Place of data protection in future of financial services
The digital revolution has transformed the banking sector, presenting both remarkable opportunities and serious risks. With the rise of digital banking services, financial technology innovations and online transactions, financial institutions are rapidly embracing technology to improve customer experiences and operational efficiencies. Yet, as banks increasingly digitise their operations, they must confront a new and significant risk: data protection.
Data protection is not just a regulatory requirement; it is a core risk management issue for banks. As custodians of vast amounts of sensitive personal and financial information—ranging from transaction histories to credit card details—banks are attractive targets for cybercriminals. The growing sophistication of cyberattacks, coupled with increasing regulatory scrutiny, makes data protection a central issue for risk officers in the industry.
At the same time, the threat of data breaches in banking is growing. According to various global statistics, each year, the number of records stolen and the costs surrounding breaches seem to outdo the previous year, and 2024 is no different.
Costly litigation
There is a need to heavily invest in compliance to avoid costly litigation, regulatory penalties and loss of market share that may result from poor data governance. In a hyper-connected digital economy, even a minor vulnerability can quickly cascade into widespread disruptions, highlighting the urgent need for a robust approach to data security.
With the adoption of data protection laws across Africa—65 per cent of countries as of January— corporations must take leadership in building capacity to ensure compliance. This covers how personal information is captured, processed and stored. For banks, which act as both data controllers and processors, there is a need to ensure greater vigilance across the various data handling points.
Customers expect their financial institutions to protect their sensitive information. Data compliance lapses can quickly erode this trust, driving customers away and damaging the long-term viability of the institution. Many customers are becoming increasingly privacy-conscious, and their expectations for data security are only rising.
This means that data protection is not just a technical issue—it is a critical component of customer attraction and retention. Financial institutions that can demonstrate a strong commitment to safeguarding customer data will be better positioned to foster loyalty and attract new business in an increasingly competitive digital landscape.
Data protection
To mitigate the risks posed by inadequate data protection, banks must adopt a multi-layered approach to privacy compliance, embedding both technological and operational controls, including advanced encryption, stringent access controls and continuous monitoring of systems for vulnerabilities.
Financial institutions must therefore focus on embedding data protection principles into their overall risk management frameworks. This includes prioritising data minimisation—only collecting the information necessary for business operations—and ensuring that data is processed transparently and lawfully. A well-rounded approach will also involve regular risk assessments, staff training and engagement with third-party partners to ensure that shared data is secure.
The future of banking depends on the industry's ability to safeguard customer data, navigate complex regulatory frameworks, and mitigate the growing risks of cyberattacks.
Ms Basiye is KCB Bank’s Group Chief Risk Officer.