FCA Spotlight On How Consumers Deal With Money

Source: Audio Visual Excellence

Consumer Spotlight is the FCA’s view on how UK consumers deal with money and financial services, including the capabilities and potential vulnerabilities. It describes ten consumer segments, and reveals the data the model is built on.

The tool is intended to help the FCA identify the risks consumers face, and the protection required.

Charts show how each segment responded to questions in a survey of over 4000 consumers. Filters reveal characteristics, attitudes and behaviours associated with different group of consumers (e.g. inertia, risk appetite and impulsiveness). This can help firms design products and communications that "work well for different, specific consumers."

The FCA's model is said to differ from firm's models because it incorporates "some data not commonly collected in commercial models, such as vulnerability characteristics and financial capability." However, I wonder if another difference is that some firms treat evidence of vulnerability and financial capability as a reason to target a segment, rather than avoid it...

While firms would be wise to at least consider the data when designing products and communications, the FCA warns that:

"The data is based on consumer recall and self-reported behaviour and attitudes; it is not validated against other sources. Consumers may not know the answers to questions. Other industry data may be gathered in different ways or for different purposes, making direct comparisons difficult... Although it may inform a firm's thinking and planning, the model is not designed for commercial development. We do not intend to enable firms to profile their own customer base using the model for their own commercial benefit."

Porting Midata Seems Simple Enough

LinkedIn (and Amazon.com) have demonstrated how easy it can be to transfer your transaction data from one service or application to another. This should be of interest to anyone interested in Midata.

LinkedIn recently took the decision to replace the function which allowed you to add third party applications to your LinkedIn profile with the ability to add direct links material hosted elsewhere. It appears that the third party applications had been necessary to enable the storage and display of the material on the LinkedIn platform. Ending that third party application programme will mean all the data you've loaded for display via at least some of those applications will no longer be available on your profile. The data would need to be transferred from the LinkedIn platform to a third party's systems in order to display or use it in similar fashion.

Unfortunately, I missed any notification of this decision, and only went looking for information in the Help pages when I found I could no longer add a book to my "Amazon Reading List by Amazon" app. (a nice way of tracking interesting books you've read). That I missed the news was a bit strange, as I'm a frequent LinkedIn user with over 900 connections, so maybe the commuication of this decision and its implications could have been handled a little better. 

However, the instructions for obtaining and displaying my reading list data were simple enough, and I am now the proud owner of a profile on Shelfari, the literary network facilitated by Amazon.com, into which I have imported my data from the application on LinkedIn.

Whether I can then display a list of books I've read to my followers on LinkedIn is a matter for LinkedIn. But it did seem that the updates to the reading list, rather than the list itself, was what sparked comment and discussion.

Midata Thoughts No. 2

I attended a meeting of the midata Transmission working group this week, which reviewed a set of scenarios based on those described in my previous post on this topic. I've updated my legal presentation by way of an overall summary, and will embed it below shortly. The working group scenarios are likely to go into a bit more detail and involve additional sub-scenarios. I assume they will be available once they have been reviewed by all the working groups and are considered in final form - possibly as part of a final report.

In essence, our discussion this week focused on: 

• clarifying the likely use-cases and consumer/small business benefit: the first few scenarios reflect how midata currently flows (e.g. release of current account data via online banking) which we agree is not terribly consumer friendly. The later scenarios reflect a more likely outcome, as new analytical and 'dynamic switching' services arise, for example, or as consumers begin to negotiate specific products or pricing (whether alone or in collaboration with others); and

• differentiating the various types of services that may be offered by new intermediaries (previously called 'personal information managers'): 

•  Midata Store: this service would only involve the provider acting as a reasonably passive repository of midata on the Customer's behalf, (e.g. merely holding it, or displaying and/or transmitting it without any alteration) could be called, say, a "Midata Store". It was also considered necessary to distinguish between a Midata Store that only receives midata from the Customer, and one that receives midata directly from a Current Supplier via a direct interface ("Linked Midata Store");

•  Midata Service Provider: this type of service would involves the receipt of midata on the Customer's behalf for the purpose of analysis, combining that data with other data and/or producing some kind of reliable result for the purpose of negotiating with Current Supplier or Third Party Supplier would involve processing on a greater scale.  This would clearly involve more technological (as well as contractual and co-regulatory) safeguards.

It was considered that Midata Stores and Midata Service Providers are likely to evolve their own specific technology/transmission standards and self-regulatory codes quite quickly, in addition to any trnsmission guidelines etc produced by the Midata programme. However, it would be difficult to mandate the creation of a specific trade body or related code at this point.

The next meeting I am due to attend is a meeting of the legal and regulatory working group at the end of this month.

Midata thoughts 121212 v2.0 from Simon Deane-Johns

Midata Thoughts No. 1

Hard on the heels of the government's recent warning shot, we're now into the working group phase of the voluntary Midata programme.

I'm involved in the working groups on Transmission and Data Protection Regulation & Enforcement. Other members of the Interoperability Board are also looking at Identification; Data Storage; and Onward Data Release to Third Parties. In due course, we will draw those aspects together, with the exact form and format of the output to be decided.

Of course, this is not intended as a 'closed shop' and I have tried to be transparent, via this blog, about my involvement. This has included publishing a summary of my response to the Midata consultation over the summer. In keeping with that, I am now embedding below a presentation of my initial thoughts following discussions on the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams covering the three types of scenarios involved.

I welcome any comments, queries or suggestions you may have. I will post further updates in due course.

Midata Thoughts No. 1 from Simon Deane-Johns

 

Caution On Payday Loans Cap: It's A Midata Problem

The government is right to resist automatically capping interest rates for short term or 'payday' loans, and to insist on an evidence-based approach to the market which takes account of unintended consequences. Powers to cap rates, prevent endless renewals and aggressive, unsupportive collections activity are important. But it's critical to understand the real problem confronting the payday borrower before leaping to solutions.

Until now, the popularity of short term loans has been positioned in Parliament as a moral problem (rich for MPs!) for which an interest rate cap is the solution. 

But the annualised percentage rate (APR) for short term loans is misleading and unhelpful for borrowers in context. It only enables comparison of one short term loan against another. And it produces such a strange result against longer term loans that borrowers ignore it - especially, as those loans may not be available to short term borrowers anyway.

Typically, a short term loan is applied for when other debts are due, fees are about to be incurred and other consequences are biting or about to bite. The relevant data points include the cost of unauthorised overdrafts, default fees on card accounts, the consequences of missing the rent, failing to pay a phone or energy bill, and so on. Borrowers react to the worst of the known consequences when borrowing, but may not be aware of them all, let alone take them all into account when assessing the best option.

This is a data problem, not an interest rate problem associated with just one of the options available to the borrower.

What would be helpful is a tool that enables comparison of all the options facing a short term borrower in the borrowing context.

Such applications are evolving, and it's important to note that the government is also playing a role to foster that evolution.

The Midata initiative, for instance, is aimed at producing solutions to meet exactly this kind of challenge. It aims to drive the development of simple applications that will access a person's own transaction data (including fees) to enable that person to make better purchasing decisions. Initially, the government is targeting suppliers in markets for energy, mobile phones, current accounts and credit cards. But it has issued a warning to others. 

If only we could get our MPs to focus on proportionate solutions to the root causes of society's problems rather than embarking on populist moral crusades and fiddling their expenses!

Warning Shot Fired Over Midata

The government is preparing the way for regulations to enable consumers and small businesses to request all their transaction data related to energy, mobile phones, current accounts and credit cards. If considered necessary, regulations could be in place in 2013, and may target other markets where certain factors point to consumer detriment.

The decision follows a consultation in the summer, and the full  response is here.

The proposals should add momentum to the voluntary Midata programme fostered by the Department for Business Innovation and Skills to help industry and consumer representatives resolve some of the key challenges in the 'core' consumer markets.

The Information Commissioner’s Office would take the lead role in enforcing any regulations, while concurrent enforcement powers could be given to sector-specific regulators.

The 'transaction data' at stake are the records of a consumer’s own purchases or consumption from a supplier - what the consumer bought, where and how much they paid for it - not the supplier's subsequent analysis. The data would have to be released in computer-readable format to enable it to be analysed by the consumer or a service provider of his/her choosing. This would help prevent suppliers gaining an unfair pricing advantage over consumers, for example, and make it easier for consumers to figure out the product right for them.

Factors the government might consider when deciding whether to expand the programme to other sectors include: 

• the market is not working well for consumers, e.g. consumers find it difficult to make the right choice or their behaviour affects pricing it's difficult to predict that behaviour;

• there's a one-to-one, long-term relationship between the business and the customer, with a stream of ongoing transactions;

• consumer engagement is limited, e.g. low levels of switching or competition; and

• suppliers don't voluntarily provide transaction/consumption data to customers at their request in portable electronic format.

I should add that I am involved in the Midata programme, as a member of the Interoperability Board, and on working groups considering issues related to data transmission and law/regulation.

Travelling With The ID Pioneers

Seeking a New State of Identity

If the penultimate CSFI roundtable on Identity in Financial Services was anything to go by, the final one should be a proper knock-down, drag-out affair worthy of past pioneering epics ;-) In fact, the Innholders should replace it's sign for the day, to read:

The issue that sparked the most heat (again) was whether banks might somehow be suited to be the guardians of the so-called 'hard' element our identities - the proof currently required to move our money, access our government records and so on - rather than 'soft' credentials necessary to access, say, your social media accounts. 

Spotted the flaws already? 

We shouldn't bother picking on the banks anymore (though it is fun). I mean, I seriously doubt they want to be cast in this role at all. And as Richard Martin pointed out, the banks are each wedded to different identity solutions, chosen for fairly mundane IT procurement reasons rather than any attempt to use ID services as a source of competitive advantage (banks compete?!) in offering secure access to your money their services. At any rate, to the extent that any banks are availing themselves of the latest e-ID tools to more efficiently KYC their customers, they are merely using the credit reference agency databases. So if one were to look only at the development of 'hard' identity services, one should cut through the banking platforms to the credit reference agency roadmaps and how they plan to enable access to those services in ways that are much more useful and empowering for consumers.

And while the Money Laundering Regulations do erect a reasonably heavy barricade to the usability of financial services, it's unduly trusting to pretend they amount to best practice in establishing a person's identity. Real danger lurks in this idea that social media identity is somehow 'soft'. The premise for this seemed to be that Facebook, Google, Amazon, eBay and so on don't offer any services that attract the need for 'bank-standard' ID checks and personal data protection, and couldn't operate to such high standards. Yet, many of them already operate financial institutions. And I suggest that there is more real value to the use of your identity to personalise products and pricing than in simply accessing your bank records. Even the Eurocrats are onto this. It's ironic that the person who was most pressing in his demand to know 'who owns my identity data' in a social network setting also admitted to entering a joke date of birth in a leading social media service. I guess he'd also be the first to complain if that service provider and those in its network were to hold the 'lie' against him...

But, of course, identity verification is developing in ways that mean your joke date of birth in one or more databases - and even your passport, driving licence and energy bill - won't necessarily matter amidst a far wider set of identity factors. As I've explained after the previous roundtable on this topic, what makes us unique is our collection of behaviours and the data they generate. So I'll end this post in a similar way to the last.

There are two key identity problems to be solved. As consumers, we need to be able to simply, conveniently and efficiently prove our identities in the course of any day-to-day activities.  And as a community, we need the source of that proof to be less vulnerable to being hacked or guessed, and to contain its cost.

Given those key problems, the solution cannot possibly comprise a single, static set of data that is 'held' by some institution. Rather, the solution has to involve the capability to generate a unique and momentary proof of identity by reference to a broad array of data generated by a user's own activity,  which is then immediately useless and can be safely discarded.

A New Regulatory Model For Retail Finance

"It's time for reflection..." FT.com

Non-bank retail finance models have been gaining momentum worldwide over the past six years, in spite of our creaking financial regulatory framework. Finally, it seems that framework is about to become more directly supportive. 

The mid-noughties saw the launch of various innovative person-to-person finance platforms in the UK, US, Germany and elsewhere, which have been tracked here. These were launched by teams that spent considerable time and expense trying to accommodate existing regulation that favoured incumbents, with little or no regulatory assistance. Meanwhile, the regulatory authorities discovered that their framework, ironically designed to protect consumers, actually guaranteed the worst banking excesses and failed to contain the downside to complex "shadow banking" system in which the incumbent institutions were also involved. And although taxpayers have had to step in and effectively democratise the financial markets, we are still unable to extract badly needed funding from retail banks.

Against that background, it is perverse that the regulatory framework does not already directly facilitate simple, low cost, alternative financial services. And let's not forget that banks and other retail investment institutions continue to enjoy indirect tax subsidies through individuals' ability to off-set losses, as well as ISA and pension allowances for which unregulated alternative investments do not qualify.

While substantial innovation in consumer and small business lending has been possible, UK rules against marketing investments like bonds, shares and unregulated collective investment schemes, have made it much harder to offer alternative funding for SME start-ups, trade finance and even social projects. Given a more proportionate investment regime, the likes of Crowdcube, MarketInvoice, Buzzbnk, Social Impact Bonds and the Green Investment Bank, for example, might operate rather differently. They would no doubt also be joined by existing and new P2P platforms as a substantial alternative to banks and other fee-hungry investment institutions.

Oddly, given its reputation for fast-paced innovation, the US is even less supportive of alternative retail financial models. Zopa, for example, which led the growth of P2P platforms with its launch in the UK, was unable to launch its P2P model in the US despite lengthy consultation with securities regulators. And life has been unnecessarily complicated for the likes of Prosper and Lending Club ever since.

To help remedy the regulatory imbalance, as mentioned in August, three of the leading UK commercial P2P platforms launched the Peer-to-Peer Finance Association and an accompanying set of self-regulatory measures. Their focus is platforms on which the majority of lenders and borrowers are consumers or small businesses, rather than, say, ‘investment clubs’ or networks of sophisticated investors. 

And in September the New York Times reported that there are three proposals in the US to allow peer-to-peer financing without securities registration and disclosure requirements:

"One petition, prepared in 2010 by the Sustainable Economies Law Center and, fittingly, paid for by a grass-roots crowdfunding effort, asks the S.E.C. to permit entrepreneurs to raise up to $100 per individual and an aggregate of up to $100,000 without requiring expensive registration and disclosure.

President Obama, as part of his jobs act, advocates an exemption for sums totaling up to $1 million. Representative Patrick McHenry, a Republican from North Carolina, has drafted legislation that would allow companies to obtain up to $5 million from individuals through crowdfunded ventures, with a cap of $10,000 per investor, or 10 percent of their annual incomes, whichever is smaller."

How would this work in practice?

The challenge (and benefit) associated with such 'safe harbours' is that there is very little room for fee income. This in turn favours 'thin intermediaries', like the new electronic finance platforms, as a means of broad, open distribution. Proportionately regulated, these platforms can deliver greater efficiency, transparency and cost savings that benefit providers and consumers alike. 

Specifically, these platforms can be the focus of regulation designed to control operational risk; deliver transparency (through adequate product disclosure and ‘my account’ functionality); and centralise customer service and complaints handling, with ultimate referral to financial ombudsmen. Focusing those regulatory burdens on the platforms would shift significant compliance costs away from the product providers who rely on the platforms as a means of distribution. This would also mean specialist product regulators could focus their resources on 'vertical' issues related to specific products and their providers rather than 'horizontal' issues that are common to all. Such is the primary intent behind the P2PFA's Operating Principles, for example, which cover lending to both consumers and small businesses.

In addition, since social investments and P2P finance offerings both involve some credit risk and therefore the potential for losses, tax rules should allow off-setting against gains and income derived via these platforms. And there is no reason why instruments so distributed should not also qualify for ISA and pension allowances.

Consumers and small businesses should expect further developments in this space throughout 2012.

Identity Is Dynamic, Not Static. Proof: Momentary.

On Tuesday we had a very revealing discussion on whether "banks and/or mobile operators should provide the identity infrastructure" at the CSFI's Sixth roundtable in the series on Identity and Financial Services.

Of course we began by discussing what identity actually is - not something that can be isolated or assumed, as was also apparent from the Fifth roundtable.

In this discussion, it was very clear that a bank or telco views identity as a static collection of data about an individual that can be stored or held, with varying degrees of subject access and control. In this entrenched view of the world, institutions - like banks and telcos - can compete for the privilege of 'holding' your identity and enabling you to prove who you are. In essence, those institutions are in control of your identity.

So what's stopping them providing an all-purpose identity infrastructure today?

The fact that identity is not a static concept. It's dynamic, contextual, and defined more by your various sets of activities or behaviours - "routes and routines", as Tony Fish put it - than by a picture, address and date of birth. That collection of behaviours and the data they generate are what makes us unique. Further, Dean Bubley made the point that we over-estimate the degree to which telcos (and banks), actually 'know' their customers in the sense of understanding their customers' end-to-end activities. And we over-estimate these institutions' technological ability to enable their customers to prove their identity at all, let alone conveniently in scenario's of their choosing.

A Finnish delegate also made the point that Finnish banks offer identity services, based on a government database, but make very little money out of them. Which suggests the services are not very useful or compelling.

In any event, static data repositories are vulnerable to attack; and the services that rely on them are apt to be 'gamed' by simply replicating the data held - as in the case of skimming card data or fabricating identity documents to gain control of a bank account. The fact that the individual consumer is ultimately compensated and therefore not 'harmed' in a direct financial sense is beside the point. We all pay for such inefficiencies in the form of higher interest rates, fees and retail prices.

So there are two key problems to be solved. As consumers, we need to be able to simply, conveniently and efficiently prove our identities in the course of any day-to-day activities.  And as a community, we need the source of that proof to be less vulnerable to being hacked or guessed, and to contain its cost.

Given those key problems, the solution cannot possibly comprise an "identity infrastructure" or 'service' that relies on a single, static set of data that is 'held' by some institution. Rather, the solution has to involve the capability to generate a unique and momentary proof of identity by reference to a broad array of data generated by our own activity, on the fly, which is then useless and can be safely discarded.


Image from Young Lee.

Counter-Regulation And Consumer Empowerment

In 2006, I speculated in an article for the Society for Computers and Law, entitled "Counter-regulation", that the government would one day require offline businesses to implement the benefits of successful online business models. They would do this, I suggested, because successful online businesses "will have demonstrated to most consumers the inadequacies in the business models of their offline counterparts" whose customers will realise they're at a disadvantage compared to consumers dealing online.

That day certainly arrived in April, if not before, when the UK government announced its "Consumer Empowerment Strategy". The policy "aims to put consumers in charge so that they are better able to get the best deals for themselves, individually and collectively." As part of the strategy, "the Government wants to work with [service providers and retailers] to come up with a solution that allows consumers to access [purchasing] information, analyse it according to their own preferences and make better choices."

However, in Better Choices: Better Deals, the Government makes it refreshingly clear (at p.5) that a new legislative programme is not the best way to achieve consumer empowerment. Instead, it is relying on "a wide range of new programmes that have been developed in partnership with businesses, consumer groups and regulators" against a background of normal regulatory enforcement.

It is also refreshing to see that the Government has gone to considerable lengths to try to understand the overall context before announcing policy. As a result, Better Choices: Better Deals is a treasure trove of statistics, behavioural insights, and research - and an inspiring read, rather than an irritating one. There are numerous proposals (see pp.6-7 and Annex A of Better Choices: Better Deals), some of which are the product of thematic regulatory work and some of which go beyond the way many online businesses operate today. Indeed, the semantic web is central to the Government's vision. Of course, the list is not exhaustive - the document is step one in in an attempt to foster collaborative effort across the community, not a creaking regulatory panacea of the kind favoured by the European Commission. These proposals include:

• the 'mydata' [since renamed 'midata'] project to enable consumers to access information about their purchases, analyse it according to their own preferences and use that information to make better purchasing decisions;

• e-statements for credit cards, to provide the last 12 months of transaction data in a portable electronic format;

• clear information about the lowest energy tariff on energy bills;

• changes to Energy Performance Certificates and how they are presented;

• improving the provision of product information about cars and other products from a health and environmental standpoint;

• encouraging local collective purchasing deals;

• making available more complaints and performance data about businesses, regulators, government departments and public service providers;

• figuring out how in-store shoppers can access consumer feedback normally only available online;

• a new resolution scheme for e-commerce disputes;

• a review on how to empower very vulnerable consumers.

Of course, our day-to-day consumer activities tend to require combinations of data held by both public and private sector organisations. So it's encouraging that great progress is also being made on the Open Government data initiative.

Image from 1Million1Shot.