Data governance: securing the future of financial services

Financial cybersecurity, Governance
/ Banking, Insurance and Asset Management

Financial Services Leadership Summit, January 2018

"Data is the new oil, but we do not yet know how to value data properly … If the good twin is digital transformation, then the evil twin is cyber risk. We need to figure out how to monetize information, but these two need to be addressed in tandem."

—Summit participant

Data is becoming the world’s most valuable asset, and financial institutions gather, process, and store massive quantities of it; they have been described as “information technology companies with balance sheets.” Yet banks, insurers, and asset managers are in the early stages of taking full advantage of data. As technology and technological transformation expand institutions’ ability to profit from data, it ushers in new vulnerabilities. Protecting data remains among the most pressing issues facing financial institutions. As one director observed, “Security is the foundation of the business. Whether it is holding your money in the best vault or providing promised aid during difficult times, financial institutions are premised on trust and security.” New regulations provide greater access to third parties and increase compliance risk around violating customer privacy. Directors are working hard to keep up with rapid developments in the field. 

Governance of data is undoubtedly a board level issue, with significant implications for strategy, business model, IT architecture, and capital investment, as well as assurance, reporting, and management structures. On October 11–12 2017, leaders and regulators of major institutions in banking, insurance, and asset management met in New York for the Financial Services Leadership Summit, an event that brings together the Bank Governance Leadership Network (BGLN) with the Insurance Governance Leadership Network (IGLN). This ViewPoints synthesizes the discussions in preparation for, during, and following the summit. It is organized in the following sections:

  • Financial institutions need a strategic approach to data governance (pages 3–14). Exploiting institutions’ vast data collections is increasingly important to their competitiveness. New regulations are raising the stakes for data management, particularly with regards to privacy and security. Data governance is an increasingly strategic issue for boards. 

  • Emerging technology will shape the value and use of information assets (pages 15–23). Technology is expanding the information that financial institutions can access, but also making more information available to others outside the sector. Technologies like artificial intelligence, distributed ledgers, and process automation could have a profound impact on workforces, business models, and competition in financial services. 

  • Cyber risk continues to grow as risk management and governance try to catch up (pages 24–39). Cyber risk is not new, but it continues to grow and the nature of the risk changes quickly. The consequences of a major breach could carry massive direct costs, and potentially even worse indirect costs, including reputational damage. Boards are under pressure to be sure that cyber risk is being effectively managed in their institutions. Risk managers and directors are making progress toward better cyber governance, but it remains a challenging objective.