November 9, 2020
Estimated reading time: 9 minutes
What keeps the industry up at night?
CUBE polls reveal privacy, resources & budget are a priority.
2020 has presented unusual, unexpected and unpredictable challenges for
financial institutions. There has been a shift in focus across the board, no more
so than in the landscape of information governance, where teams look to
grapple with new data priorities in an evolving world.
CUBE recently ran a series of social media-based polls to get a clear understanding of what’s keeping you up at night.
We received a fantastic response, with a total of 2,747 answers being provided across the 4 polls that were run on LinkedIn & Twitter. The results show a desperate need for increased resource, increased budget – and a desire to protect data no matter the cost.
Download a copy of the report
1. Protection & privacy are paramount
In the first of CUBE’s polls, we asked participants what they found to be most important in terms of information governance (InfoGov).
Of the responses received, 59%, – a significant majority – said that data protection and privacy continued to be paramount to their InfoGov processes. The security and privacy of data is an issue that has long permeated financial services but has come into sharp focus over the past decade, especially with the implementation of robust data laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Data is becoming a high-risk commodity, in part due to increased regulatory focus. Our poll shows that data protection and privacy have now been firmly cemented as the chief priority for financial institutions (following the lead set by the regulators). As many headlines have show in the last few years, a lack of effective data privacy and protection measures can see financial institutions levied with significant fines from global regulators.
As shown in the results chart, a further 19% of poll participants said that the most important factor when it comes to information governance data is its processing and ensuring there is transparency in what this process entails. While 15% responded that data retention and disposal is most important to them and, interestingly, only 7% of respondents saw data portability and
localisation as being the ‘number 1’ priority.
Collecting data is one thing, but managing, processing, understanding and storing that data is a far greater, more resource-intensive task. Data retention laws can be complex; as well as contradictory or overlapping. Meanwhile, certain systems and processes will only ever be as good as the data that feeds it. Existing data management processes can often be outdated or too rigid – unable to keep pace with the changing tide.
The answer? Sophisticated, automated data-management platforms
that enhance rather than hinder your data.
Are you worried about the spread of data localisation laws of individual countries?
2. Data localisation laws – a split issue
Our second poll looked to establish how the industry feels about data localisation laws, whereby businesses are required to store or process their data within specific jurisdictions.
The responses showed that, by a small margin, most are unconcerned by increasing data localisation. As shown in results chart, of the responses, 47% were not concerned, 40% were concerned and 13% believed thet would be unaffected. This result is surprising in some respects, given that strict data localisation laws can produce myriad challenges for financial institutions that operate on a global scale.
Data localisation laws, which dictate that data is stored and managed in the country where the data was created, are becoming more prevalent. An example of this is Russian Federal Law No. 242-FZ, which, since September 1, 2016, has stipulated that databases that are used to process personal data of Russian citizens must be physically located in the Russian Federation.
Laws such as this, which are becoming increasingly considered and implemented by individual countries, will restrict the flow of data in an attempt to contribute to an apparently more secure means of data processing. However, for financial institutions – especially those that operate globally and across many jurisdictions – this means that they will require the compliance systems in place to understand where data must be stored and the IT infrastructure to ensure they can adhere to the requirements to store and manage data in countries that implement these restrictive localisation laws.
Over the past year, there have been rallying cries from a number of senior figures within financial services calling for increased collaboration and a more joined-up way of working.
Information sharing, in particular, can form the backbone of many
successful enforcement and investigative actions. With that in mind, it will be interesting to see whether data localization continues – and what that might mean for financial regulators.
What has the biggest impact on your ability to manage data and information governance?
3. Resources are key to breaking down barriers
Our third poll looked to explore the barriers that hinder a business’ ability to manage data and information governance.
Though some challenges around data and information governance have undoubtedly been reduced in recent years with the implementation and normalisation of regulatory technology (RegTech), it’s unsurprising to see that a lack of resources was the most common answer.
As shown in results chart, 30% of participants commented that they were impacted by a lack of human resource, while a further 25% said they had insufficient financial resources. In many respects, both of these hurdles centre around the same issue – a lack of budget, and potentially an inability to obtain buy in from C-suite.
Compliance teams are often keen to pump resources into new and more efficient methods and systems – however, obtaining those resources can be difficult, especially in times such as 2020 where future plans are uncertain. The solution to this may lie in furnishing compliance teams with the knowledge and tools to prove a return on investment for such resources. For example, does the cost of running an under-resourced compliance team outweigh the cost of the potential fines from financial regulators?
Just behind a lack of resources, 24% of respondents noted that their existing legacy systems were negatively impacting their ability to manage data and information governance. While this is a common answer, it is no less surprising given the availability and flexibility of smart, artificial intelligence-led regulatory technology, such as CUBE. Again, this may come down to powers of persuasion.
Legacy systems are inefficient at best, at worst they can be damaging for both a business’s compliance record and their reputation. There is a well-run tale that implementing RegTech is cumbersome or costly – however, with open-APIs and almost seamless integration, at CUBE we know that this is only a myth.
What has the biggest impact on your ability to manage data and information governance?
4. The future needs investment
Continuing with the theme of budget, in our final poll we asked what would help respondents fulfil their short-term information governance priorities over the next 1-3 years.
It will come as no surprise that, as shown in the results chart, 32% of participants said they would like to see an increased budget. Interestingly, 23% respondents said that they need more people in their teams in order to fulfil their InfoGov priorities.
Our findings align with a recent survey from LexisNexis, which found that 24% of compliance professionals’ compliance costs had increased in 2020, with the majority of this attributed to rising labor costs associated with Covid-19. However, a fraction of these labor costs were going towards making teams bigger and were instead going towards extra hours worked on compliance related tasks.
It is becoming apparent that the unpredictable challenges presented throughout 2020 have put significant strain on resources, as well as leading to an increased workload for many. This has resulted in a need for more talent and more tools within the compliance and Info Gov sphere.
Alongside the 23% of respondents that need more people within their teams, 28% said they would require improved technology in order to meet essential InfoGov priorities. In fact, these two needs go hand in hand – as they both essentially call for a new, more efficient and innovative approach. It appears that, for many, existing systems of working aren’t sufficient to manage the increasing burden of compliance obligations.
Even with regulators becoming more stringent, fines for non-compliance increasing, and regulations changing and being implemented almost constantly, many financial institutions are failing to invest in the resources needed to stay on top of their compliance needs.
Throughout the responses to our CUBE polls, there featured one undeniable thread: a lack of resource.
From a lack of team members, to insufficient budget, to outdated technology for data management – it is abundantly clear that, despite messaging from global financial regulators, financial institutions continue to underfund compliance teams and processes.
In times of uncertainty – 2020 being a prime example – banks might be forgiven for being cautious about making new investments. However, as mentioned above, this can often be attributed to a failure to see the bigger picture. An investment in the compliance team, or in InfoGov, is not a wasted expense. The ROI is clear, a watertight, adequately resourced, automated compliance programme will pay dividends when faced with the ever-sharpening eye of the regulator.
The future needs a shift in perspective – one that sees companies investing in compliance teams and technology, in the knowledge that the pay-off is greater than the amount paid.