Devie Mohan, CEO and Co-Founder of Burnmark recently interviewed Matthew Bernstein, leading Information Management Strategist, about how multi-jurisdictional financial institutions are leveraging technology to deal with the complexities in complying with today's legislation related to information assets.
Below is an extract from an interview in the RegTech for Information Governance research report. Read the full interview, along with two others with the Global Head of Records Management from Deutsche Bank and the CEO of CUBE, by downloading the report now.
What is your view on how the regulatory landscape is changing, and the challenges that are emerging, in what seems like a time of extreme regulatory change globally?
Information governance has been greatly affected by changes in regulatory focus. When I think of information governance, I think of information security and cyber risk, as well as data governance and records management. Regulators around the globe want to know what is being done to secure information and reduce risk.
Secondly, heightened focus on the handling of personal data, encompassing data privacy and protection, has led to a more scrupulous approach to regulation. Record managers now need to deliver governance at a far more granular level. When a record contains PII, for example, it opens the requirement to follow a whole different set of rules.
Finally, new regulations like MiFID II have extended records retention requirements into areas of the business where it has not been seen before. There is a heavy focus on electronic communications – email, chat systems, voice and social media predominantly – which the regulator needs to see recorded and monitored both retrospectively, and in real time.
In the wake of the financial crisis, initially we saw a lot of convergence of regulator supervision, but now we're seeing regionalisation of information governance, which is challenging from a compliance perspective. With GDPR, while everybody is following the same regulation, there are differences of interpretation across EU states, and we're also seeing jurisdictions outside the EU piggybacking on GDPR, which is introducing some interesting twists. This is leading to greater diversity in requirements, which is adding complexity to the regulatory intelligence and change management process.