2018 saw banks and other financial institutions in the US report a three-fold increase in data breaches than they did in 2016. The UK, for the same period, saw the number of data breaches reported to the Financial Control Authority increase nearly five-fold. And the trend has been mostly similar in other parts of the world as well.
If you are involved in any way with the cybersecurity or infosecurity of your financial services firm, chances are pretty high that you are already aware of these situations. You might even be wondering how, amidst the disruption brought about by blockchain and RPAs, you can be expected to secure your organization’s true capital – the data it possesses – without locking it up so tightly that no one can access it.
But if you do that, what would be the point of having all that data anyway?
Along with healthcare, the financial sector probably handles more sensitive data than all the other sectors put together. For a variety of reasons, this is also one of the most regulated sectors in the world and necessitates adherence not only to local laws but also to international laws and treaties. As a result, data governance is never really a simple preposition that depends on ‘protecting’ data, but more appropriately about setting in place a policy that runs in that narrow band where all stakeholder concerns are addressed.
What does that mean for your data governance policy?
A cardinal rule for any financial services firm is that it must not fall afoul of the legal and statutory compliances it needs to follow. For multinational operations, this means reconciling different formats and data points, presenting them in the right way and allowing access to the data only through tightly-controlled channels where there is no scope for mistakes, much less manipulation. Naturally, your data governance framework or policy must cover these requirements without fail or compromise.
Guarantee accuracy and authenticity
In a field where decimal points of the fifth order might have multi-billion dollar impacts, and where accountability and traceability are virtual bywords, data can never be suspect. Every byte of information that passes through your organization must be protected from errors, deliberate or otherwise. Your data governance policy must have these safeguards in place and be the gold standard for others to emulate.
Build checks and balances
A robust system requires multiple levels of reviews and approvals, and nowhere else is this as visible as in a financial institution. Transactions and asset management must have clearly defined workflows so that the odds of a mistake being propagated through the system are significantly reduced. Your data governance policy must spell out these workflows, the roles and the people involved in clear, unambiguous terms.
Ensure customer privacy
The customers of financial organizations, whether these are organizations themselves or individuals, expect their privacy to be respected. Their details must not be exposed to unauthorized personnel within your firm; even with authorized personnel, access must be need-based and time-bound. A strong, well-articulated data governance policy can eventually become a selling point with your customers as well, for they will then have even more faith in your organization’s ability to protect their best interests.
Deliver data as-needed, when-needed
Most organizations fail with their data governance approach not by doing too little, but rather by doing too much. Like any organizational initiative, your data governance vision must be to enable the business, not to suffocate it for want of the right data at the right time. If there is any process that is a bottleneck for business activities, it must necessarily be streamlined so that it is no longer an obstacle.
Aid business growth and decision matrices
Analytics is a core function in most organizations these days. Your data governance policy must, therefore, be mindful of the various parts that come together to develop the complete picture: the machine component where RPAs and AI-enabled processes handle data, and the human component where your colleagues need access to macro-level data to draw insights from and arrive at key business decisions.
As a financial institution, your records of transactions might need to be reconciled with various other databases, private and public. This means that your data governance framework must allow for interchanges through which your data can be passed back and forth. You might have to pass on tax-related information, for instance, along one channel and asset-related information on another. Planning ahead for these points of interconnection will also help you plan for the security measures you might need to protect your own in-house systems from breaches and hacks.
Data security is a fluid concept, a constantly-evolving benchmark. There are no perfect protocols, no such things as impenetrable firewalls. Given enough time and the right tools, even the most secure systems can be broken into if they do not learn to stay ahead of those who wish to break into it. And that’s why it is so important that your data governance review cycles be as frequent as they are well-informed.
For financial institutions, these are all hygiene factors, essentials to keep in mind when formulating a data governance policy. I&I’s 4-stage approach to data governance embraces industry best practices to ensure data protection in a highly regulated environment such as finance. And if you need help setting up your data governance policy, do reach out to us.