Close

HEADLINES

Headlines published in the last 30 days are listed on SLW.

Data governance a renewed imperative for competitive digital financial institutions

Data governance a renewed imperative for competitive digital financial institutions

Source: Business Times
Article Date: 10 Nov 2020
Author: Kalliopi Spyridaki

Data-related regulation has been a focus for legislators worldwide, a trend driven by the digitisation of the economy and the quick pace of tech innovation.

New and more prescriptive privacy and other data-related regulations are elevating data governance to a strategic asset for organisations in all sectors. Data governance can no longer remain confined to a back-end IT operation.

As the data-rich financial-services sector digitises more of its financial products and services, data governance should be prominent in the executive agenda. The imperative for sound data governance will continue to persist with the introduction of new regulations on data sharing and artificial intelligence.

Foundation for sustainable data privacy compliance

Today, financial-services institutions must navigate privacy rules in most countries where they operate. Following the adoption of the General Data Protection Regulation (GDPR) in Europe in 2018, many countries around the world have introduced personal data protection laws or amended existing laws to match the GDPR standard.

The Asean region has seen new privacy requirements in numerous countries, including in Vietnam, Indonesia, the Philippines and Malaysia.

Notably, Thailand's first data protection law came into effect in May 2020. The Personal Data Protection Act (PDPA) brings the kingdom in line with international privacy standards. It is expected to be fully implemented and become enforceable by June 2021.

Singapore also recently launched a major consultation on proposed amendments to both the Personal Data Protection Act (PDPA) and to the Spam Control Act (SCA). With the introduction of mandatory data-breach notification requirements, reviewed rules on individuals' consent and a new obligation around data portability, the government and data protection regulator aim to strengthen further Singapore's digital economy by enhancing public trust and business competitiveness.

While all these new laws may be based on common principles and many of them are modelled on the GDPR, the nuances and varied requirements in each country create a complex regulatory environment for organisations that operate across borders. The recent increase of damaging and sophisticated data breaches in South-east Asia adds to the challenges for businesses in the region.

In Singapore, emerging digital banks continue to be fined for repeated violations that expose the personal data of thousands of users. With the threat of considerable fines, organisations must strive to increase data security measures and develop effective privacy-by-design policies.

But it is the even costlier reputation damage in an increasingly competitive environment for banks and finance companies that elevates data breaches to one of the most important business risks.

In practice, data privacy requires robust data governance. Operational obligations set out in data-protection laws, relating, for example, to understanding and documenting data flows, ensuring data quality, controlling data access and introducing data retention policies are typical for any data-governance project. Furthermore, the successful management of individuals' rights set out in privacy laws is based on data-governance policies that enable a single view of the customer and the ability to manage complex data-related queries, often across multiple systems and geographies.

Data-privacy compliance can be a heavy lift for companies of all sizes. If it is designed on strong data-governance foundations, the investment pays off in increased customer trust and competitiveness in the market.

Advent of new regulation on data and artificial intelligence

Data-related regulation has been a focus for legislators worldwide, driven by the digitisation of our economy and the quick pace of technology innovation. Policymakers are aiming to modernise legal frameworks in order to enable growth through data innovation while building individuals' trust in new technologies.

The Asean Digital Data Governance Framework has been encouraging policy initiatives on data classification, cross-border data flows, data privacy and data security. Similarly, Europe recently announced its Data Strategy to further strengthen legal requirements around data sharing and access. At the same time, Europe is developing legislation to promote trustworthy artificial intelligence (AI). In response, a number of countries may introduce tighter rules on how to develop and use AI responsibly. In this arena, Singapore's Model AI Governance Framework has provided thought-leadership at global level.

The financial-services sector is no stranger to heavy and prescriptive regulation. It should therefore be well equipped to comply with a more regulated data market in terms of culture and policies in place. With the right approach and the data-governance tools that are necessary to help operationalise new requirements, financial institutions will remain competitive in a market of more empowered and technology-savvy consumers.

A strategic asset for digital finance

The digitisation of the economy has had a profound impact on financial products and services. Traditional financial institutions have had to compete with new actors in offering choice and agility to an ever more demanding clientele. Singapore has spearheaded this global trend with the liberalisation of the banking sector and the open banking initiative led by the Monetary Authority of Singapore (MAS).

Regulators in other regions are also supporting the accelerated digital transformation of financial services, with initiatives that aim to protect consumers, ensure market efficiency and stimulate data-driven innovation and competition. Europe's new Strategy for Digital Finance, for example, includes an impressive body of legislative proposals to promote data-sharing within the financial sector. These include a legislative proposal for an open finance framework that will add to broader data-access initiatives as well as the creation of a new strategy on supervisory data.

Related initiatives are the creation of an interoperable cross-border framework for digital identities that will harmonise rules on customer on-boarding and a new regulatory framework to strengthen digital operational resilience in financial services. Europe is currently also developing regulatory and supervisory guidance on the use of AI applications specifically in financial services.

Financial institutions have relied on digital technology to manage the vast amounts of data they need to process and analyse in their daily operations. Today, they are becoming pioneers in digital services that are secure, resilient, consumer-friendly and compliant with applicable laws, often exceeding customer expectations and regulatory requirements.

The emerging digital financial sector requires strong data-governance foundations that can support continued, long-term innovation as well as comply with increasingly more prescriptive laws about how data should be analysed, protected and shared.

The value derived from the investment financial institutions will make today, to drive their digital strategies with the essential foundation of solid data governance, is likely to last longer than one lifetime.

  • The writer is chief privacy strategist, Europe and the Asia-Pacific, of SAS

Source: Business Times © Singapore Press Holdings Ltd. Permission required for reproduction.

Print
1384

Latest Headlines

No content

A problem occurred while loading content.

Previous Next

Terms Of UsePrivacy StatementCopyright 2020 by Singapore Academy of Law
Back To Top