Striata says email is legal for FI regulatory & compliance

Share Article

New electronic security measures for email meet FI regulatory compliance standards

By combining technology and security measures it is possible for eStatements and other sensitive eDocuments to be attached to an email as an encrypted PDF with a password requirement

Until recently, legal stipulations concerning areas such as privacy and audit trails have restricted financial institutions to paper and portal solutions for certain communications. However, these institutions can now embrace email based electronic document delivery solutions and maintain various data protection and lending requirements.

Sarah Appleby, Striata’s financial services expert, discusses how new security measures allow financial institutions to communicate via email and meet compliance demands for the following three key types of communications:

1. Account Management Documents

There are two important principles for account management documents: The right to correspondence and the right to privacy.

The right to correspondence

There is a requirement to send out account management documents such as Statements, Excess Notices and Terms & Conditions laid out by both the Consumer Credit Act of 1974 and the Lending Code, enforced by the Information Commissioner’s Office and the Lending Standards Board respectively.

Because email can be tracked and monitored, sending an email version of the document complies with customer communication requirements. All emails sent have a delivery status (delivered or undelivered/bounced) and tracking included, to determine whether a customer opened the email.

"Most financial institutions are not able to track, monitor and report on this activity within the scope of their internal email capabilities, so eDelivery was always a risk, but with specialist services, an audit trail shows respect to the regulation," says Appleby.

The right to privacy

Data protection laws and Information Standards are upheld by the Information Commissioner’s Office (ICO). Herewith, the Data Protection Act states in Principle one, that in order to protect customers from unlawful use or access to their data, financial institutions must protect that data from being viewed by others.

Appleby points out that in the email world, following the Data Protection Act translates into not having account level information within the body of an email. “By combining technology and security measures it is possible for eStatements and other sensitive eDocuments to be attached to an email as an encrypted PDF with a password requirement."

"These eStatements are inaccessible to anyone other than the account holder, which ensures that it’s not only the data protection principles that are upheld but also those of the LSB and the CCA."

2. Collections Correspondence

There are two important principles for collections correspondence: fair business practice and easy access to payment.

Fair Business Practice

The issue of consumer privacy is additionally reinforced in the collections environment by the Lending Code and particularly the Office of Fair Trading Debt Collection Guidance. It states that disclosing debt details to an individual other than the debtor is strictly forbidden.

"Paper collections documents can be replaced with an email when secured as an encrypted PDF, which protects the consumer’s data from unintentional exposure. Encrypted documents offer equal security to portals, whilst offering the same personalisation as letters. In addition to keeping the consumer’s data completely secure, it reduces targets for phishing and other fraudulent activities," says Appleby.

Many collections environments rely heavily on third party data which is monitored by the ICO’s Data Protection Principle number four. This principle requires that data must be as accurate and up to date as possible and that a reasonable attempt was made by the collections department to ensure its accuracy.

In the past, costly data append solutions have been employed to add and verify email addresses, but more recently the ICO released a statement saying that it never stipulated that data controllers should clean their emails in a particular way. Instead, the ICO made it clear that each data controller is allowed to develop its own procedures to ensure compliance within the legislation.

Appleby states that secure electronic documents have a dual purpose. “They protect the consumer’s data with bank level security and also provide a free verification exercise with an audit trail. As encrypted attachments can only be opened by the debtor, there is no mistaking that “reasonable attempt” has been made to verify the identity of the debtor and the accuracy of the email address."

Easy Access to Payment

Lending Code 127 states that a number of specific pieces of information be included on every credit card statement and one such example is providing customers with guidance as to how they can pay on time. It is important to keep in mind that when replacing paper collections notifications, a payment link must be made available to ensure the utmost adherence to the Code.

Appleby says email technology exists that offers the opportunity to integrate a payment form within an eDocument holding account level information. "This enables immediate payment and thus a drastic reduction in DSO, whilst remaining compliant."

3. The Question of Marketing

The ICO mandates that opt in and opt out options be made available to customers and that financial institutions respect the wishes of their customers with regard to receiving marketing material.

"The result is the high cost of printing two versions of print collateral and/or opting for mail stuffers. By creating two email templates, one for consenting customers and one for the rest, eStatements and other secure eDocuments offer an inexpensive marketing solution for all customers," explains Appleby


"When used correctly with proper encryption and security measures, secure document delivery via email provides an inexpensive and highly effective channel that also follows the letter of the law," concludes Appleby.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Tamara Hanley
Striata 1
+44 207 268 3941
Email >

Alison Treadaway
+27 11 530 9600
Email >
Follow us on
Visit website