Building trust in banking: The success strategy

Money is the foundation of the modern economy because people place trust in its value. Historically, this value was defined by physical commodities like gold, but with the introduction of paper-based checks and now online banking and digital payments, the value of money has become defined by trust.

Customers trust financial institutions to manage their payment information and financial operations, expecting a seamless user experience in return. To achieve the latter, baking institutions need to collect, store, and process highly sensitive data, which makes them responsible not only for clients’ financial assets but also for their personally identifiable information (PII).

Digital banking is now the norm for both personal and corporate money management. But as more neobanks and fintech startups populate the market, the unparalleled convenience and smooth customer experience they offer often come at the cost of increased security risks.

​​Over the past five years, the financial services industry has been extensively targeted by bad actors, surpassing other sectors in terms of both the number of cyber attacks and their cost. This is not just due to the inherent value of payment data, but also the immense worth of PII, such as social security numbers, that financial institutions also store. For example, complete payment card details are typically sold for a price ranging from $14 to $30 on the dark web, while all the personal data required to steal a person’s identity sells for around $1,000.

Trust is a crucial factor that is earned and sustained through the proper protection of sensitive client data. A survey shows that almost half of US consumers would switch banks in the event of a data breach, regardless of who is at fault. This highlights the importance of a strong security architecture as a key factor in determining the value of a financial institution. However, better security must not compromise the user experience, as both customer satisfaction and cybersecurity are pivotal in building trust.

Financial institutions must prioritize security in their operations and strive to meet regulatory compliance standards to establish a secure foundation that enables innovation without increasing risk. It’s essential to avoid using non-compliant communication platforms during remote consultations with clients to prevent disruptions and hefty fines from regulators.

Modern communications platforms are a key enabler for financial services organizations, but only if they are adequately bolstered to meet the constantly growing demands of security and compliance. The cost of not taking regulatory responsibilities seriously can be quite high. Morgan Stanley bankers have learned this the hard way. 

Just days ago, the bank confronted some of its employees with hefty fines that ranged from a few thousand dollars to more than $1 million. The cause, according to Financial Times, was the misuse of digital messaging platforms like WhatsApp for sensitive information exchange. The amounts of penalties were decided based on employee seniority, the severity of the wrongdoing, and whether the misuse was repeated. The fines were not exactly a surprise, though. The bank has previously exercised financial penalties and explicit warnings against individuals using personal devices and non-compliant communication tools for business chat.

Given the declining salaries and bonus cuts in the context of the global economic downturn, the fines are likely to have a quite devastating impact. But the employees are not the only ones who will be held accountable. The organizations themselves are expected to face serious consequences from the US authorities. The Securities and Exchange Commission (SEC) has already launched several similar investigations, focusing on big fund managers, which suggests that we will possibly witness more fines in the near future. 

Demands around recordkeeping in the financial industry have always been a rigid matter, especially after the 2008 crisis. Yet, workarounds, such as the use of personal devices and non-sanctioned channels for communication with colleagues and clients, continue to be present in the finance industry. One of the reasons for that is senior management not taking compliance issues seriously and often ignoring the policies themselves. 

Today, work and life are surely closely interlinked, which can make it tricky at times to draw a clear line between the two. But with the risk of sizeable fines, bank employees will have to start being more diligent and cautious when it comes to the sharing of sensitive data.

Banks can assess the level of trust by evaluating the efficacy of data governance, ethical business practices, and transparency. A comprehensive approach to these aspects requires addressing three key domains: people, policies, and technology. To enhance employee security awareness, companies should invest in upskilling and educational programs that teach security best practices, such as multi-factor authentication, reporting suspicious emails, and using only authorized communication channels. Policies must be transparent and auditable, providing real-time insights for security leaders to make informed decisions and assess their security posture. The technology in place should empower employees and automate processes to minimize the risk of human error, improve scalability, and provide a modern, digital-first customer experience.

Measuring something as abstract as trust is a challenge, and with the shift toward digital financial services, institutions must find new ways to interact with clients in a personalized, convenient, and trustworthy manner. It’s important to implement tools and policies that improve security while enabling employees to work efficiently without hindering productivity.