The Crucial Role of Compliance in Financial Services | GBAF

The Crucial Role of Compliance in Financial Services | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > DATA, DATA EVERYWHERE, BUT NOT A TECH TO LINK

DATA, DATA EVERYWHERE, BUT NOT A TECH TO LINK

Published by Gbaf News

Posted on July 5, 2017

9 min read

Last updated: January 21, 2026

Oil market trends amid US crude inventory rise and China-US trade concerns - Global Banking & Finance Review — This image illustrates the decline in oil prices as US crude inventories increase, highlighting concerns over demand and the impact of China-US trade tariffs on the oil market.

Stuart Clarke, CTO, Cybersecurity, Nuix

From board level down, financial services are concerned with the same fundamentals as any other business; sell more, lower costs and respond to regulation. The latter of these is what really drives financial services, however. Currently, the most assured way to secure budget for a project is to align it to a regulatory matter or initiative because not doing so spells nothing but disaster. A failure to pass a PCI DSS compliance audit for example, might rid a bank of its ability to process credit card information, leading to both lost revenue and reputation.

This is the reason that risk and compliance functions are bigger in banks than in any other industry. The pressures are enormous. Not only does the danger of fines and penalties hover over banks who fail a compliance audit, the FCA have, can and will fine them not only if they are breached, but even if they fail to demonstrate that they are taking regulation seriously.

The considerable threat of data breaches means that international banks face much stricter regulatory penalties abroad, even jail time in some cases. Data flows easily, and even with the looming threat of the GDPR, companies are learning the hard way that they can’t make every outpost their ‘mini US or UK HQ’.

Regulations are increasingly honing in on the need to retrieve specific data quickly. And the compliance functions in financial services are growing to reflect this. From DPOs (Data Protection Officers) to AMLROs (Anti-Money Laundering Reporting Officers) regulatory reporting now forms a part of many job functions.

The trouble is the people in these roles struggle to process and analyse vast amounts and varieties of data so they can determine risk and strategy. The role is seen by many as a kind of poisoned chalice. As Barclays Chief Data Officer, Usama Fayyad, put it in an interview last year, “There are lots of opportunities and dangers in a changing data landscape”. There is value in client data, but what use is that data if it can’t be located and analysed? Or even worse, found quickly to meet the needs of an compliance or investigation?

The reality is, it’s only a relatively small amount of data that is ever audited or examined for compliance purposes – until a catastrophe happens. This can result from inaccessibility, lack of resources, or lack of urgency.

I was recently working with an international bank that was feeling the sting of an AML investigation. Although it had done nothing wrong, the data in question was difficult and expensive to find and produce in a timely manner. A number of other areas in the business needed similar solutions to find, classify, produce, and protect data. Particularly, the bank’s European counterpart was struggling with how to identify personally identifiable information (PII) flowing to the US and impacted by GDPR.

This reflects the fact that, in general, banks have never taken a holistic approach to identifying the impact of its unstructured data. The most obvious culprit for regulation requests will likely be PII stores, but is that data more important than PCI or AML data? For many financial services companies, they won’t know until disaster strikes and it is too late.

Banks should have, at least, a high-level solution already for bulk data analytics to deal with this issue. They know that effectively managing information for regulatory compliance means a number of things. It means watching the business to see where dangerous or valuable information is created and stored. It means understanding the totality of the information in the variety of repositories and formats that it exists: IM, emails, SMS, trader turrets, network traffic, user behavior, and even voice recordings. It means being able to search, classify, parse, cluster, and secure all content according to each regulator’s criteria.

But the major problem is that in the vast majority of cases, the solutions banks have won’t be fit for purpose. The current landscape of technologies that can parse and analyse data are good within a finite window. They tend to specialise in working with certain data types or relationship types. This means that while a lot of compliance projects will start with good intentions, they will fail unless they can better stitch different types of data together.

The requirements demanded from today’s regulation environment reflect the FCA and other bodies’ ongoing concerns with data quality, governance, controls, and accountability over reporting. Banks face heightened standards for submitting accurate data reports across an increasing number of regulatory reports, and in addition are expected to meet high standards around report preparedness and monitoring.

The technology requirement to analyse large data sets and determine their accuracy has never been more in demand. If financial services want to stay ahead of the game, they need the ability to bring in real-time feeds from all different parts of the business, ideally all in one platform.

Stuart Clarke, CTO, Cybersecurity, Nuix

From board level down, financial services are concerned with the same fundamentals as any other business; sell more, lower costs and respond to regulation. The latter of these is what really drives financial services, however. Currently, the most assured way to secure budget for a project is to align it to a regulatory matter or initiative because not doing so spells nothing but disaster. A failure to pass a PCI DSS compliance audit for example, might rid a bank of its ability to process credit card information, leading to both lost revenue and reputation.

This is the reason that risk and compliance functions are bigger in banks than in any other industry. The pressures are enormous. Not only does the danger of fines and penalties hover over banks who fail a compliance audit, the FCA have, can and will fine them not only if they are breached, but even if they fail to demonstrate that they are taking regulation seriously.

The considerable threat of data breaches means that international banks face much stricter regulatory penalties abroad, even jail time in some cases. Data flows easily, and even with the looming threat of the GDPR, companies are learning the hard way that they can’t make every outpost their ‘mini US or UK HQ’.

Regulations are increasingly honing in on the need to retrieve specific data quickly. And the compliance functions in financial services are growing to reflect this. From DPOs (Data Protection Officers) to AMLROs (Anti-Money Laundering Reporting Officers) regulatory reporting now forms a part of many job functions.

The trouble is the people in these roles struggle to process and analyse vast amounts and varieties of data so they can determine risk and strategy. The role is seen by many as a kind of poisoned chalice. As Barclays Chief Data Officer, Usama Fayyad, put it in an interview last year, “There are lots of opportunities and dangers in a changing data landscape”. There is value in client data, but what use is that data if it can’t be located and analysed? Or even worse, found quickly to meet the needs of an compliance or investigation?

The reality is, it’s only a relatively small amount of data that is ever audited or examined for compliance purposes – until a catastrophe happens. This can result from inaccessibility, lack of resources, or lack of urgency.

I was recently working with an international bank that was feeling the sting of an AML investigation. Although it had done nothing wrong, the data in question was difficult and expensive to find and produce in a timely manner. A number of other areas in the business needed similar solutions to find, classify, produce, and protect data. Particularly, the bank’s European counterpart was struggling with how to identify personally identifiable information (PII) flowing to the US and impacted by GDPR.

This reflects the fact that, in general, banks have never taken a holistic approach to identifying the impact of its unstructured data. The most obvious culprit for regulation requests will likely be PII stores, but is that data more important than PCI or AML data? For many financial services companies, they won’t know until disaster strikes and it is too late.

Banks should have, at least, a high-level solution already for bulk data analytics to deal with this issue. They know that effectively managing information for regulatory compliance means a number of things. It means watching the business to see where dangerous or valuable information is created and stored. It means understanding the totality of the information in the variety of repositories and formats that it exists: IM, emails, SMS, trader turrets, network traffic, user behavior, and even voice recordings. It means being able to search, classify, parse, cluster, and secure all content according to each regulator’s criteria.

But the major problem is that in the vast majority of cases, the solutions banks have won’t be fit for purpose. The current landscape of technologies that can parse and analyse data are good within a finite window. They tend to specialise in working with certain data types or relationship types. This means that while a lot of compliance projects will start with good intentions, they will fail unless they can better stitch different types of data together.

The requirements demanded from today’s regulation environment reflect the FCA and other bodies’ ongoing concerns with data quality, governance, controls, and accountability over reporting. Banks face heightened standards for submitting accurate data reports across an increasing number of regulatory reports, and in addition are expected to meet high standards around report preparedness and monitoring.

The technology requirement to analyse large data sets and determine their accuracy has never been more in demand. If financial services want to stay ahead of the game, they need the ability to bring in real-time feeds from all different parts of the business, ideally all in one platform.