This website uses cookies to ensure you get the best experience on our website. More info

GDPR – Accountability and Audit-ability in the Introduced Channel

There’s nothing quite like a €20m fine to focus one’s attention.  Perhaps it’s a strategic design of the new GDPR legislation coming in May 2018 to ensure executive accountability, maybe not. Either way one cannot deny it’s an eye catching feature. At Shuttle, in our experience in working with the Introduced Channel we’ve seen  GDPR raise a whole new set of questions, many of which give lenders and banks the opportunity to provide technology leadership.

The Introduced Channel brings colour and variation to new account opening, application processing and transaction fulfillment.  Introducers are gathering their customer’s personally identifiable information (PII) from partners and sharing with more than one service provider therefore increasing risk and exposure.  In the case of a new business opening a bank account , the introducer may be a company formation accountant. They will also work with Companies House, HMRC, banks, payment processors and business insurance companies.

Where does the customer go?

After GDPR, Introducers will be required to retain accurate data records for audit purposes, likewise with banks, lenders and other service providers. But who’s accountable in case of a breach? Where is the data subject’s single point of contact in the event of a right to be forgotten request?

Clearly, GDPR brings a new, interesting level of complexity to the Introduced Channel which translates to new opportunity.  Financial institutions must work together to deliver a consistent, expected experience for consumers. Perhaps an industry-wide code of conduct beyond the bare minimum requirements of the legislation to avoid censure.

Most of all, these same intuitions and enterprises will have work closely and collaboratively with their key business introducers. Regulators and enforcers will look closely at audit trails, clear accountability, explicit and implied consent and responsible, deliberate data management.  The ‘right to be forgotten’ and data portability are Consumers rights and the visibly and ability to be able to carry out these actions must be available and accessible.

An Opportunity for Advantage

Banks have the ability to provide leadership through the introduction of enabling technology.   Shuttle works with innovative banks who want to simplify secure customer onboarding. Emails and paper documents no longer fly unchecked between customers, introducers and banks; in contrast, all data and transaction-related communication is held one, central portal. At different stages in the transaction, different levels of access are provided to the participants.  A comprehensive audit trail of every action within a transaction, including explicit consent forms ensures end-to-end compliance and complete transparency.

With Shuttle, financial services organisations and their key business introducers, work securely and compliantly with their customers. Customers have visibility of their personal data and enjoy a consumer grade experience in the palm of their hands.  To find out more, contact Shuttle here.



GDPR workflow
Shuttle –  Secure Chain of Custody Workflow



  • Responses