New and more prescriptive privacy and other data-related regulations are elevating data governance to a strategic asset for organizations in all sectors. Data governance can no longer remain confined to a back-end IT operation.
As the data-rich financial services sector is now moving fast towards more profound digitization of financial products and services, data governance should be prominent in the executive agenda. The imperative for sound data governance will continue to persist with the introduction of new regulations on data sharing and artificial intelligence.
The foundation for sustainable data privacy compliance
Today, financial services institutions must navigate privacy rules in most countries where they operate. Following the adoption of the General Data Protection Regulation (GDPR) in Europe in 2018, many countries around the world have introduced personal data protection laws or amended existing laws to match the GDPR standard.
The ASEAN region has seen new privacy requirements in numerous countries including Vietnam, Indonesia, the Philippines and Malaysia. Notably Thailand’s first-ever data protection law came into effect in May 2020. The Personal Data Protection Act (PDPA) brings Thailand in line with international privacy standards. It is expected to be fully implemented and become enforceable by June 2021.
Singapore also launched recently a major consultation on proposed amendments to both the Personal Data Protection Act (PDPA) and to the Spam Control Act (SCA). With the introduction of mandatory data breach notification requirements, reviewed rules on individuals’ consent and a new obligation around data portability, the government and data protection regulator aim to strengthen further Singapore’s digital economy by enhancing public trust and business competitiveness.
Whilst all these new laws may be based on common principles and many of them are modelled on the GDPR, the nuances and varied requirements in each country create a complex regulatory environment for organizations that operate across borders. The recent increase of damaging and sophisticated data breaches in Southeast Asia adds to the challenges for businesses in the region.
In Singapore, emerging digital banks continue to be fined for repeated violations exposing the personal data of thousands of users. With the threat of considerable fines, organisations must strive to increase data security measures and develop effective privacy-by-design policies. But it is the even costlier reputation damage in an increasingly competitive environment for banks and finance companies that elevates data breaches to one of the most important business risks.
In practice, data privacy requires robust data governance. Operational obligations set out in data protection laws, relating, for example, to understanding and documenting data flows, ensuring data quality, controlling data access and introducing data retention policies are typical for any data governance project. Furthermore, the successful management of individuals’ rights set out in privacy laws is based on data governance policies that enable a single view of the customer and the ability to manage complex data-related queries often across multiple systems and geographies.
Data privacy compliance can be a heavy lift for companies of all sizes. If it is designed on strong data governance foundations, the investment pays off through increased customer trust and competitiveness in the market.
The advent of new regulation on data and artificial intelligence
Data-related regulation has been a focus for legislators worldwide driven by the digitization of our economy and the quick pace of technology innovation. Policymakers are aiming to modernize legal frameworks in order to enable growth through data innovation while building individuals’ trust in new technologies.
The ASEAN Digital Data Governance Framework has been encouraging policy initiatives on data classification, cross-border data flows, data privacy and data security. Similarly, Europe recently announced its Data Strategy to further strengthen legal requirements around data sharing and access. At the same time, Europe is developing legislation to promote trustworthy artificial intelligence (AI). In response, a number of countries may introduce tighter rules on how to develop and use AI responsibly. In this frame, Singapore’s Model AI Governance Framework has provided thought-leadership at global level.
The financial services sector is no stranger to heavy and prescriptive regulation. It should therefore be well-equipped to comply with a more regulated data market in terms of culture and policies in place. With the right approach and the data governance tools that are necessary to help operationalize new requirements, financial institutions will also remain competitive in a market of more empowered and technology-savvy consumers.
A strategic asset for digital finance
The digitization of the economy has had a profound impact on financial products and services. Traditional financial institutions have had to compete with new actors in offering choice and agility to an ever more demanding clientele. Singapore has spearheaded this global trend with the liberalisation of the banking sector and the open banking initiative led by the Monetary Authority of Singapore (MAS).
Regulators in other regions are also supporting the accelerated digital transformation of financial services with initiatives that aim to protect consumers, ensure market efficiency and stimulate data-driven innovation and competition. Europe’s new Strategy for Digital Finance, for example, includes an impressive body of legislative proposals to promote data sharing within the financial sector. These include a legislative proposal for a new open finance framework that will add to broader data access initiatives as well as the creation of a new strategy on supervisory data.
Related initiatives are the creation of an interoperable cross-border framework for digital identities that will harmonize rules on customer onboarding and a new regulatory framework to strengthen digital operational resilience in financial services. Europe is currently also developing regulatory and supervisory guidance on the use of AI applications specifically in financial services.
Financial institutions have relied on digital technology to manage the vast amounts of data they need to process and analyze in their daily operations. Today, financial institutions are becoming pioneers in digital services that are secure, resilient, consumer-friendly and compliant with applicable laws often exceeding customer expectations and regulatory requirements.
The emerging digital financial sector requires strong data governance foundations that can support continued, long-term innovation as well as compliance with increasingly more prescriptive laws about how data should be analyzed, protected and shared. The value derived from the investment financial institutions will make today to drive their digital strategies with the essential foundation of solid data governance, is likely to last longer than one lifetime.
For more on this topic, register now for this webinar: Data Governance -- the key to compete in a digitized financial services market.
Editor's note: This article first appeared in The Business Times, Nov. 2020.