• Skip to primary navigation
  • Skip to main content
  • Skip to footer
The Evolution of ESG RegulationThe Evolution of ESG RegulationThe Evolution of ESG Regulation

CUBE global

  • Products
        • RegPlatform product overviewOur enterprise product, providing regulatory intelligence for large, global financial institutions looking to tackle complex compliance.
        • RegAssure product overviewOur highly intuitive, seamless compliance product, that grows with your small or medium sized business.
        • CUBE's technology
  • Solutions
        • PrivacyGlobal governance for data privacy regulations, the world over
        • RecordsHolistic oversight of ever-growing regulations for records
        • CybersecurityAutomated workflows for up to date, relevant data on cyber
        • Technology riskEffective policies and controls to mitigate technology risk
        • Financial crime and AMLWatertight audit trails to show risk-based rationale
        • View all solutions
  • Resources
        • Resource hubLifting the lid on financial services, compliance, and regulation
        • Read

        • Case Studies
        • Blog posts
        • Reports
        • RegNews
        • Brochures
        • Find

        • Compliance Corner
        • Compliance confessions
        • ESG Conference
        • CUBE’s regulation game
        • Listen

        • Videos
        • Webinars
        • Podcasts
  • Partners
        • Advisory and consulting partnersEnhance your regulatory compliance offering with the entire suite of CUBE regulatory data.
        • Integration partnersCompliance is complex enough without over-complicated integration procedures.
        • Technology partnersAdd value to existing customer applications with a unified window into regulatory intelligence.
        • Partners overview
  • About us
        • About usThe story of who we are, how we got here and why we’re exceptionally proud of what we do
        • TeamThe visionaries and leaders powering CUBE’s success
        • NewsThe latest news from CUBE
        • CareersOur movement to transform regulatory data into regulatory intelligence
        • ContactWant to know more? Get in touch
  • Request a demo
Customer login
Home » Resources » How to secure stakeholder buy-in for your information governance project
Colleagues shake hands after securing stakeholder buy-in

Estimated reading time: 4 minutes

How to secure stakeholder buy-in for your information governance project

What are the three critical issues that need to be addressed to ensure stakeholder buy-in and the long-term success of a project?

Guest blog: by Matthew Bernstein, Information Management Strategist.


Many Information Governance (IG) projects – sometimes even an entire IG ‘Program’ or function – are initiated when senior management realises that a specific “issue” requires an urgent and vigorous response. The issue could be an audit finding, a regulatory enforcement action, the advent of new regulations, or an enterprise cost strategy.

For the business sponsor or project manager, it’s hard to balance gaining the support of senior management (that we always hear is vital to success) with gaining agreement on what to do and how. How do you overcome the governance delays of “it’s too a big a task and we need multiple stakeholders’ input” while mitigating the execution risk that comes with “we’ve just got to get started on this project”?

The answer? Break it down into comprehensible components that can be quickly grasped and approved by individual stakeholders with limited knowledge and time. Start by addressing three critical issues that can derail the long-term success of an IG project, but if established properly upfront can accelerate early wins that build credibility and momentum.

Getting started – three critical issues to address for stakeholder buy-in:

1. Remove ambiguity as to the critical objective. Is it risk mitigation, cost reduction, or a business opportunity?

2. Gain insight around where to focus efforts. What are the time frames and data priorities that will most effectively achieve the critical objective? Should the time frame focus be to “stop the bleeding” going forward or to remediate legacy systems? Should the data priority be determined by risk, business-unit, region, data store, data type?

3. Clearly define critical activities. There can be a tendency (especially for senior management) to derail an IG project by assuming that what is missing is a particular component of the operating model (people, governance, process, technology), and thus make the urgent development of that solution the critical activity, e.g., a new policy ‘framework’, or a new enterprise IT solution.

Defensible disposal: a practical example

‘Defensible disposal’ is of increasing interest to enterprises. But how can you get started on this kind of governance project? How can you be persuasive so to secure stakeholder buy-in? And how can you avoid charging ahead with the wrong approach?

Defensible disposal can have both a Risk and a Business objective, as conveyed here:

Reduce the amount of data held, to decrease processing costs, streamline control processes, and reduce privacy, eDiscovery, and litigation risks and costs, by disposing of information no longer required for legal, regulatory, or business purposes.

It’s easy to see why senior management would support this objective, and have many opinions on what to do! But, to get started, you could ask management to endorse the initial objectives and activities of the program, for example:

“The growth of privacy legislation around the world is creating heightened financial and reputational risks associated with the collection and use of personal data. Thus, the critical objective of the Defensible Disposal Project will be risk reduction: reducing the stores of personal data that the company retains, which would most likely be subject to regulator or consumer challenges.

The largest concentration of personal data is in our consumer banking business and the initial focus of the project will be on improving information governance in that division to support Defensible Disposal. We believe the greatest risk lies in the retail consumer clients’ reaction to the collection of information in the context of new product marketing and onboarding.

The key to success will be RegTech, which provides Automated Regulatory Intelligence (ARI) alongside privacy program management. With the first, we will establish the set of requirements we are subject to in the multiple jurisdictions in which we operate, and we will gain insight into the remedial actions we need to take to ensure governance. With the second, we will create a suitable knowledge base of our data. These are the prerequisites for proposing a disposal plan.”

Obviously, establishing these high-level parameters will require initial background work, to understand the concerns of senior management and formulate a meaningful assessment of the organization’s current state.

Whatever the urgency, the time and place to discover, plan and agree on these initial objectives and activities –– to get the program quickly and successfully underway – is right from the start, not mid-project during a steering committee meeting or a presentation to senior management.

Measure twice, cut once…and get going.


CUBE is a RegTech providing Automated Regulatory Intelligence for information governance solutions. Know every regulation that matters – from defensible disposal to retention – and how to comply, with CUBE.

Speak to the team

Related resources
View all resources
A hand writing Asset Management
Blogs

Compliance in the asset management industry

Person stopping domino stones from falling over , which has risk written on it.
Blogs

How to protect financial institutions from collapse

Sylvia Yarbough whispers to a colleague about the key to customer complaints
Blogs

Compliance Confessionals – How does a CCO stay organized?

resilience
Blogs

Get ready for new digital resilience obligations


Want CUBE updates and latest industry news sent straight to your inbox?

Footer

Add CUBE logo here

  • Products
    • Partners
    • Solutions
  • Resource hub
    • Blogs
    • Reports
    • Brochures
    • Compliance Corner
    • Webinars
    • Podcasts
    • Videos
  • Behind CUBE
    • About us
    • Meet the team
    • Careers
    • News US
    • Contact us
  • The legal bits
    • Privacy policy
    • Cookie policy
    • Terms of use
    • Accessibility
Follow us:
  • LinkedIn
  • Twitter
  • YouTube

© 2023 CUBE Content Governance Global Limited

  • English
  • US