Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

DATA, DATA EVERYWHERE, BUT NOT A TECH TO LINK

Stuart Clarke, CTO, Cybersecurity, Nuix

From board level down, financial services are concerned with the same fundamentals as any other business; sell more, lower costs and respond to regulation. The latter of these is what really drives financial services, however. Currently, the most assured way to secure budget for a project is to align it to a regulatory matter or initiative because not doing so spells nothing but disaster. A failure to pass a PCI DSS compliance audit for example, might rid a bank of its ability to process credit card information, leading to both lost revenue and reputation.

This is the reason that risk and compliance functions are bigger in banks than in any other industry. The pressures are enormous. Not only does the danger of fines and penalties hover over banks who fail a compliance audit, the FCA have, can and will fine them not only if they are breached, but even if they fail to demonstrate that they are taking regulation seriously.

The considerable threat of data breaches means that international banks face much stricter regulatory penalties abroad, even jail time in some cases. Data flows easily, and even with the looming threat of the GDPR, companies are learning the hard way that they can’t make every outpost their ‘mini US or UK HQ’.

Regulations are increasingly honing in on the need to retrieve specific data quickly. And the compliance functions in financial services are growing to reflect this. From DPOs (Data Protection Officers) to AMLROs (Anti-Money Laundering Reporting Officers) regulatory reporting now forms a part of many job functions.

The trouble is the people in these roles struggle to process and analyse vast amounts and varieties of data so they can determine risk and strategy. The role is seen by many as a kind of poisoned chalice. As Barclays Chief Data Officer, Usama Fayyad, put it in an interview last year, “There are lots of opportunities and dangers in a changing data landscape”. There is value in client data, but what use is that data if it can’t be located and analysed? Or even worse, found quickly to meet the needs of an compliance or investigation?

The reality is, it’s only a relatively small amount of data that is ever audited or examined for compliance purposes – until a catastrophe happens. This can result from inaccessibility, lack of resources, or lack of urgency.

I was recently working with an international bank that was feeling the sting of an AML investigation. Although it had done nothing wrong, the data in question was difficult and expensive to find and produce in a timely manner. A number of other areas in the business needed similar solutions to find, classify, produce, and protect data. Particularly, the bank’s European counterpart was struggling with how to identify personally identifiable information (PII) flowing to the US and impacted by GDPR.

This reflects the fact that, in general, banks have never taken a holistic approach to identifying the impact of its unstructured data. The most obvious culprit for regulation requests will likely be PII stores, but is that data more important than PCI or AML data? For many financial services companies, they won’t know until disaster strikes and it is too late.

Banks should have, at least, a high-level solution already for bulk data analytics to deal with this issue. They know that effectively managing information for regulatory compliance means a number of things. It means watching the business to see where dangerous or valuable information is created and stored. It means understanding the totality of the information in the variety of repositories and formats that it exists: IM, emails, SMS, trader turrets, network traffic, user behavior, and even voice recordings. It means being able to search, classify, parse, cluster, and secure all content according to each regulator’s criteria.

But the major problem is that in the vast majority of cases, the solutions banks have won’t be fit for purpose. The current landscape of technologies that can parse and analyse data are good within a finite window. They tend to specialise in working with certain data types or relationship types. This means that while a lot of compliance projects will start with good intentions, they will fail unless they can better stitch different types of data together.

The requirements demanded from today’s regulation environment reflect the FCA and other bodies’ ongoing concerns with data quality, governance, controls, and accountability over reporting. Banks face heightened standards for submitting accurate data reports across an increasing number of regulatory reports, and in addition are expected to meet high standards around report preparedness and monitoring.

The technology requirement to analyse large data sets and determine their accuracy has never been more in demand. If financial services want to stay ahead of the game, they need the ability to bring in real-time feeds from all different parts of the business, ideally all in one platform.