Financial systems, all over the world, play fundamental roles in the development and growth of the economy. The effectiveness and efficiency in performing these roles, particularly the intermediation between the surplus and deficit units of the economy, depend largely on the level of development of the financial system. Financial systems, all over the world, play fundamental roles in the development and growth of the economy. The effectiveness and efficiency in performing these roles, particularly the intermediation between the surplus and deficit units of the economy, depend largely on the level of development of the financial system.This describes the protection of customer data within the financial services Industry. It includes examples of good practice within financial institutions. Embracing the the standard practices within the financial services firms, in general, could significantly improve their controls to prevent data loss or theft.
Despite the positive impact of technology on society, it has on the other hand led to unintended use in criminal activities like cyber crime. It has therefore become easier to steal a penny from millions of bank account owners using the internet than through conventional bank robbery. Since banking is highly based on trust from its customers, security issues will remain a special concern in the banking industries. Hence, the risk of hackers, denial of service attacks, technological failures, breach of privacy of customer information and opportunities for fraud created by the anonymity of the parties to electronic transactions have to be properly managed.
The blunt truth is that all organisations need to take the protection of their data and information with the utmost seriousness. Organisations holding individuals’ data must in particular take steps to ensure that it is adequately protected from loss or theft. There have been several high profile incidents of data loss in public and private sectors during that time which have highlighted that some organisations could do much better. The coverage of these incidents has also raised public awareness of how lost or stolen data can be used for crimes like identity fraud. Getting data protection wrong can bring commercial, reputational, regulatory and legal penalties. Getting it right brings rewards in terms of customer trust and confidence. The financial services industry needs to pay close attention to what its regulator is saying here, which is also relevant to organisations outside the financial services industry which hold data about private individuals. All organisations handling individuals’ data, in both the public and private sectors, could benefit from the good practice advice it contains.
It has been noted that the most significant shortcoming in the banking industry today is a wide spread failure on the part of senior management in banks to grasp the importance of technology and incorporate it into their strategic plans accordingly. contemporary technology in banking comes in the form of computer based application and information technology. From the banking customer’s perspective, two of the practical purposes of banking are convenience and accessibility to both funds and account information.Many financial institutions are failing to identify all aspects of the data security risk they face, for three main reasons. First, some do not appreciate the gravity of this risk; second, some do not have the expertise to make a reasonable assessment of key risk factors and devise ways of mitigating them; and third, many fail to devote or coordinate adequate resources to address this risk. Large and medium-sized firms generally devote adequate resources to data security risk management but there is a lack of coordination among relevant business areas such as information technology, information security, human resources, financial crime, and physical security. There is too much focus on IT controls and too little on office procedures, monitoring and due diligence. This scattered approach, further weakened when firms do not allocate ultimate accountability for data security to a single senior manager, results in significant weaknesses in otherwise well-controlled firms. However, the wide use and application of information technology in the banking industries has also led to emerging threats and attacks, basically in the form of computer crimes and fraud Hence, there is a need to protect customers and stakeholders involved in information technology services.
Firms’ dealings with third-party suppliers are a major concern. Many firms, small and large, use third parties for IT maintenance, as well as the backing up of electronic files and archiving of paper documents. Firms generally rely too much on assumptions that contractual terms are being met, with very few firms proactively checking how third parties vet their employees or the security arrangements in place to protect customer data.
In addition, some firms do not consider the risk associated with granting third-party suppliers in their environment. Financial Institutions or firms try to assess and manage their data security risks and evaluating how these risks are changing, and how they impact on the statutory objectives.
four statutory objectives
- market confidence: maintaining confidence in the financial system;
- public awareness: promoting public understanding of the financial system;
- consumer protection: securing the appropriate degree of protection for consumers; and
- the reduction of financial crime: reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime.
Financial services organizations are built on data, so data governance is a critical concern. But many firms have their own definition of data governance which may be completely different from competitors. For some financial institutions, data governance means establishing governance bodies and councils, while others consider data governance the process of defining data stewardship and workflow. Some financial services firms have master data management and data quality programs established under the name of data governance, while others combine all of these aspects—governance bodies, data stewardship, metadata and master data management and data quality—under the data governance umbrella. Theoretically, data governance encompasses the systematic and formal management of any service or process that is required for effective information management. But realistically, businesses prioritize and sponsor only those initiatives that are mandated by regulations or provide a clear return on investment. The financial services industry has been moving towards enforceable data governance which turns static policies and standards in Word documents into governance processes that can be enforced and realized in IT and the business with tangible benefits. Within financial services firms, the most prominent governance goal is the availability of reliable and accurate data for risk aggregation and reporting including data accountability and traceability. Although IT enables and implements tools for data governance, it is not an IT initiative and should not be driven by IT. For a data governance program to be successful and sustainable, the mandate must come from the business. While a data governance program may result in a tool-based implementation, that is not the core of data governance.
Common Business Drivers
For financial services organizations, the most common reasons for a data governance initiative are:
- Support risk management and regulatory reporting
- Address mergers, acquisitions and divestitures
- Provide improved analytics to gain competitive advantage
- Enable more informed and real-time decision making
- Save or avoid costs
- Assist with cross and up-selling
- Comply with regulations
- Reduce customer attrition
- Enhance customer service quality
- Improve profitability and operational effectiveness
A long-term, sustainable data governance initiative must be built on a foundation of metrics based measurements. These metrics can be broadly classified in three categories:
- Efficiency metrics
- Enablement metrics
- Enforcement metrics
Whether your financial institution has already implemented a data governance program or if your program is underway, it is useful to perform an assessment of your firm’s data maturity and governance to prioritize and map business drivers to IT initiatives, align governance processes with the software development life cycle, and define and articulate an SLA-based continuous improvement program. It’s not possible to monetize every benefit from a data governance program, especially those around Enforcement. Your organization’s needs, objectives and action plans for data governance may differ significantly from your competitors.
There’s no one size fits all model for data governance, and no single tool that can solve all challenges. IT implementations and tools must be carefully selected based on unique goals of your business. Establishing a metrics-based program to assess, monitor and improve the governance program is critical for its success and ongoing support.