Finance industry is ‘one court case away’ from CMC onslaught
Editor's note - This article was previously published in Intelligent CIO on March 7, 2019 by Alix Pressley
After targeting PPI repayments and penalties for Payday Loan Companies, consumer Claims Management Companies (CMCs) will now set their sights on financial organisations that have suffered data protection breaches, customer experience expert Quadient has warned. In the wake of regulation changes, CMCs are currently focusing their attention on the Payday Loan Companies speeding the collapse of Wonga and others. However, before this avenue is exhausted and we reach the August 2019 deadline for making PPI claims, they will already be searching for fresh targets. With GDPR and high-profile attacks raising public awareness of the very real risk of data breaches, the chances are rising that consumers will take legal action against financial organisations they feel have inadequately protected their data. As soon as a single case results in compensation, CMCs will flock to the new opportunity, meaning organisations will not only face the risk of fines under GDPR, but also multiple claims from individuals. Financial organisations must act now to pre-empt this by ensuring they are protecting customer data and recording and sharing this information so that, if the worst happens, they can demonstrate to regulators and customers alike that they have followed best practice and prevent any lawsuits.
“CMCs’ role is to identify a weakness in an industry and attack it relentlessly,” said Andrew Stevens, Financial Expert at Quadient. “Their natural pattern is to follow regulations to the next hunting ground – and whether the complaints they support are valid or vexatious, these complaints still represent lost time and resources for organisations, and have the potential to seriously affect the customer experience and relationship. Given the growing awareness of data protection, it’s very likely that a financial institution will suffer a major breach by 2020. In such an environment, the institution may face not only a substantial GDPR fine, but the anger of potentially millions of customers who feel they deserve compensation for their data being mishandled. If only one of these customers launches a successful court case against the business, it will open the floodgates for CMCs to help thousands more take action – meaning the cost of a data breach will increase exponentially.”
The collapse of Wonga and other Payday Loan Companies has driven fresh regulatory attention to CMCs. From 2019, the FCA is due to take on regulating the sector, proposing tougher rules on how these companies deal with their customers. However, this is unlikely to slow companies down – with a Ministry of Justice report stating that CMCs earned more than £6.2 billion between 2007 and 2017.
GDPR is the latest manifestation of consumers’ and organisations’ growing understanding of the importance of data protection. While the most notable data protection breaches have come from security, there is also the risk of being found guilty of a breach if consumers feel their data has been misused or mishandled; for instance by being used for spam calls or emails, or not being shared, updated or deleted when requested. While the greatest risk of a compensation claim comes from security breaches where data was not adequately protected, there is still the possibility that a victim of excessive spam will take independent action against a finance company and so set precedent for other customers and CMCs.
“CMCs fill an ecological niche in the finance industry – they are neither wholly good nor wholly bad, but simply a factor organisations have to be prepared for,” continued Andrew Stevens. “To avoid becoming easy prey, organisations need to learn the lessons of PPI and Payday Loans. Those that understand the demands of the GDPR and of the general public; that have a culture of treating data with the respect it deserves; and that can prove that they have taken the right action at the right time, will be best equipped to avoid giving CMCs an opening to exploit.”