The recent woes at UBS with its own Nick Leeson/Jerome Kerviel (delete as desired) style rogue trader and this month’s MF Global bankruptcy investigation into its customer data practices have both highlighted an important aspect of data management: control. Whether it be data and system access concerns, or those related to the treatment of customer data (and funds) in the correct manner, keeping a better handle on data is in the minds of both the regulatory community and the industry at large.
And it’s not just financial institutions that have been found to be lacking: the Financial Industry Regulatory Authority (Finra) received a very public dressing down last month from the Securities and Exchange Commission (SEC) for failing to retain “document integrity” with regards to minutes of staff meetings. Moreover, it was the third time that the regulator has been caught for providing the SEC with altered or misleading documents over the last eight years.
The SEC also received a slap on the wrist this month for failing to retain records that government officials deemed important, thus violating federal rules related to the submission of data to the National Archives. The regulatory community’s data audit trail practices are also coming into question.
At the heart of the issue is ensuring that data is being treated in the correct manner by the correct people, and that those that should not have access to that data cannot use loopholes to their own advantage. These data security and privacy concerns have also been raised during discussions about cross border sharing of sensitive data such as that collected by trade data repositories or by systemic risk focused bodies (check out another of my recent blogs about risk data here).
Interestingly, I also met up with identity governance solution vendor SailPoint this week and this got me thinking about the rising profile of data governance and control in the financial services sector. Last year, the vendor conducted a survey that indicated that employees are much more likely to steal company data than a stapler when they leave an organisation (see more here). So, ensuring employees don’t have access to data they shouldn’t during their employment period isn’t the end of the problem, they can also take data with them that may be potentially damaging.
The upshot of all of this is that data governance and control is being viewed in a very serious light by many in the industry at the moment. Keeping roles clear within data governance programmes is a key aspect of this, but so is keeping a tight handle on downstream access and alterations to that data. The increased popularity of cloud and software as a service (SaaS) solutions also adds a new dimension to all of this and one that is still continuing to evolve.
Whether you’re a regulator or financial institution, control of data is a key concern.