Financial services providers recognize data as an asset that increasing needs protection via robust data governance and controls across their organization and through to third parties. Data is constantly collected, monitored, used, and shared though it is the quality of the data and its ethical uses that are key to protecting proprietary, operational, and customer information. Continued data breaches and data sharing incidents are influencing public and regulatory expectations for increasingly stringent data privacy and security requirements ensuring public policy and enforcement will continue at the local, federal, and global levels.
— Technology advances allow for more granular data classifications that permit tracking for sourcing, retention, access, use, and disposal via business functions and third-party relationships
— Dependence on third-party vendors for rapid deployment or scalability of technology applications can give rise to governance and accountability risks
— To keep pace with evolving technology, regulators expect cybersecurity strategies to be forward-looking and to address data protection, cloud security, threat simulations, and a layering of solutions.
— Public policies and regulatory supervision and enforcement are focusing on strong data governance and controls, including KYC, suspicious activity, and fraud while customers focus on ownership and control, including collection, storage, use, disposal, and portability
— Some organizations, independent of regulatory requirements, are reconsidering policies regarding opt-in and opt-out procedures, the scope of data to be collected, how and by whom it is accessed, and how it will be used or shared
— The push toward faster payments reduces the time available to detect fraud and suspicious transactions, potentially compromising data privacy/security and financial crimes compliance and increasing the need for strong third party risk management
— Technology leveraging biometric authentication (i.e., fingerprint, face features, heart rate) may assist in establishing a more secure payments environment but may also carry new privacy and data security risks
— Organizations must understand the source and content of data used to personalize customer experience, including data derived from social media sources or AI data sets, to proactively address unintended bias and reputation or strategic risk and abroad
— Increasingly, brands are differentiating based on transparency of data collection and use
— The threat of cyber-attacks is global in scope and can be motivated by theft, destruction, or disruption of proprietary or consumer data
— Increased awareness, governance and reporting of reputational and third party risks in data privacy and data protection will influence business model, process and automation changes
— Data-reliant technologies, including AI and robotics, as well as relationships with third-party technology providers such as cloud servicers are increasing cost and process efficiencies
© 2021 R.G. Manabat & Co., a Philippine partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.