Wealth Access Report FINAL - Flipbook - Page 18
MANAGING DATA RISKS WITH GOVERNANCE
By: Kiah Lau Haslett
Financial institutions are used to the risks that come with keeping
their data secure. But how do those risks change when they want
to use or share that data?
While data analytics can help financial institutions grow customer relationships and improve
profitability, executives must manage a number of
risks and complications these initiatives create.
nance committee oversees ownership, quality, validation pro-
Banks and credit unions should already be following existing
use the data, says Arjun Sud, a principal at audit and con-
regulations and laws that govern how to secure their data.
sulting firm RSM US. It’s important to have representatives
However, data analytics carries compliance concerns, such as
on the committee from beyond the information technology
cybersecurity configurations and access considerations.
group, including from the groups that are familiar with the
cess, definitions and standards, among other issues.
These councils or committees should meet at least quarterly
and include leaders from the various business units that will
data and will use it for analytics. That gives the committee a
Failure to properly maintain data security and privacy can
holistic perspective.
lead to cybersecurity breaches, which can have financial and
reputational consequences. Capital One Financial Corp.’s
One important area for data governance committees to
2019 data breach impacted approximately 106 million indi-
address is risks that stem from unclear data ownership, says
viduals in the United States and Canada and stemmed from
Wayne Gniewkowski, a principal in Crowe’s financial services
a vulnerability in its cloud firewall configuration. The bank
consulting practice who focuses on business process, risk and
received several enforcement actions related to the incident;
controls. This means locating where all data is stored and
it was fined $80 million by bank regulators and settled
then assigning responsibility for, and control of, that data to
with consumers for $190 million. More recently, hackers
a business unit. Sometimes these assignments and locations
breached more than 100 companies’ data stored by the ana-
are obvious; sometimes they are not, especially if multiple
lytics firm Snowflake through a third party, in part because
groups use that data. Those determinations help the insti-
those companies didn’t have multifactor authentication on
tution set appropriate access controls and security around
their accounts.
the data, including limits on who can edit the data to keep
quality high as the institution moves to the data scrubbing
In addition to security, executives need to oversee the pro-
and validation stage.
cess to clean, validate, store and leverage their institution’s
information. Using bad data can cause mistakes and have
“We have to evaluate and assign risk, implement controls
negative consequences. All of this makes governance a
and establish processes to clean the data — after we know
massive part of overseeing and managing the risks that can
where it’s at, who owns it and who has access to it and how
come with these projects.
it is used,” Gniewkowski says.
The data governance committee at Jovia Financial Federal
Credit Union in Westbury, New York, meets monthly to
How a Data Governance Committee Functions
One way institutions can fulfill these governance needs is with
a council or committee that discusses issues and decides as
a group how the institution will oversee data. A data gover-
16 | FINXTECH INTELLIGENCE REPORT
discuss data quality issues, says Dennis Klemenz, chief technology officer at the $4.5 billion asset institution. He says
the group is responsible for determining data quality for the
institution, and that shared consensus helps stakeholders and
