Mark Davies, General Manager, Avox
In today’s highly interconnected, digital environment, where sensitive client data can be accessed and shared in just a matter of seconds, information security breaches and cyber threats have emerged as the top challenges for firms, their client relationships, and ultimately their businesses’ bottom lines. For data and service providers alike, being able to mitigate these types of risks has called for advances in the secure provision of data and operation of technology to ensure that the services that firms rely on for their risk management and regulatory reporting are of the highest quality. So what should companies be asking of their data providers and what is being done?
There is no shortage of mainstream news reporting on serious cyber attacks and information security breaches. One needs only look to the recent experience of a major telecoms provider whose customer bank details and personal information had been compromised to realise how all too common these types of incidence(s) are. And, unsurprisingly, the financial industry hasn’t remained immune. According to DTCC’s annual systemic barometer risk survey of more than 250 market participants, cyber risk was the number one concern, with a record 46% of respondents citing it as the single biggest risk to the broader economy and 80% of respondents citing it as a top five risk.
In today’s cost conscious environment, financial institutions increasingly rely on third party systems in order to provide many of their digital services, whether it is external data feeds, cloud, managed or outsourced services. But relying on the provision of these services can, undoubtedly, put these same firms’ own internal systems and data at risk. Nowhere is this more evident than in the reference data management space.
As a result, the way financial institutions are engaging with their data providers is changing. It is now commonplace during RFP and vendor procurement processes for firms to request detailed information about how their client data will be managed, stored and secured, information that is absolutely crucial in any contract negotiation. Without it, providers would simply fall at the first hurdle. Furthermore many banks will expect there to be full automation with no human interaction whatsoever when it comes to managing their client lists before they are reviewed by data analysts, and in some cases these expectations will also extend beyond technology into the physical security controls of the operations environment.
In fact, due to the expanding scope and volume of financial regulation across the globe, we are seeing an increasing number of firms with an appetite to outsource their data management processes in an effort to reduce costs and increase operating efficiencies. It is not a new approach for firms to supplement internal legal entity data capture processes by using research and data mining exercises carried out by third party providers. This is a common scenario to help maintain golden copy data against the vast amount of change to company information, classifications and identifiers.
But getting the right answer is not enough, there are a multitude of inter-dependencies and hand-offs to be sensitively managed to process and feed that clean information back into the firms’ internal systems. Has a name change resulted in identification of a duplicate booking account? Does a merger mean that two existing credit limits need to be consolidated? Does a change of address change the risk profile of a client?
In an increasingly competitive environment, where firms are looking to leverage technology and automated data provision as a means to more efficiently service and do business with their clients, there is a growing acknowledgement that this is not a race to the bottom.
The ability to prevent client data breaches and technology malfunctions as a result of cyber attacks is paramount and, undoubtedly, should be at the forefront of firms’ minds as they rely on outsourced providers to manage their client onboarding and data management processes.
This article first appeared in Future & Options World on December 10.