After the Royal Commission findings in Australia and last year's New Consumer Duty rules in the UK, the Monetary Authority of Singapore (MAS) are now finalising a new regulatory ruleset known as the Shared Responsibility Framework. These requirements may not seem alike on the surface, but they have two crucial factors in common – a redefinition of what is considered “reasonable” to expect from the customer, and a mandate to change the way that enterprises interact with those customers.
While the New Consumer Duty was focused on fair outcomes, MAS have opted to look into cybersecurity as part of their ongoing mission to stamp out phishing attacks and data protection incidents. Institutions must implement secure communication capabilities for all interactions with customers, including secure messaging, email, and digital channels. It will also be considered reasonable for customers to expect to be informed of any incidents or breaches that may impact their data, as well as provide guidance on how to protect themselves – all in a timely and accurate manner.
Cyberattacks have always been high on the risk agenda at enterprises due to the potential for regulatory fines and reputational damage caused by the loss of any sensitive data, coming hot on the heels of 790 customers of one financial institution losing a combined SGD13.7 million recently. However, defences have often been focused on protecting the company itself, for instance by adding additional layers of security and encryption around core platforms. Under the new rules, those same companies will also be held liable for losses incurred by customers that fall victim to phishing communications or other similar attacks if no reasonable effort has been made to protect them. In this situation, communication becomes critical.
While enterprises are already investing in new cybersecurity tools, many institutions are likely to struggle to improve their communications due to severe limitations within their current technology. Traditional Customer Communication Management (CCM) solutions may not be equipped to handle the level of security and data protection required under the new rules, or only support overnight batch runs rather than being able to interact in real time for important one-time passwords and immediate fraud alerts.
Many traditional Customer Communication Management (CCM) solutions are considered legacy systems, and were originally deployed as workarounds to the even older printing systems for statements and bills. These underperforming products are frequently limited to a single channel and are unable to personalise data in a modern manner, as well as being unsuited to high levels of security and encryption. This combination, coupled with many being able to run in batch mode only, severely limits the ability to interact in a reasonable manner – after all, most customers wouldn’t be happy waiting until the next batch run was scheduled to receive a one-time password to authorise every transaction, or receive a letter in the mail explaining that a potentially fraudulent transaction took place on their account several days before.
The impact of poor customer communication technology is rarely understood until it is too late to do anything other than add sticking plasters over the problem and create even more technical debt to be paid off at a later date. To ensure that this does not happen, senior leaders in impacted businesses should ask a series of probing questions about the suitability of their technology capabilities in advance of the proposals being implemented later in the year:
- How many CCM products exist within the company, and how many will need to be used when meeting the new regulatory requirements? Do they handle all of the necessary communication channels?
- If more than one product is used, what is the detrimental impact of this on being able to update and enhance communications quickly when the regulation requires this?
- Are all of these products capable of handling encrypted data and producing secure communications or will one or more need to be replaced?
- Do all of these products meet customer and regulatory needs, in real time, or are any of them solely capable of running in scheduled batches?
- Do all of these products support inbound communications as well, or will you need to use alternative solutions for inbound and outbound interactions?
If any of the answers suggest that the solution is not yet ready, the time to change is now. Simplifying the underperforming legacy customer communication products by consolidating all of their capabilities into one innovative, enterprise-level, omnichannel solution can:
- Drastically transform the ability to meet the regulatory proposal.
- Offer overall cost savings and opportunities to transform the business operating model.
- Help organisations to meet constantly changing customer expectations.
Learn more on how the Quadient Inspire suite helps customers stay ahead of the competition.
With MAS placing more responsibility firmly in the hands of businesses, the global trend of regulators demanding that companies communicate more effectively with their customers is continuing. The organisations that continue with underperforming legacy technologies that require workarounds will struggle, while those that adopt modern omnichannel solutions to give themselves a firm foundation will excel with both the Shared Framework and future regulations that follow.
