Connect with us

Finance

CISOs IN FINANCE: HOW TO LEAD THE PRIVACY STRATEGY

Published

on

Sophie Chase-Borthwick, Director of Data Ethics and Privacy, Calligo

 

Privacy is essentially just a data security problem, right? Surely, the requirement to act more responsibly with personal and sensitive data equates to protecting it better, encrypting it and preventing hacks and leaks?

 

Many financial businesses assume exactly this, and that data privacy, whether GDPR or California’s new CCPA, is merely an IT security problem. However, it goes far wider than that.

 

For the chief information security officers (CISOs) that have been assigned responsibility for privacy within their organisation, it can often be seen as an unenviable task. Few boards and and executive teams understand the detail of what is required for GDPR adherence or Privacy by Design to assign enough or the right resource to the task.

 

In fact, we regularly hear stories from financial services organisations of all sizes about shoddy approaches to data privacy, especially GDPR, with some assuming that just because they have a data security function, adherence is a given.


However, as an experienced CISO, you will understand that privacy is not as simple as ring-fencing your data. You will appreciate that because GDPR in particular requires the responsible management and use of data, just as much as its responsible protection, that a privacy strategy needs involvement from every part of a financial organisation, including marketing, HR, sales etc.

 

But many businesses did not think like this. Or more accurately, many CISOs were fully aware of the extent of the task, but were not given the time or resource to address it appropriately. Many were forced to focus on the parts they could fix the fastest and the easiest, predominantly technology and data protection, leaving major gaps in processes and people – the two other equally-important pills of adherence.  

 

Others were bending over backwards to cover the basics of the new requirements, but saw their wider security strategies either derailed or delayed in the process, leaving many financial businesses more susceptible to security breaches than they were before. These are real scenarios that we have seen time and again amongst our clients.

 

So, how is it possible to balance data privacy with wider security strategy? Many argued when GDPR came into force that it represented a huge opportunity for those in CISO roles to change the perception of their input and value to a business; from simple data protection to instead safeguarding data across its entire lifecycle.

 

But how can you put this into practice? How can a CISO build the strategy that achieves the immediate data privacy goal, while enhancing – not weakening – wider data security initiatives, and their own standing?

 

Assess your business holistically

There are eight domains that require addressing for a successful privacy strategy: governance and accountability; risk management; security management; third party management; incident management; personal information management; rights of data subjects; and finally, understanding the scope of your organisation as it pertains to the relevant legislation.

The most obvious observation for many CISOs will be that many of these areas are outside their traditional scope. However, they all need equal attention and they are all unavoidably part of the project they are leading. The trick is to not let yourself focus on only the more easily-addressed “home turf” security areas, nor be drawn by the business too far into the non-security areas.

Ask for help

For some, this will be one of the hardest steps – either personally or politically – but it is essential. As mentioned above, there are eight areas that need addressing equally. This means that assistance from experts across the wider business is vital. No one expects a CISO to be well-versed in the legal rights of data subjects, or in how to build a perfect Privacy Policy, but you will need to recruit support from the internal subject matter experts who are, then act as the intermediary between them all, and lead from the front.

Perform a GAP analysis

Before you can even think about aligning your organisation to a privacy strategy, you must identify your baseline and areas of improvement. What are the minimum requirements within each of the eight areas for your business to be in line with the legislation facing you? And, what constitutes particularly robust observance? Finally, where on this spectrum are you aiming for and how does that compare to your current state?  

Present your action plan

The GAP analysis will have provided you with a starting point and a series of non-conformances to address. The next step is to prioritise the remedial tasks required and plan how they will be executed. It is however imperative to demonstrate that the plan is tied to, but not wholly based on, the security strategy. Sales, marketing, HR, IT etc. must all understand that they have equal parts to play, and be equal in their accountability.


Secure wider resource

The final part of the process is to identify the most suitable individuals to assist. This controlled delegation maintains the CISO’s position as the lead on the project, ensures good project management and execution, while also safeguarding the security team’s resources.

 

It’s clear that a privacy strategy is an organisation-wide initiative and encompasses all areas of technology, people and processes. It requires far more than building higher walls around your data, or simply gaining renewed consent from customers. However, it’s important to remember that this will not be widely understood, and given it is commonplace post-GDPR for CISOs to be handed responsibility for privacy, you will need to take the initiative on a whole host of procedures and processes that span your entire enterprise – and may not be within your comfort zone.

However, get it right and you will engender more trust from within your customer base – an important commercial outcome that you can take no small amount of credit for.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

How can businesses boost employee experience for finance professionals?

Published

on

By

By Martin Schirmer, President, Enterprise Service Management, IFS

Over the course of the last year, The Great Resignation has seriously impacted organisations across the globe. Staff are quitting in huge numbers, leaving companies unprepared and struggling to fulfil their workloads. In fact, mass departures are happening at all levels of the labour market, as employees attempt to adapt to the hybrid working model and growing socio-economic uncertainty.

In light of this, optimising the employee experience (EX) to attract and retain talent has become a top priority for employers. Organisations have come to understand the necessity of taking immediate steps to drive employee engagement and reshape workplace culture.

The financial services (FS) industry is no exception to this trend. From increasing employee burnout to growing career dissatisfaction, the pandemic has exacerbated the need for transformation across finance teams. This is exemplified by recent data from Spendesk, which found that approximately 40% of finance professionals are willing to leave their roles or already have concrete plans to do so.

Organisations looking to get ahead of the competition must put in extra efforts to retain their existing workforce. The fact is that employee expectations and requirements have irreversibly changed, with more workforces becoming increasingly distributed. Today’s hyper-connected workforce values flexibility and simplicity, and it is organisations which offer these experiences that will succeed in the long term.

As part of this process, finance companies must look towards the power of technology to create seamless user experiences across devices. From automating workflows to improving overall efficiencies, Enterprise Service Management (ESM) can help organisations to boost user satisfaction and go that extra mile for their employees.

How poor EXs are driving finance teams to quit

With over 40% of employees spending a significant proportion of their time carrying out mundane, manual tasks, it is not surprising that poor EXs are having a detrimental impact on job satisfaction. Finance teams in particular have been slower to digitise core processes, leading to a heavy reliance on manual tasks. This not only increases the amount of time spent on each task, but also impacts the engagement levels of finance professionals who cannot focus on more strategic aspects of their roles.

As a result of the pandemic, flexibility has also moved to the forefront of finance teams’ desires. Given the fast-paced nature of this industry, the conversation surrounding work-life balance has increased rapidly. Failure to offer flexible working policies, coupled with a lack of technology to facilitate this flexibility, has led to poor EXs across the board.

Most notably, the overarching move to omnichannel, digital-first approaches has dramatically reset both customer and employee needs. Finance is the third-slowest running corporate function behind legal and IT. Operating in a competitive environment, 73% of finance operations are facing pressures to speed up, improve efficiency, and prioritise automation.

Mitigating the problem using technology

ESM, an offshoot of IT Service management (ITSM), is the cornerstone of smart digital transformation for organisations. It can help finance teams to streamline and automate routine processes, such as monitoring the status of service requests, approving expenses, sending invoices, and tracking payments. In turn, this will free up employees’ time, reducing the burden of manual tasks and enabling them to focus on the more strategic tasks.

Another advantage ESM can offer finance teams is the ability to adapt to each department’s minimum requirements for data privacy. Accounting, for example, needs additional layers of compliance built into the system.

ESM can also facilitate cross-departmental collaboration, helping finance professionals to communicate with the wider business and perform tasks more effectively.  Organisations can use ESM to incorporate all internal services into a single platform, offering employees a well-rounded view of the business and promoting a sense of community across all levels of an organisation. This will boost productivity, whilst enhancing visibility and control.

Ultimately, the current job landscape has brought with it a new set of challenges. Organisations in the FS industry looking to navigate the storm and retain top talent must refocus their efforts on bolstering the EX. Embracing a new era of technological innovation that empowers employees and boosts engagement is a critical step in this process.

 

Continue Reading

Finance

The penny has dropped – the finance sector needs Data Governance-as-a-Service

Published

on

By

By Michael Queenan, Co-Founder and CEO at Nephos Technologies

 

In our data-driven world, the amount of data is growing exponentially and it’s predicted that the amount generated each second in the financial industry will grow 700% this year. Leaders of financial services organisations have realised two things since the start of the pandemic – that data on their customers and services is their greatest asset and that they must embrace technology to make intelligent business decisions to grow successfully and outperform competitors.

Since the financial sector holds arguably the most valuable and sensitive information, organisations must do more than just store this data. They need to ensure its security, integrity, and governance so that it’s useful in improving the brand’s customer experience, innovating products and services or predicting future trends to improve risk management.

Yet without a robust data governance model – a strong set of rules and processes for what data means, and how it is categorised, owned, accessed, stored, and used – data is worthless. Only when an effective data governance model has been established, will data meet regulations and be secure. Data leaders must shift gear in their data processes to avoid hefty compliance penalties and unlock potential value from their data assets.

 

The data governance challenges faced by financial sector organisations

The barriers for achieving ‘good governance’ are many and varied. Ignorance of the benefits of data governance is a major hurdle for developing a governance strategy. Many financial firms have invested – at significant cost – in data governance tools, but struggle to deliver the benefits they are looking for. Many don’t have the right skills and resources to maximise or set the right metrics to measure the business value. Some are compromised by unoptimised gaps in their approach.

With many different elements to master, data governance is complex – from identifying the right tools to managing the challenges presented by encryption, all whilst ensuring that data quality is sustained and data is managed responsibly.  The negative impact of misplaced investment in ineffective data governance strategies can be significant, for the short and long-term.

 

Why data governance matters

With the acceleration of digital adoption in the financial services industry, it has become crucial to deliver seamless, intelligent customer experiences. Data governance is the key to managing data flow, ensuring compliance, and scaling up. Proof that data governance matters is evident in the Master Data Management Market growth prediction, from $16.7 billion in 2022 to $34.5 billion by 2027.

Data governance is a comprehensive methodology for ensuring the quality and security of the company’s data. The various benefits of an effective data governance strategy include minimised risk, coherent policies, metrics and processes, and better implementation of compliance and enhanced data value. However, for financial services, there are significant advantages as a result of the following:

  • Data governance saves the company money by increasing efficiency. Precious time can be saved by having good quality data and a single source of truth, with less duplication of data, and less time needed to correct data errors.
  • Good data governance gives the business confidence in having accurate and trustworthy data, the holy grail for delivering outperforming customer experiences.
  • A data-driven culture can also be introduced to your business through good data governance. With the ability to gather critical customer and market insights that can guide the direction of your business, data governance allows financial institutions to drive innovation and gain competitive advantage.

 

Bridging the governance gap with Data Governance-as-a-Service (DGaaS)

Increasingly organisations are turning to the ‘as-a-Service’ model to bridge the gaps in their data governance capabilities, as well as ensure critical alignment between objectives and results. This dedicated approach aims to minimise the risk of investments and delivers the strategy and proven technologies required to ensure data governance success.

DGaaS can be applied across each major component required to deliver good data governance. First, it uses software tools to scan all data within a typically complex financial services data infrastructure in its data discovery and classification phase. Without this detailed insight, organisations can’t always identify their data assets, any data mishandling and the level of risk generated.

The next part of the process is creation and documentation. This means organisations can drive their governance objectives through to execution, while removing the operational and recruitment overheads, which means they can purely focus on value created from data. In doing so, organisations can convert the raw outputs from the toolsets into meaningful business outputs.

With a holistic approach, DGaaS allows financial services organisations to focus on the transformational potential of data while critically staying compliant.

 

Reaping the benefits

Data is a vital asset to enable financial sector organisations to build the right capabilities to deliver their services and remain competitive. With a robust data governance model, financial firms can assess risk, predict trends, and seize market opportunities based on data-driven insights. Only data-driven processes, built on high quality and effectively governed data, will enable them to build outstanding customer experiences. It’s essential that leaders realise data governance is a fundamental discipline, not a luxury, and establish an effective model to formalise processes and responsibilities before their data lets them down.

Continue Reading

Magazine

Trending

Business3 days ago

How can businesses boost employee experience for finance professionals?

By Martin Schirmer, President, Enterprise Service Management, IFS Over the course of the last year, The Great Resignation has seriously...

Business4 days ago

CBDCs: the key to transform cross-border payments

Dr. Ruth Wandhöfer, Board Director at RTGS.global   If you work in finance, you’ll have been hearing a lot about...

Business4 days ago

Green growth: The unstoppable rise of climate technology investment

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas,...

Business4 days ago

Bolstering know your customer processes as regulation tightens

Nick Payne, banking services, customer advisory, SAS UK & Ireland, discusses how new technologies allow financial services companies to develop rigorous KYC...

Finance4 days ago

The penny has dropped – the finance sector needs Data Governance-as-a-Service

By Michael Queenan, Co-Founder and CEO at Nephos Technologies   In our data-driven world, the amount of data is growing...

Business4 days ago

Seven tips for financial services brands using mail

By Cameron Russell, Head of Marketing at Marketreach   Customer experience (CX) is a powerful differentiator for modern brands. If...

Top 104 days ago

Turn the data landfill into an insight goldmine

Andrew Watson, CTO, MHR Today, businesses have access to a wealth of data, with vast amounts of information created daily....

Business4 days ago

A Culture of Cyber Security Throughout Financial Services Organisations

Michael Cantor, CIO, Park Place Technologies Financial Services organisations have long been a top target for cyber-attacks given both the...

Business6 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business6 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business6 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business7 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking1 week ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking1 week ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 102 weeks ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business2 weeks ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking2 weeks ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking2 weeks ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology2 weeks ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...

Trending