance with local regulations and international standards. Banks, financial intermediaries, Fintechs and their service providers must ensure adherence to Bangko Sentral ng Pilipinas and National Privacy Commission regulations and ensure compliance to relevant standards that may be available to the financial industry, and adopt as best practice various digital initiatives by regulators.
5. Proactively addressing risks by conducting Privacy Impact Assessments and having in place a Disaster Recovery Plan to ensure availability and integrity of personal data at all times.
6. User-side controls which enable a user to activate or deactivate features in their accounts.
Besides the existing industry best practices, online intermediary service providers must also consider that the technologies they are now offering make their products and services more accessible to vulnerable groups. In this regard, financial institutions must educate their customers concerning the protection of their data and ensure that proper safeguards are implemented to ensure that the protection and rights of the vulnerable sector are upheld.
At all times, banks and other financial institutions must be aware of their crucial role in promoting widespread trust, accountability and responsibility. Financial inclusion can only succeed if consumers fully trust the digital financial platforms available to them.