Compliance in the Age of Personalization: How Fintech Marketers Can Get It Right
- Satya Upadhyaya, Global Martech Expert
- AI and Automation, Digital Transformation, Other Martech, Strategy and Trends
As marketing technology continues to evolve, the line between personalized and “creepy” communication grows ever thinner—especially in highly regulated sectors like financial services. With AI, customer data platforms, and real-time engagement tools empowering hyper-personalized messaging, marketers now face a dual challenge: how to innovate while staying compliant.
To unpack this complex balance, the Martechify team sat down with Satya Upadhyaya, a martech veteran who recently served as Head of Martech Decisioning and Execution at ANZ Banking Group. With over 15 years of experience spanning global brands like Citibank, HSBC, and Bankwest, as well as work in healthcare and casino operations, Satya has a unique perspective on compliance, data ethics, and responsible personalization.
To unpack this complex balance, the Martechify team sat down with Satya Upadhyaya, a martech veteran who recently served as Head of Martech Decisioning and Execution at ANZ Banking Group. With over 15 years of experience spanning global brands like Citibank, HSBC, and Bankwest, as well as work in healthcare and casino operations, Satya has a unique perspective on compliance, data ethics, and responsible personalization.
Watch the full interview with Satya Upadhyaya, where he shares his thoughts on how the fintech industry can get personalization right, while the line between personalized and invasive communications continues to get blurrier. If you are struggling to strike the right balance of personalization in your communications, this is a must watch interview!
From “Hello, Name” to “How can I help you?”
In recent years, marketing has evolved from generic greetings to deeply individualized engagement. But in fintech, this evolution comes with responsibility.
“We’ve moved beyond ‘Dear Customer’ and ‘Hello, Name,’” Satya explained. “Personalization now means knowing who you are, where you are, what you want, and what you do, but using that knowledge responsibly.”
That responsibility hinges on consent and preference management—two pillars that have matured significantly over the last decade. “Earlier, marketing preferences were binary: yes or no. Now customers can choose what topics they want to hear about, which channels they prefer, and even the time of day they’d like to be contacted,” he said.
For marketers, respecting these boundaries isn’t just about compliance. It’s about trust.
“As long as you use the data for the benefit of the customer, you are good,” Satya noted. “The moment you cross that boundary, that’s when personalization becomes creepy.”
“We’ve moved beyond ‘Dear Customer’ and ‘Hello, Name,’” Satya explained. “Personalization now means knowing who you are, where you are, what you want, and what you do, but using that knowledge responsibly.”
That responsibility hinges on consent and preference management—two pillars that have matured significantly over the last decade. “Earlier, marketing preferences were binary: yes or no. Now customers can choose what topics they want to hear about, which channels they prefer, and even the time of day they’d like to be contacted,” he said.
For marketers, respecting these boundaries isn’t just about compliance. It’s about trust.
“As long as you use the data for the benefit of the customer, you are good,” Satya noted. “The moment you cross that boundary, that’s when personalization becomes creepy.”
Beyond borders: Why compliance is a global mandate
In today’s interconnected world, compliance doesn’t stop at national boundaries. Even companies operating locally can fall under global privacy frameworks such as GDPR.
“If your website is accessible in the European Union, you have to follow GDPR,” Satya explained. “Privacy now is not just a domain issue—it’s not country-specific. It depends on your geography of operation.”
That means multinational fintechs must map and align with overlapping privacy standards, from Australia’s Privacy Principles to the California Consumer Privacy Act (CCPA). Satya emphasized the importance of having “a strategy around all the different privacy principles of all the different countries that come into account.”
“If your website is accessible in the European Union, you have to follow GDPR,” Satya explained. “Privacy now is not just a domain issue—it’s not country-specific. It depends on your geography of operation.”
That means multinational fintechs must map and align with overlapping privacy standards, from Australia’s Privacy Principles to the California Consumer Privacy Act (CCPA). Satya emphasized the importance of having “a strategy around all the different privacy principles of all the different countries that come into account.”
Australia’s example: 13 privacy principles
Australia’s approach to privacy is built on a set of 13 principles that govern how companies collect, store, and use personal data. These rules form the backbone of ethical martech practice across industries.
“It revolves around three things,” Satya explained. “How data is collected, how data is stored, and how data is used for marketing communication or analytics purposes.”
Marketers must be transparent about how they acquire customer information, especially when data comes from third parties, and be prepared to show that data’s lineage. “If a customer asks where you got their information, you should be able to put it on the table,” he said. “And if they want that record deleted, you need a process in place for data deletion.”
Failure to comply is costly.
“The penalties are quite hefty,” Satya warned. “It’s around 4.1 million dollars. You can’t get away with that.”
“It revolves around three things,” Satya explained. “How data is collected, how data is stored, and how data is used for marketing communication or analytics purposes.”
Marketers must be transparent about how they acquire customer information, especially when data comes from third parties, and be prepared to show that data’s lineage. “If a customer asks where you got their information, you should be able to put it on the table,” he said. “And if they want that record deleted, you need a process in place for data deletion.”
Failure to comply is costly.
“The penalties are quite hefty,” Satya warned. “It’s around 4.1 million dollars. You can’t get away with that.”
Ethical data use: Just because you can doesn’t mean you should
Compliance isn’t only about obeying the law; it is about ethical restraint. Access to customer data is expanding, but so are the risks of misuse.
“Sometimes you have access to a lot of data,” Satya cautioned, “but that doesn’t mean you can use all of it. You have to be very clear about what data is appropriate for personalization.”
In industries like banking, healthcare, and gaming, sensitive data cannot be used for marketing promotions. Satya says, the goal is to use data to serve, not to sell.
“A lot of organizations say they’re customer-centric,” he said, “but they work on a P&L and end up being product-centric. That’s when things start to feel invasive. If you truly serve the customer for their benefit, compliance naturally follows.”
“Sometimes you have access to a lot of data,” Satya cautioned, “but that doesn’t mean you can use all of it. You have to be very clear about what data is appropriate for personalization.”
In industries like banking, healthcare, and gaming, sensitive data cannot be used for marketing promotions. Satya says, the goal is to use data to serve, not to sell.
“A lot of organizations say they’re customer-centric,” he said, “but they work on a P&L and end up being product-centric. That’s when things start to feel invasive. If you truly serve the customer for their benefit, compliance naturally follows.”
The compliance–AI connection
Artificial intelligence offers tremendous potential to streamline compliance processes—from monitoring consent to automating privacy reviews. But it also introduces new risks.
“AI can eliminate repetitive tasks and improve compliance workflows,” Satya said. “For example, tools now exist that can automatically check terms and conditions and correct compliance errors in marketing copy before it goes out.”
Yet, even as AI gets smarter, human oversight remains essential.
“Treat AI like a junior brand manager,” Satya advised. “It’s passionate and eager to help, but it can make mistakes. You still need a QA department, a human check, to make sure everything is right before it reaches the customer.”
For regulated industries like finance, a single error can trigger financial penalties, reputational damage, and costly rework. “You can’t get it wrong,” he added.
“AI can eliminate repetitive tasks and improve compliance workflows,” Satya said. “For example, tools now exist that can automatically check terms and conditions and correct compliance errors in marketing copy before it goes out.”
Yet, even as AI gets smarter, human oversight remains essential.
“Treat AI like a junior brand manager,” Satya advised. “It’s passionate and eager to help, but it can make mistakes. You still need a QA department, a human check, to make sure everything is right before it reaches the customer.”
For regulated industries like finance, a single error can trigger financial penalties, reputational damage, and costly rework. “You can’t get it wrong,” he added.
Building a culture of compliance
Satya believes that compliance is not a box-ticking exercise—it is a culture. From governance frameworks to internal training, every team must understand how data flows, where risks lie, and how to mitigate them.
“It’s about doing things simpler, better, faster, with consistency and standardization,” he said. “Governance is not about slowing you down; it’s about ensuring you do it right.”
For newcomers entering martech, he offered one final piece of advice:
“Go slow. Understand the principles first. Learn how technologies work hand in glove, how data flows, what upstream and downstream impacts exist. Then package that knowledge around governance. That’s how you accelerate your career.”
“It’s about doing things simpler, better, faster, with consistency and standardization,” he said. “Governance is not about slowing you down; it’s about ensuring you do it right.”
For newcomers entering martech, he offered one final piece of advice:
“Go slow. Understand the principles first. Learn how technologies work hand in glove, how data flows, what upstream and downstream impacts exist. Then package that knowledge around governance. That’s how you accelerate your career.”
Related resources
Want more like this resource? Find helpful links below.
