Tackling the compliance beast in a new era of regulation-Magazine
Iain Chidgey, GM of international operations at Delphix pinpoints the hurdles hampering compliance in an era of regulatory revolution and proposes actions to effect change
The financial services industry is experiencing the largest regulatory transformation since its inception. Only last week, President Trump indicated that huge changes to Dodd Frank are to come.
Yet, in the face of this revolution, firms are scrambling to keep pace with the growing and changing body of regulations and navigate the multitude of updates to their reporting applications. They’re also failing to compete with the compliance wrecking ball of time. Brought about by the unplanned nature of ad-hoc reporting, including Anti-Money Laundering (AML) audits, for example – this leaves only a small window of opportunity for staff to source, secure and deliver the data that is required.
Blockages in the road
This complexity has led to two major roadblocks in the road to compliance – data delivery and data security. Our recent research confirms that. Over half (59 per cent) of respondents cited ‘data delivery’ as a number one challenge to their day to day operations, with over a third (38 per cent) claiming that high levels of rework due to poor data quality hinders their capacity to deliver on reporting objectives.
When addressing this challenge, it is critical to understand the make-up of today’s banks and their processes for sourcing data. For example, a modern retail or investment bank is typically a consolidation of multiple companies and thousands of applications. So, when tasked with sourcing data, staff are typically dealing with legacy platforms and data stored in disparate and siloed IT systems, which rely on cumbersome manual processes that hinder agility. This in turn drains valuable resources which should be dedicated to revenue generating activity.
What’s more, the data delivery roadblock is a catalyst for reporting shortcuts that lead to increased data security risk. More specifically, one in five (20 per cent) claim they are forced to use sensitive data that is not fully anonymised as they take increasing risks in order to meet reporting deadlines. This is exacerbated by the forthcoming EU General Data Protection Regulation (GDPR), which will significantly increase punishments for businesses that fail to implement appropriate protection measures. This is forcing firms to pseudonymise all sensitive data – adding another level of complexity and delay to an already slow and manual process.
Alarm bells ringing
Already behind in their ability to demonstrate compliance, banks are looking for ways to improve their agility. Not simply to keep up with evolving regulation, but to compete in a fast-paced market that is characterised by its ability to innovate. To do so, teams need fresh and up-to-date data to work with in reporting application test systems. However, in many cases, it still involves waiting hours, days or even weeks for manual data refreshes to be conducted. This increases the inconsistencies between production and test data, resulting in more errors and more rework. All of this piles on the risk of compliance failure. Additional concerns around the consequences of non-compliance also plague the industry, with large financial penalties, reputational damage and the possibility of losing banking licenses, all significant fears in the failure to meet requirements.
Ticking off the check-list
As copying, moving and securing data for regulatory purposes becomes more difficult than ever, businesses need to consider new ways in which to streamline their operations and reduce the risk of compliance failure. Ultimately, banks must be able to demonstrate to the regulators that the relevant processes and technologies are in place to effectively manage risk. This process needs to start with ensuring that secure data can be delivered on demand, a challenge that can be overcome by inserting a technology called data virtualisation. This virtual data layer removes the roadblocks in traditional data provisioning by automating manual processes and speeding up data delivery. It does this by holding a single continuously updated physical copy of data, and offering up virtual copies via self-service or automation. Data virtualisation shares data in the same way that server virtualisation shares CPU.
Using this approach, banks can deliver multiple complete copies of data in minutes. This allows teams to significantly reduce the time taken to set up testing environments for each new regulation or audit change. As multiple test environments can be created at once, valuable time is saved as compliance managers no longer have to wait to access one shared environment. Additional costs can be achieved too, as only 10 per cent of the storage typically needed, is now required.
Compliance managers no longer have to forego security with this approach, either. For a smooth compliance journey, teams can combine data virtualisation with data masking and automate not only the delivery of the data but also the security. Data masking is a traditional tool used to replace sensitive data with realistic, irreversible dummy data. By combining the two processes, subsequent data masking projects can be eliminated and compliance teams can access full, up-to-date and protected data sets within minutes, not months.
Turning hope into reality
Avoiding banks’ growing list of compliance fears means data agility and security must be a priority for the year ahead. No longer must a new year’s resolution that falls by the wayside, banks take heed of the growing body of regulation that will govern the financial services industry and take steps to drive change. By embracing the technologies and processes that will ensure the consistent availability and quality of their data, banks can meet demand without hampering efficiency or security within the organisation. This in turn will help them to champion a data-first approach to cement their success on the road to compliance and support their growing ambitions for innovation in a competitive market place.
“Original publication in Finance Digest Issue 1 https://www.financedigest.com/