What CDOs Can Learn from Recent Regulatory Enforcement Actions
Enforcement Actions Underscore the Need for Data Governance
Financial institutions (FIs) face unprecedented challenges and a volatile economy—effectively managing data is paramount to success. The recent Office of the Comptroller of the Currency (OCC) enforcement actions show the increasing regulatory scrutiny on data governance, and shed light on the lackluster data controls. Deficiencies in data quality and third-party data management were penalized with $460 million in OCC fines in October 2020. In addition, the Consumer Financial Protection Bureau (CFPB) identified data-mapping errors as a root cause for a Regulation Z violation, resulting in inaccurate billing. Mature and comprehensive data management capabilities can pave the way for advanced analytics, help to reduce data risks, and minimize the likelihood of regulatory findings and penalties.
Data Governance Improving,
but gaps remain
FIs have invested significant resources to manage their data assets. Many have made impressive progress, but as recent regulatory enforcements have shown, there is still work to be done as technology and data usage accelerates in a digital world.
Data is vulnerable at each stage of the data life cycle. The complexity of data management and risk of security and privacy breaches increase with each new data source, each new individual helping to manage data, or an external data provider not adequately vetted. As data leaders, chief data officers (CDOs) and chief information security officers (CISOs) should identify and act upon the early warning signs of fractures in the data life cycle, some of which include:
1. Enterprise-level data governance structures that do not include representation from key functional areas, such as IT, cybersecurity, and privacy.
2. Data and security policies, standards, processes, and procedures are either not clear or not known throughout the organization.
3. Lack of key performance indicators and key risk indicators to effectively monitor, identify, mitigate, and remediate data issues.
4. Delays and inefficiencies in executing critical activities
across the data life cycle—especially handoffs between one team and another.
5. Data consumers routinely complain about poor data quality.
Making Data Work for - Not Against - You
For FIs to effectively manage their data assets, CDOs CIOs and CISOs should work in tandem to create a risk-based, proactive, and collaborative approach to managing data across the data life cycle. Here are some steps to start to more effectively manage your data as assets:
- Conduct a detailed review of the data, cybersecurity, and privacy policies, processes, and procedures used to support data life cycle activities with a keen focus on handoffs between different teams and address any gaps/issues.
- Identify and fix the voids in the existing data governance program—if one exists. Otherwise, establish an enterprise data governance program that puts governance in action.
- Establish key risk indicators to provide early warning indicators across the data life cycle.
- If using a third party for any of the stages, you should have a certification process to determine their competencies in data protection and privacy before allowing them access to your data.
We built DATALOGIQ 360 for the problems we faced as a data team ourselves. And from our learnings, we wrote a mission to guide everything we do at DATALOGIQ 360.
