Blog

A digital security point of view for the digital business era

Compliant Paperless Banking

1 Dec 2017

In recent months, as Digital Transformation has become one of the key topics within the industry, durable medium (DM) has become one of the biggest problems for the European banking sector.

Controversy around the subject of durable medium began with the Austrian bank BAWAG who provided information to e-banking customers via their mailboxes on the e-banking website.  BAWAG’s practice was challenged by an Austrian consumer association who believed it was not compliant with the requirements for durable medium as set out in the Payment Services Directive 2007/64/ED.

A similar situation arose in Poland after an investigation by the Office of Competition and Consumer Protection (UOKIK) where most of the banks were required to change the method of communication with customers.  This caused some banks, at huge cost, to return to paper-based communications while others have provided information on CDs or DVDs.

Many banks in Europe are looking for technology that fulfils the DM requirement.

Is there a good IT solution that will avoid having to go back to paper?

An IT system that meets the following three requirements is needed:

  • Constant – any possibility that the service provider could change the relevant information must be excluded (the requirement of integrity);
  • Provision – information can be provided to the customer in a timely manner as long as additional steps have been taken by the provider in order to draw the attention of the customer to the existence and availability of the information (“active behaviour”) ;
  • Access – allows a customer to access the information for an adequate period of time including after the termination of a customer’s relationship with the bank (the requirement of storability).

On 25 January 2017, a European Union Court of Justice ruling (ECLI: EU: C: 2017: 38) concerning BAWAG, was announced, informing that the Bank’s transfer of information to the customer via an electronic banking website can be considered as delivered on a durable medium.

This gives the user the ability to store information addressed to him personally in such a way that he may access it and reproduce it without alteration for an adequate period of time and any possibility that the service provider or another professional could change the content of the information unilaterally is excluded.  In addition, if a customer is required to visit this website to read the new information, the service provider must actively inform the customer of the existence and availability on this website when providing the information.

By analysing commercially available IT solutions one can build a concept meeting the requirements of the regulators and consistent with the EU court ruling.  One of them is the use of secure storage, equipped with a WORM (Write-Once-Read-Many) mechanism.  Hardware-based WORM ensures uninterrupted storage of data for the required time but the concept of versioning and retention is also needed.  It is not possible to change the original file but versioning allows a new version to be created in the event that for example, statutory changes required such amendment.   The retention mechanism ensures there is no possibility of deleting a file for a given period of time.  System parameters in line with audit requirements provide the capability to manage this.

A solution meeting these requirements is the Hitachi Content Platform.  It needs to be coupled with an adequate way to deliver the information to the customer. The natural choice is to provide an external customer portal, independent of the Bank’s online platform, to which a customer would have access in 24/7 mode. The customer could be actively informed about new information via SMS/email, choosing the way of communication during the portal visit.

Hitachi has responded to this requirement by providing a Content Portal as the durable medium customer interface to the Hitachi Content Platform.

If you would like to talk to us in more detail regarding how we can help you to solve your DM challenges then please get in contact via Banking.Solutions@hitachi-eu.com.