The Secrets of Highly Regulated Data-driven Financial Institutions

  • Richard Geering, VP of Financial Services and Insurance at Immuta

  • 19.08.2022 02:30 pm
  • #data

The adoption of cloud technology in the financial services industry has accelerated in recent years as firms seek to become more flexible,adaptable, and capable of delivering digital services to meet customer needs and facilitate remote work. In 2021, the European Cloud User Coalition (ECUC), consisting of some of the continent’s biggest banks, was formed to accelerate the adoption of off-premises technologies in financial services.

Today, those data-driven firms are using the cloud to harness vast quantities of information to guide the development of differentiated financial products in a highly competitive market. The cloud has also enabled banks through increased visibility for risk management assessments, which in turn allows them to adjust business decisions, and combat fraud and money laundering.

With the ability to harness data to better understand the business, its future performance, opportunities, and risks, financial services leaders said that increased future revenues (62%) and improved future profitability (52%) were their main reasons for deploying cloud technologies, according to an analysis made earlier this year of a Wipro FullStride Cloud Services study conducted by Capco.

As financial institutions feel the increasing pressure to reduce costs, become more agile in responding to customer requirements, and meet emerging regulatory expectations, the ability to access and extract data’s value plays a key role in driving business revenue. Doing so requires more than just the adoption of a cloud platform. Once data - whether sensitive or generic - has been transferred to the cloud, organisations need to ensure it is adequately protected; providing the right access at the right time, as well as effectively securing it to abide by a growing number of regulations.

Financial institutions already face the increasing burden of regulatory reporting and the need to comply with European Central Bank (ECB) finance and risk reporting regulations, which require granular data. On top of that, the global nature of cloud infrastructure adds to the need to meet regional data sovereignty requirements such as GDPR, alongside strict privacy laws in the US, like the CCPA. Financial institutions need to consider the compliance and regulatory requirements relating to the location of their data, and the regions where the data is transferred and stored or processed. As more users, data sources, and tools are added, the complexity of data access intensifies - further exposing the data to risk.  

Despite this, organisations that are highly regulated are actually more likely to be data-driven, according to the results of a survey conducted by S&P Global’s 451 Research and Immuta.

So, what are their secrets?

The survey found that highly-regulated organisations often have more efficient data tooling and processes than those that are not, to ensure that compliance and data access complexity is not a hurdle.

When subject to data privacy and data protection regulations, financial services firms are also more likely to have a cloud-first strategy and a dedicated data engineering team to provide self-service analytics, resulting in fewer challenges with data access and use.

The research shows that common assumptions about regulated organisations — such as that they are laggards or less effective at leveraging data — simply aren’t true. Instead, they typically stand out for their leadership in a number of important areas.

What highly regulated organisations do differently

 1. A cloud-first or cloud-forward strategy

One important distinction between regulated and unregulated organisations is that the former tend to see data as more important to their decision-making than their unregulated counterparts. In fact, 75% of survey respondents from regulated organisations reported that data would become more important to their decision-making over the next 24 months, versus just 51% of respondents at non-regulated organisations. When data is central to decision-making, it’s easy to see why regulated organisations prioritise a cloud-first or cloud-forward strategy.

Correspondingly, respondents from regulated organisations generally reported that their organisation had either a cloud-first (31%) or a cloud-forward (45%) adoption strategy. By contrast, those from non-regulated organisations were much more likely to have a cloud-conservative (46%) or cloud-sceptic (9%) strategy.

Financial services leadership teams are also more likely to have articulated a clear vision and roadmap for adopting cloud data management technologies, helping to ensure that the appropriate resources and attention are given to data initiatives.

By embracing the cloud, regulated organisations can be more flexible and reliable, lower costs, and deliver better outcomes. That includes achieving tangible ROI from their data supply chain and data leverage practices.

The survey results help confirm that the old notion of regulated companies tending to shy away from cloud technologies is simply out-of-step with reality. In fact, many are making substantial progress on this front and reaping cloud adoption’s numerous benefits in the process - including boosts in revenue. Almost all financial services institutions surveyed by Wipro reported an average gain of around 4% over three years, although about a third of firms anticipate revenue increases of up to approximately 15%.

 2. A consistent approach to data management and access control

With organisations increasingly adopting multiple cloud data platforms, maintaining consistent cross-platform data access governance is a challenge that many fail to anticipate. In the aforementioned survey, nearly two-thirds (65%) of respondents from non-regulated organisations either ‘somewhat’ or ‘completely’ agreed that their organisation faces challenges in the consistent administration of data access and use. Among regulated organisations, however, that number dropped to 47%.

Simply put, regulated organisations are more likely to adopt agile and automated approaches to data management, while consistently delivering the relevant data needed to support these self-service models. This automated approach helps to eliminate lots of manual effort and the maintenance burden of managing access and privacy controls for different roles across the organisation. It unifies and enforces policy across cloud platforms to ensure the right people get access to the right data faster, whilst at the same time complying with rules and regulations.

Collectively, these benefits contribute to many regulated organisations’ long-term success relative to unregulated businesses, by allowing them to be more agile and efficient. With an automated data access platform, teams can accelerate access to data, giving them the ability to make important business decisions quicker. In contrast, with manual approaches employees may have to wait as long as two weeks to get sight of the data they’ve requested - by which time it's too late for that data to help them do their job better.

Organisations that have a consistent approach to data management and access control are able to increase their security and compliance, while extracting greater value from their data.

 3. A dedicated data engineering function

Regulated organisations have an advantage with data engineering, which is a critical function for policy management and enforcement. While respondents from regulated and non-regulated organisations reported having a dedicated data scientist or data science team at similar rates, those from regulated organisations were over 10% more likely to say that their organisation also has a dedicated data engineering team. A dedicated data engineering function is important for scaling a business because data engineers are able to increase data pipeline throughput, automate data compliance and auditing, and ensure that an organisation’s data is secure both when it’s in motion and when it’s at rest.

What this finding suggests is that regulated firms are more likely to formally invest resources in the data supply side of the equation, which is critical to closing the growing gap in many organisations’ data supply chains.

 4. Self-service data access

Although self-service technology usage rates are still low overall, regulated organisations are better suited to support these models of consumption. More than half (54%) of respondents from regulated organisations indicated that their firm uses self-service analytics or visualisation technology, while only 35% of respondents from non-regulated organisations said the same.

The fact is that regulatory requirements often force functions of data security and governance, such as consistent data access control, which can facilitate safer data automation and more responsible self-service analytics. Ironically, organisations without a regulatory impetus can lag in these and other areas, particularly if they lack a clear cloud data strategy.

People often incorrectly assume that highly regulated companies are at a disadvantage. Yet, as we’ve seen, organisations that have to comply with an array of regulatory requirements are, in fact, often better prepared to use their data to achieve better business outcomes. They stress the importance of a data security, governance, and compliance-first strategy, which can lead to better data analytics, decision making, and operations support - thus contributing to overall success.

Related Blogs

Data Compression Strategies
  • 1 year 2 months ago 06:00 am

Other Blogs