ABN AMRO and the use of new technologies

The GDPR defines profiling as follows: "Any form of automated processing of personal data in which certain personal aspects of a natural person are evaluated on the basis of personal data, in particular with the aim of analysing or predicting job performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or travel." So the law allows profiling. This is a general definition under the GDPR. So it is not the case that the bank will use your personal data to evaluate your professional performance or health. 

We have extensive knowledge and experience in the field of fraud prevention. Unfortunately, we face increasingly sophisticated forms of fraud. We can take measures to prevent fraud as best we can, including the use of profiling. For security reasons, we cannot go into detail about the measures to be taken.

As a bank, we have to comply with the Wwft. This is the Money Laundering and Terrorist Financing (Prevention) Act. Therefore, we pay special attention to unusual transactions and those that by their 'nature' carry a higher risk of money laundering. For example, we look for transactions that deviate from your normal transaction pattern or transactions that have characteristics of money laundering or terrorist financing. If we suspect that a transaction is unusual as defined by law, we must report it to the authorities. This investigation and any reporting do not take place in a fully automated way. There is human intervention: specialised bank employees are closely involved. Again, we do not go into detail about how transactions are looked at. Criminals could take advantage of this.

To prevent overcrediting among customers and intervene more quickly when customers are in danger of getting into payment difficulties, we can use profiling. We then first make a list of the most common characteristics of customers who have encountered financial difficulties. These characteristics make up the profile. Then we look at whether there are customers who fit this profile. Finally, we determine what we can do to prevent these customers from experiencing payment difficulties and how we can contribute (i) to customers who need extra help with their day-to-day banking and (ii) offer vulnerable customers ways to stay or regain financial health. The supervisory authority with responsibilities relating to the duty of care and client centricity expects banks to continuously and actively monitor the financial situation of its customers to prevent overcrediting. We always check the use of your data against the requirements of privacy legislation.

How do we use profiling when you want to purchase a product and during the lifetime of your product? We explain this using an example. Suppose you have a credit with us: 

1. To properly assess the risks for you and us, we carry out a risk analysis. We do this if you are a new customer, but also if, as an existing customer of ours or an ABN AMRO group company, you want to buy other products from us. We know from experience that certain characteristics indicate whether you can easily repay a loan. For example, whether you have a job or debts. We assess these characteristics in the risk analysis.
2. Customers who can normally repay a loan share some characteristics. And so do customers who cannot. Based on your characteristics, a profile is created. 
3. We compare your data with our existing profiles. We then estimate the risk of whether you can repay the loan. 

We also use profiling to inform you about the bank's products and services. For example, we make a customer selection based on a customer group that has taken out a mortgage. We inform this group of customers, for example, about making their home more sustainable and the options for taking out a loan for renovation.

When we send you tips and offers, we try to find out where your interests lie based on a number of characteristics. For example, we will look at an age category and whether you already have other products with us. We will always first check whether you have objected to the use of personal data for marketing purposes and/or registered a right to object to receiving tips and offers.

Of course, we test the use of personal data against privacy rules. You can always object to profiling for direct marketing purposes. If you do not have an agreement with us, we will check whether direct marketing is permitted in certain situations.

We may use automated decision-making when we enter into an agreement with you, for example for an online credit.

When we make a decision that has legal consequences for you or significantly affects you, this is done with the intervention of one or more authorised bank employees. This is also the case if the process leading to the decision is automated or if profiling may have been used. An example is customer acceptance or reporting unusual transactions to the authorities. 

We may use automated decision-making without human intervention. The law allows for this. These may include decisions that lead to the non-execution of transactions because they may be fraudulent, for example in iDEAL transactions. These decisions may be made on the basis of a fully automated process without human intervention.

If we apply automated decision-making that has legal consequences for you or significantly affects you, we will clearly indicate this in advance. We will let you know what rights you have, for example the right of receiving an explanation of the automated decision, the right to have your views known to us, the right to challenge this decision and the right to human intervention.