Fintech: FCA and ICO joint letter provides clarity for firms navigating the interplay between consumer duty and data protection requirements, Martin Cook

On 18 July 2023, the Financial Conduct Authority (FCA) and the Information Commissioner's Office (ICO) published a joint letter to UK Finance and Building Societies Association in order to address some firms' confusion over the interplay between data protection laws and consumer duty.

What is the issue?

Savings providers are required to provide communications to savings customers to help them to make "effective, timely and properly informed decisions" under the FCA's Consumer Duty. However, until now, this has caused confusion among some firms, which have queried whether data protection regulations relating to direct marketing prevent them from telling customers about better rates and products. Particularly in the current financial climate of increased living costs, regulators are concerned that individuals' savings are "sitting on low rates".

How have the FCA and ICO addressed this?

Hoping to demystify data protection and consumer duty requirements and as a reminder of the ICO's existing guidance, the FCA and ICO have clarified that data protection law does not stop savings providers from providing regulatory communications to customers. These communications should give customers "neutral, factual information about the interest rates and terms of the savings products they hold, the interest rate and terms of other available savings products, and what their options are for moving to another product." This applies even where customers have opted out of direct marketing. In an accompanying press release, the FCA sets out its expectation that firms "point customers to the best possible savings deals". Firms are reminded, however, to ensure continued compliance with data protection requirements when using information about people.

What comes next?

The FCA has announced that it will report its updated view of how well the savings market is supporting customers at the end of July.

In the meantime, the Data Protection and Digital Information (No. 2) Bill is currently at the report stage in the House of Commons and is intended to cut the red tape around data protection requirements. According to the Government’s press release, the Bill will introduce a clear and simple framework for businesses and will provide businesses with more flexibility as to how they comply. Fintech firms, banks and businesses alike should take note: the hope is that this overhaul of data protection law will enable consumer duty obligations to be navigated with greater ease.