Data Governance in Financial Industries

The pace of change for data-driven business is increasing, with the financial services industry under particular pressure. For banks, mortgage companies, credit card, insurance, and similar companies, data governance must be done right.

Consumer trust is waning across the board, and after several high-profile data breaches, confidence in the way in which businesses handle and process data is lower still.

The most significant advantage of data governance for financial services is making quality and reliable data readily available to the right people, so that the right decisions can be made faster. Good Data Governance also helps these companies better capitalize on revenue opportunities, solve customer issues, and identify fraud while improving the standard for reporting on such data.

Implications of Regulations for Data Governance

Regulators worldwide have enforced new rules and strengthened old ones. Companies that want to keep their houses in order are under pressure to understand and comply with those rules. For instance, a strict regulatory environment has led to the introduction of new organizational roles, such as the Chief Data Officer and the Data Protection Officer. The new data management technologies are coming up to assist businesses to know their data assets and have greater control of the data they gather and report to regulators.

Below are five regulations that have the most significant implications for data governance within the financial services industry.


The Basel Committee on banking supervision rolled out BASEL III, its 3rd set of regulator frameworks on capital and liquidity in 2010 and is in the process of preparing an updated Basel IV which will probably require higher capital requirements and increased financial disclosure. Basel III and IV share equivalent goals to Dodd-Frank in that they seek to ensure banks have sufficient capital on hand to survive significant financial losses, although they differ in the amounts required. The rules establish many rules such as Capital-to-Assets Ratio (CAR), Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR) requirements. Financial service companies again must step up their data reporting and risk management capabilities.

2. Comprehensive Capital Analysis and Review (CCAR)

Triggered by the financial crisis, under the patronage of the Federal Reserve, CCAR mandates extensive reporting be conducted annually. Comprehensive Capital Analysis and Review (CCAR) needs banks to perform “stress tests” that show that they can handle the situation if they were to face the similar kind of financial challenges experienced during the Great Recession. Banks then need to report the findings of those tests to regulators.

3. Dodd-Frank WallStreet Reform and Consumer Protection Act

Dodd-Frank Act is complicated legislation passed in response to the financial crisis. Its motive was to promote the financial stability of the United States by improving responsibility and transparency in the financial system. The law applied standards to limit risk-taking, increase data transparency and improve the efficiency with which data is accumulated and reported to regulators.

4. General Data Protection Regulation (GDPR)

GDPR imposes new punishments for businesses that do not comply with its cross-border data transfer requirements and fines up to 20 million Euros ($23.5 million) or four percent of the company’s total yearly worldwide revenue, whichever is higher. It is just one way in which GDPR seeks to strengthen data protection for EU residents. It puts a greater burden on financial services companies to understand the data they collect and transmit. It also affects banks outside of Europe. Banks with customers in Europe must also comply. Customers of the banks will need to provide explicit consent for data collection, and banks will require to disclose data breaches within 72 hours and wipe customers’ data after a specified period.

5. USA Patriot Act

An older and wide-ranging law concentrated heavily on averting terrorism. The Patriot Act also includes specific regulatory responsibilities on financial services companies to stop money laundering and to report and classify international transactions. Suspicious transactions need to be communicated to regulators, and banks have to recognize individuals opening new accounts who meet specific criteria, for example controlling 25 percent or more of a legal entity.


Some of these regulations overlap in terms in their substance and reporting requirements. For instance, Basel III and Dodd-Frank both attempt to augment bank capital and liquidity requirements, even if the method may vary. Each regulation has the same overall impact, in that they enforce a significant burden on businesses in how they examine and report their risk exposure.

The responsibility flows down to the IT department, which must look for ways to collate and understand sensitive corporate data. Speed is crucial as companies have a limited amount of time to search, interpret and report the required information. Nevertheless, they cannot sacrifice data quality, because mistakes in reporting can lead to costly re-work or even costly compliance penalties.

Royal Cyber:

Royal Cyber team has extensive experience in Data Governance and can help you meet the new regulatory requirements. For more information on our data governance services, check the below link

Leave a Reply