How better data governance can help banks keep pace with the rising tide of regulations
- 10 November, 2017 14:28
Like their counterparts around the world, Australian banks have to operate in a rapidly evolving regulatory environment. Shifting APRA restrictions on lending and looming mandatory data breach notification requirements mean they must constantly review their activities to ensure compliance.
When you add regulations such as US-based Sarbanes-Oxley measures and the European Union's planned GDPR legislation, the picture becomes even more complex. Banks with international operations must ensure they also comply with these expansive and restrictive measures.
The roots of many of these regulatory hurdles can be traced back to the global financial crisis of 2008. Back then, excessive risk-taking by international banks caused a crash that brought economies around the world to their knees. Many of the new regulations are designed to ensure that this kind of economic meltdown never happens again.
More recently, focus has shifted to the protection of personal data. Australia's data breach laws and Europe's GDPR are designed to ensure banks (and other businesses) handle and store personal data in a highly secure way.
Non-compliance with these regulations can result in fines, reputational losses, and even criminal charges. As a result, banks and other financial services organisations need to ensure that they maintain the highest possible standards of data management and data integration to ensure compliance.
The key role of data governance
In tackling the need for compliance with this complex web of regulations, high-quality data management is vital. Knowing precisely how data is being moved and stored and being able to demonstrate this to external regulatory bodies is especially important.
To maintain compliance, organisations need an understanding of the entire data lifecycle. They need to know and, if required, show what happens to data as it goes through various processes over time.
Such traceability is a key requirement within some key banking and general business regulations. They often specify the need to know whether a customer has opted in to something or specifically opted out.
In the case of GDPR, for example, Australian banks operating in Europe will need to implement a personally identifiable information (PII) data hub where they can pull all relevant data together in one place. They will also need to reconcile and harmonise disparate PII data into a “single version of the truth” using data quality and master data management (MDM) together with metadata management to establish data lineage.
Data lineage is frequently seen as the first step towards good data governance. In fact, data governance effectively takes data lineage one stage further by outlining a full set of processes that ensure important data assets are formally managed across the entire enterprise.
Having in place the right data governance systems and solutions is vital in delivering a fully secure, well-managed and compliant data environment within banks. More specifically, it is a vital building block that goes towards meeting the stipulations of many regulations.
In the case of GDPR for example, putting in place the right data governance policies will be key to implementing parameters around opt-in periods, establishing the right of the data subject (such as the right to be forgotten, right of rectification, or right for data accessibility and portability) or archiving historical data.
To the same extent that GPS transformed the transportation industry by bringing real-time transparency over the traffic conditions, modern data platforms have the potential to bring transparency across the financial information supply chain - something that's key to achieving regulatory compliance.
These platforms can help make information easier and to access and store securely. They can also overcome insecure practices such as when employees create their own local versions of access databases and excel spreadsheet files, which can be difficult to control and could well amount to a breach of regulations.
Over time, good data governance and management will become even more important to banks in ensuring compliance as they enter a new age of self-service access and data preparation tools. These tools will help drive productivity and competitive advantage by enabling any decision maker in the enterprise to quickly prepare data so they can operate at their full digital potential.
It is also important to remember that the effort invested in better data management, data lineage and data governance will pay dividends today but also further down the line. When the next piece of legislation is introduced, it will be less of an issue for banks as they will have already put the necessary foundations in place.
In addition, regulations mandating best practices in managing customer data are also driving Australian banks towards establishing one-to-one relationships with their customers based on trust and personalisation.