Gregg Petersen, Regional Director MEA, Cohesity.
News & Events

Challenges of data compliance in banking, finance

In the data-driven economy, the value of clear, accurate, and complete data cannot be understated. It drives insight that leads to informed decision making, which in turn serves to address key business objectives such as streamlining operations, enhancing customer services, and improving the bottom line.

In dealing with ever growing volumes of data, organisations must now carefully navigate a slew of security, regulatory and compliance challenges. With a single lapse potentially attracting hefty financial penalties and tarnishing customer trust, it is no surprise that businesses are taking this requirement seriously and prioritising compliance.

A recent McKinsey and Company study found that on average, companies invest between 2.5% and 7.5% of their IT spend on data governance. Moreover, with data an organisation’s most valuable and vulnerable asset, if they can’t secure it and inspire stakeholder trust to give it to them, they risk being left behind and losing the competitive advantage that data insights provide.

Companies have access to a range of tools – from data management technologies through to artificial intelligence-led algorithms – that could make it much easier to pan their databases of information, improve data classification and find the gold that makes it possible to create personalised services and products for customers.

Creating a secure data governance strategy should be a 2022 imperative for UAE financial organisations

What’s more, data-led decision making is not just about delivering benefits to customers or boosting operational efficiency. While those concerns are critical to long-term success, they are also dependent on a range of rules and regulations that must be adhered to if companies want to make the most of the treasure troves of information they hold.

It’s a tough balancing act – while organisations are keen to collect as much information as they can about their customers, they must also ensure that they respect their right to privacy. Failure to do so could lead to serious ramifications.

In the finance industry, Know Your Customer KYC standards ensure investment advisors know detailed information about their clients’ risk tolerance, investment knowledge, and financial position. KYC is enshrined in a series of laws and guidelines in different countries that work to protect the people that buy finance products and the firms that sell them.

In fact, financial services organisations in the UAE face a raft of regulations, such as the AML-CFT Law and obligations relating to the new Personal Data Protection Law. These regulations mean finance firms must ensure they collect and then process data in a carefully managed manner.

With UAE’s landmark Personal Data Protection Law coming into effect, BFSIs in must now double down on data governance

The AML-CFT Law requires the collection and retention of a large volume of client information which must be made available to regulators on request. Conversely, the Personal Data Protection Law introduces subject rights around the erasure of data.

These regulatory requirements create significant pressures for the managers who are expected to deal with compliance. Add in the obligation to both know your customer and protect their rights, plus the ever-growing mountain of information that firms continue to collect, and organisations face a complex data management conundrum.

At the same time as the amount of data that businesses collect continues to increase inexorably, so does the capability of technology to analyse and investigate trends in this information.

However, while key technology trends during the past few years have created the need for a major shift in data management, Deloitte says many businesses remain slow on the uptake. The consultant says organisations continue to use traditional approaches to data governance focused largely on processes, policies, and individual transactional data domains.

One alternative might be to turn to artificial intelligence AI and machine learning ML. AI and ML models can be trained to find patterns and anomalies in big data sets. When used effectively, these models can enhance data classification techniques and make it possible for data governance teams to automatically identify processes and issues that might otherwise have remained uncovered.

That all sounds like a shortcut to more effective data governance – but business leaders should be aware of a significant catch. While emerging technology can help solve some data management challenges, firms that increasingly rely on algorithms must be aware of ethical concerns. Deloitte says enterprises that use AI will need governance procedures that ensure automated outcomes are fair, reliable, safe, and responsible.

Technology that helps to automate processes associated to KYC and other regulatory concerns can create big operational benefits for businesses. But the decisions that these algorithms make must be explainable. If these decisions are made secretly by black boxes whose inner workings are unexplainable, then customer trust is likely to suffer.

As an added complication, systems that automatically verify KYC could leave businesses exposed to the wrath of regulators. For example, being able to explain automated decision-making is a legal requirement under GDPR. Given that the UAE’s Personal Data Protection Law closely mirrors this European Union regulation, it makes sense for BFSIs in the UAE to keep this requirement in mind from the onset. If you’re thinking of automating KYC processes, then you’ll need to show how your technology is making decisions.


Hands-on tips

  • Your first step should be to deal with data fragmentation. Rather than having data held in disparate locations, look for a software-defined next-gen data management platform. Your data governance process should be an inherent element of your security solution.
  • As well as keeping data secure, your organisation should implement a data management approach that creates auditable operations logs for data protection, helps ensure any personally identifiable information is minimised and stored safely, and that your platform automatically notifies you when something is awry.
  • Effective data management is crucial to business success. However, automation doesn’t mean hands-off decision-making processes. Make data governance part of your security solution by implementing a platform that helps your business create policy-based automation that makes it easier to comply rules and regulations.

With a single lapse potentially attracting hefty financial penalties and tarnishing customer trust, it is no surprise businesses are taking this seriously.