Public policy should protect consumers' reasonable and real expectations of privacy. But well-intentioned regulation designed to strike the proper balance between privacy and efficiency by imposing detailed restriction on the use and transfer of information will most certainly get it wrong. At this stage of the information age, imposing detailed regulation without market experience is like delivering the verdict before the jury has voted: It will not be based on the facts and the innocent will suffer.
The market itself will do a much better job of balancing the consumer's desire for privacy with the consumer's demand for efficient service than regulators can ever do. The market is already at work. Most financial institutions have published privacy policies. Practices that are unacceptable to consumers have been exposed and stopped. Consumers have choices and they are making their wishes known. More than most industries, financial services depends on the trust of its customers. An unhappy customer will not be a customer for long. But customers can be unpredictable. Their unhappiness may be because they believe that information about them has been misused or it may be because information about them is not readily accessible to give them what they want and recognize them as the good customers that they are.
The separate, winding roads along which the financial services industry traveled have converged into a single superhighway. There is no longer a banking industry, a securities industry and an insurance industry. There is a $2.4 trillion financial services industry.
This remarkable convergence was driven by technology. Its value proposition to consumers is based on the effective use of information that technology makes possible. Customers expect their transactions to be processed accurately, quickly and securely. They expect seamless service. They expect to be served by companies that respond quickly to changes in the market. They expect to be offered products that meet their particular needsneeds that change as their lives change.
Managing information for customer benefit
Financial services is an information industry. The winners in this industry will be those who master the management of information and use it to give their customers what they want, and when and where they want it.
The Gramm-Leach-Bliley (GLB) Act removed structural barriers that stood in the way of one-stop shopping for financial services. Banking, securities and insurance firms may now join together in a common enterprise. This is necessary progress, but it is not the main point. The central promise of GLB is that consumers will benefit hugely from the efficient delivery of financial products that consolidation will provide. Nothing will undermine the promise of financial modernization more surely than destroying its foundationthe use of technology to store, analyze and transfer information efficiently. Yet, the GLB Act contains within it the potential to make the promise of financial modernization an empty promise.
Information creates value
The GLB Act restricts the use and transfer of information by financial
services companies, directs the regulators to fill in the blanks
and allows the states to do what they will. At the most fundamental
level, restricting the use and transfer of information directly
contradicts the principal purpose of the Actto allow information-based
businesses to provide efficient service to their customers. As
Federal Reserve Chairman Alan Greenspan has observed, information
creates value:
"A critical component of our ever more finely hewn competitive market system has been the plethora of information on the characteristics of customers both businesses and individuals. Such information has enabled producers and marketers to fine tune production schedules to the ever-greater demands of our consuming public for diversity and individuality of products and services. ... It has enabled financial institutions to offer a wide variety of customized insurance and other products."1
The cost of privacy
In the political arena, privacy has become sacrosanct. No one knows quite what it means, but everyone is for it. It is the good thing we cannot get enough of. Privacy, however, is not free. Restricting the use of information that could be used to provide better service to customers has a cost. The more privacy we have, the slower we will be in responding to customers' requests for credit and the less able we will be to identify products that best suit our customers' needs. For example, if we believe a customer has too much money in a low-interest rate certificate of deposit and could benefit from an investment in stocks and bonds, we should make this suggestion. It is a service we provide. Is that an impermissible invasion of privacy or is it valuable advice that customers expect because we know something about them?
Achieving a balance
The more privacy we have, the easier it will be to spread false information in job applications, in loan applications, by forging checks and in countless other ways. As we move into the post-GLB world of financial services, we must balance abstract notions of privacy with real world demand for the efficient, accurate and secure delivery of financial products to customers. As Professor Fred Cate reminds us:
"Instant credit, better targeted mass mailings, lower insurance rates, faster service when ordering merchandise by telephone, special recognition for frequent travelers, and countless other benefits come only at the expense of some degree of privacy." 2
Policymakers must not forget that every restriction has a cost and that detailed regulation of every aspect of information use and transfer is likely to fail on two counts: It will not protect consumers' true privacy expectations and it will not serve their demand for efficient service.
Bank regulators are accustomed to regulating and have issued regulations covering all aspects of a bank's business. Based on pending proposals, this tradition appears destined to continue in the privacy arena. Ironically, regulating the use and transfer of information runs counter to the traditional concerns of bank regulators. Restrictions on information transfer and use will lead to greater fraud losses and increased credit risk because lenders will make less informed underwriting decisions.
Privacy concerns are real. Abuses exist and they should be stopped. At the same time, broad restrictions on the use and transfer of information, particularly among entities owned by the same company, will lead to costly unintended consequences. These consequences will include slower service, the absence of advice that could increase a customer's investment returns, the cost of collecting the same information again and again, the inability to lower prices by bundling products, the unproductive expense of marketing products to consumers who are unlikely to want them, increased losses from fraud, less informed underwriting decisions and disappointed customers.
The goal of a privacy policy should be to protect the reasonable and real expectations of consumers concerning how information about them is used and to give consumers choices. Individual preferences will certainly differ in the trade-off between privacy and lower cost and more convenience. Some people may prefer to fill out a loan application two or three times rather than having the information from a loan application they have recently completed transferred to an affiliate of a company they already do business with, but not many.
Consumer expectations
Consumers expect that information they give to companies they do business with will be used to provide them with efficient service. Consumers expect to be told how information about them will be used, by whom, and for what purpose. In short, the privacy policies of any company should be succinctly stated so customers can choose or not choose to do business with that company. Laws that would require consent each time information is usedor that information be gathered again because the transaction at hand is with an affiliate of a company that already has the informationor that consumers affirmatively opt-in to allow information sharing practices among affiliates that have promoted good customer service and have existed without significant objection for many yearswould be laws that run counter to consumer expectations. They would hamper fast, efficient customer service. They would break the promise of financial modernization.
Let the jury vote
Public policy should protect consumers' reasonable and real expectations of privacy. But well-intentioned regulation designed to strike the proper balance between privacy and efficiency by imposing detailed restriction on the use and transfer of information will most certainly get it wrong. At this stage of the information age, imposing detailed regulation without market experience is like delivering the verdict before the jury has voted: It will not be based on the facts and the innocent will suffer.
The market itself will do a much better job of balancing the consumer's desire for privacy with the consumer's demand for efficient service than regulators can ever do. The market is already at work. Most financial institutions have published privacy policies. Practices that are unacceptable to consumers have been exposed and stopped. Consumers have choices and they are making their wishes known. More than most industries, financial services depends on the trust of its customers. An unhappy customer will not be a customer for long. But customers can be unpredictable. Their unhappiness may be because they believe that information about them has been misused or it may be because information about them is not readily accessible to give them what they want and recognize them as the good customers that they are.
Innovation, superb service, better satisfying customer needs are all improved by knowledge. Only with more information about each customer can financial services companies tailor products at affordable cost and serve their customers better. Information technology provides the means to change from mass marketing to customized marketing, a change that will allow companies to address each individual's unique needs. Striking the appropriate balance between privacy and efficiency in an information economy is an extraordinarily complex task. If it is not done well, the promise of financial modernization will be broken.
Richard Kovacevich is president and chief executive officer of Wells Fargo & Co., San Francisco, following the merger with Norwest Corp., where he had been chief executive officer and chairman. Kovacevich is also president and a director of the Bankers Roundtable and vice chairman of the American Bankers Council. Prior to joining Norwest Corp. in 1986, Kovacevich was group executive and member of the policy committee of Citicorp in New York.
Endnotes
1 Letter to the Honorable Edward J. Markey, House of Representatives, July 28, 1998.
2 Testimony of Fred H. Cate before the Subcommittee on Financial Institutions and Consumer Credit, Committee on Banking and Financial Services, House of Representatives, March 26, 1998.