ANZ gets tough on data security
ANZ is set to introduce stringent new security standards for adviser customer relationship management systems, as it looks to safeguard customer data.
Wednesday, February 5th 2020, 9:05AM 3 Comments
The bank has told advisers it is looking at CRM systems to ensure they are robust enough to keep customer data safe. It comes as global regulators place more emphasis on data protection laws.
According to one adviser, a FAP that holds ANZ customer data will need a CRM that meets both SOC2 and ISO75k standards.
"The bank wants to make sure CRMs meet data security and integrity standards, and businesses across the country are working to meet those standards," the adviser said.
The adviser warned businesses could lose their supplier accreditations if CRMs fail to meet high standards.
An ANZ spokesperson said the bank would review standards across the industry.
"Due to tightening regulations, ANZ is reviewing customer relationship management software security standards to best ensure our customers’ information is safe. As always we will continue to work collaboratively with our advisers to ensure data safety," the spokesperson told TMM Online.
ANZ's review of CRM systems will likely see advisers weigh up their own choice of CRM, as the new regulatory environment comes into play.
Brendon Smith, chief executive of NZFSG, said banks are expected to put more focus on data protection in the coming years.
"My personal opinion is that all lenders will introduce more stringent data security/protection requirements, including ISO certification, to ensure that confidential customer data is protected, adviser CRM systems will need to meet these new requirements over time."
Smith said "NZFSG will be obtaining ISO certification for MyCRM in preparation of these new requirements".
« ANZ raises key mortgage rates | OCR Preview Survey: economists say OCR will stay on hold » |
Special Offers
Comments from our readers
Failure to do so as an adviser means you are in breach of your existing obligations under the Privacy Act & the new Code of Professional Conduct coming into law this year. You are legally required to inform your customers that your dealer group is now the recipient of their personal data if you use a group owned CRM. Your customers must give their consent to this.
In terms of breaches under the Privacy Act the maximum fine has now increased from $360,000 to $420,000.
Sign In to add your comment
Printable version | Email to a friend |
But as equally important is the customer being told where their personal banking information is going and who is in receipt of it?
In the mortgage industry do we have the “disclosure” part correct?
I would say no we don’t.
For some reason banks and aggregation groups continue to overlook the fact that a large number of advisers still do not even disclose to the customers that their personal banking information is being loaded up on cloud based CRM system and as in lot of cases a system owned by overseas real estate agents.
This disclosure is a basic requirement under the FMA and the privacy Act.
So how many advisers that operate under overseas owned dealer groups do not disclose to the customer in their disclosure statements that the customers person banking data is being loaded on these cloud-based systems? and confirming who owns these systems?
I would estimate a large portion of these advisers do not and could be in clear breach of the FMA rules and Privacy act in NZ.
But who really cares where their person information go’s in the cloud anyway?
I do, and in talking to most people I know and asking them “how would you feel if your mortgage application and full banking data was being loaded on cloud base system in say Australia , and that that system was owned by a real estate company and then sent via this system to bank in NZ “
100% said absolutely no way would I be happy with that and the fact it was not disclosed to me prior is a breach of my personal privacy.
Why do some dealer groups push for their CRM’s to talk direct to the banks systems?
Obviously the groups will say “this will improve the quality of the applications and save time “, but this is a myth as most loan assessors will tell you these group generated CRM applications are the worst to assess and prefer a quality application sent direct to the bank from a quality adviser any day of the week.
Some large groups are struggling to “add value” and justify membership fees ( which are unfortunately compulsory as belonging to a group was made compulsory by banks ) so feel the need to “lock in and control advisers “and push the fact that their CRM use is compulsory and must be used , and that “”the bank said so as well.” ‘
This is also a myth, only BNZ have made a group CRM use compulsory and I believe they arguably have some of the poorest turnaround times and rework in the industry.
Banks need to be very careful in how they “connect “to these overseas owned CRMs especially when it comes to consumer privacy, and just a little advice to the advisers working under these groups, get your disclosure statement updated asap.
Banks need to invest in their own loan portals where advisers still send applications “direct to the bank “cutting out any third party.
“” In California they just passed a law around how companies must disclose what they are basically doing with your personal data, who they want to sell it to, and the must delete it at your request or face large fines. “”
Yes, I think this is long overdue for banks to look into this, with cloud-based systems it’s never been a more important time to make sure customers personal data is safe.
But as equally important is the customer being told where their personal banking information is going and who is in receipt of it?
In the mortgage industry do we have the “disclosure” part correct?
I would say no we don’t.
For some reason banks an aggregation groups continue to overlook the fact that a large number of advisers still do not even disclose to the customers that their personal banking information is being loaded up on cloud based CRM system and as in lot of cases a system owned by overseas real estate agents.
This disclosure is a basic requirement under the FMA and the privacy Act.
So how many advisers that operate under overseas owned dealer groups do not disclose to the customer in their disclosure statements that the customers person banking data is being loaded on these cloud-based systems? and confirming who owns these systems?
I would estimate a large portion of these advisers do not and could be in clear breach of the FMA rules and Privacy act in NZ.
But who really cares where their person information go’s in the cloud anyway?
I do, and in talking to most people I know and asking them “how would you feel if your mortgage application and full banking data was being loaded on cloud base system in say Australia , and that that system was owned by a real estate company and then sent via this system to bank in NZ “
100% said absolutely no way would I be happy with that and the fact it was not disclosed to me prior is a breach of my personal privacy.
Why do some dealer groups push for their CRM’s to talk direct to the banks systems?
Obviously the groups will say “this will improve the quality of the applications and save time “, but this is a myth as most loan assessors will tell you these group generated CRM applications are the worst to assess and prefer a quality application sent direct to the bank from a quality adviser any day of the week.
Some large groups are struggling to “add value” and justify membership fees ( which are unfortunately compulsory as belonging to a group was made compulsory by banks ) so feel the need to “lock in and control advisers “and push the fact that their CRM use is compulsory and must be used , and that “”the bank said so as well.” ‘
This is also a myth, only BNZ have made a group CRM use compulsory and I believe they arguably have some of the poorest turnaround times and rework in the industry.
Banks need to be very careful in how they “connect “to these overseas owned CRMs epically when it comes to consumer privacy, and just a little advice to the advisers working under these groups, get your disclosure statement updated asap.
Banks need to invest in their own loan portals where advisers still send applications “direct to the bank “cutting out any third party.
“” In California they just passed a law around how companies must disclose what they are basically doing with your personal data, who they want to sell it to, and the must delete it at your request or face large fines. “”