Unstructured data and regulatory risk: you cannot control what you cannot see

March 2021  |  SPOTLIGHT  |  BANKING & FINANCE

Financier Worldwide Magazine

March 2021 Issue

The collection and currency of data has become ingrained in our daily lives. Every email, LinkedIn post, Word document and bank transfer contributes to the ever-expanding sea of data. We have gathered, shared and transferred information in our households, workplaces and online communities. Analysts have spotted patterns, made predictions and learned valuable lessons about human behaviour.

Author and digital visionary Pearl Zhu once said: “We are moving slowly into an era where big data is the starting point, not the end.” So much can be derived from the data we share with financial services firms, and yet, for many of these organisations, once this data is collected, a large portion of it sits unexplored. And it is costing the industry a fortune.

The financial services industry is in the middle of a not-so-perfect data storm. Last year, between February and the end of April, financial services firms faced a 238 percent increase in cyber attacks. At the same time, regulators are demanding transparency and more evidence of compliance. As these data estates expand into universes of structured and unstructured data, the challenge for financial services firms to protect, retrieve and analyse our data is herculean.

While structured data is relatively straightforward to categorise, not all data is structured. In fact, most of it is unstructured. Organising vast amounts of unstructured data into a cohesive, usable, format takes significantly more effort than the former. Imagine you are searching for a needle in a haystack, except you are not sure what the needle looks like – and you are not even sure it is a needle.

If you cannot quantify the risks, you cannot solve them. And while a fine for breaking a regulation may feel like a short-term issue for some firms, the long-term impact of reputational damage cannot be laid to rest so easily.

Back in 2019, CapitalOne experienced a data breach which affected 100 million customers in the US and Canada. A server holding customer information was hacked by a software engineer, via a firewall misconfiguration. It is possible, had this security risk been identified earlier, CapitalOne could have implemented risk mitigation measures to lessen the damage. Following news of the breach, CapitalOne’s stock price plummeted by 6 percent.

Firms that do not manage and interpret the entirety of their data will never fully understand the current state of their business. A wealth of unstructured data can cloud auditor reports, creating a situation where businesses act based on misleading information, and could land themselves a hefty fine. A business which does not understand its present cannot prepare for the future.

Data management systems are a cost financial services often feel they can cut. On the hunt to reduce expenses, firms abandon platforms and hoard irrelevant unstructured data for fear of breaching regulation. While the move might seem logical, it is actually misguided. A US report recently revealed that financial services firms face costs of $2.5m annually for unstructured data compliance. It appears the mismanagement of unstructured data tends to incur a higher cost than the solution does.

But poorly managed data does not just lead to financial loss. Productivity declines and inefficiencies increase without the support of a transparent management system. Hours that could be spent on earning a profit are lost on data retrieval from disjointed systems when automated solutions could be making this data easier to both locate and analyse. Businesses that lack operational synchronicity are vulnerable to employee error; digital copies are distributed and lost in the ether – a loophole which could be exploited by hackers.

When firms become victim to fraudulent activity, customers tend to vote with their feet. According to a study by Ponemon Institute, 65 percent of data breach victims lost trust in a brand following the attack. When consumers lose trust in a firm, shareholders and partners tend to follow. At the time, financial reparations will come in the form of a fine, but relational damage might never be resolved.

The biggest mistake is to do nothing at all. Dealing with vast amounts of data can seem like a challenge that is too big to start. Regulators are looking to see practices that improve compliance, but they also appreciate that this is a journey. For example, when the General Data Protection Regulation (GDPR) first came into force, businesses were, understandably, fearful – the guidance was broad and the fines for non-compliance significant. As it transpired, however, the only organisations that need to be worried are the ones that are not taking any steps toward better compliance.

As well as regulators, consumers are looking to see which brands are being proactive in their security and privacy operations. Proactivity is key, and ensuring customers are up to date with compliance goes hand in hand with managing their expectations.

Proper data management pays dividends

When firms take control of their data, they can tailor services and products to suit their existing customers and make predictions about the future market. The life journey of a customer is reflected in the life journey of their data; the data management platform should be as much about relationship management as garnering new insights about the business. Understanding the customer should be at the heart of all business operations. High quality, organised data is critical to a high-quality customer-brand relationship.

Every business has a different appetite for risk. Smaller financial services firms may not have the capacity to endure as much risk potential as their larger competitors. While it is highly unlikely every risk identified poses an imminent threat, having a comprehensive understanding of the scale and breadth of risks enables compliance departments to address more concerning weaknesses before they turn into crises.

This industry-wide push for transparency is likely to mean regulators will soon want direct access to a company’s data management platform. Whereas now, it is the responsibility of a firm to run audits and provide reports, we can expect regulators to begin building their own reports via data derived directly from data management systems.

For firms that are already taking steps toward better compliance, this will be a weight off their shoulders. Internal auditing operations will not be necessary, and staff can direct their time toward increasing profits. But for those without effective data management processes, risks revealed by regulators will be bad news for the business, too.

Knowing where to start

Unseen risks do not need to stay that way. For businesses to get a steady grip on compliance and security, it is practical to start small. When a firm lacks data strategy, understanding where risk might be lurking can be challenging. But most businesses have a sense of where potential risks could appear and utilising this knowledge can help firms decide what needs their attention first. Identifying and addressing one vulnerability is an effective way to start. Regulators are looking to see action, not a perfect scorecard, and businesses can upscale their risk mitigation operations as they grow more confident.

Digital data management systems that enable businesses to scale up their compliance operations over time, monitor specific risks and prioritise the areas they want to address will empower firms to address compliance on their own terms. The longer firms ignore their data, the more it continues to accumulate. This information can provide valuable information about the health of the business, customer behaviour and market trends.

It all boils down to this: firms that properly manage unstructured data have a better understanding of their business. They can mitigate risks and prevent damage from cyber attacks, avoid regulatory fines and maintain the trust and loyalty of their customer base. Properly managed data can provide insights that inform product development decisions, marketing activities and internal weaknesses. Firms that understand their data can use analyses as a guiding light in uncertain times. When financial services firms take control of their data, they take control of their future.

 

Simon Cole is chief executive at hivera. He can be contacted on +44 (0)20 7307 5945.

© Financier Worldwide

BY

Simon Cole

hivera

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.