Financial services firms confront unique problems regarding safeguarding client data, ensuring compliance with numerous legislation, and proactively managing their data to limit risk and improve business outcomes.
FREMONT, CA: Financial services firms are subject to a plethora of restrictions. They must adhere to continually changing rules imposed by the various US and international regulatory organizations and adequately maintain, safeguard, and report on their data.
Complicating issues, the data that is governed differs by law. Specific regulations place a premium on nonpublic personal data (NPD), while others place a premium on material nonpublic information (MNPI), personal information (PI), and sensitive personal information (SPI), among others. While the data they include are similar, the way, each rule defines that data varies.
The most significant rules confronting financial firms include—but are not limited to—the following:
Know Your Customer / Anti-Money Laundering (KYC / AML)
[vendor_logo_first]KYC criteria are included in a bank's broader Anti-Money Laundering (AML) policy—requires experts to verify the identity, appropriateness, and risks associated with establishing a business relationship.
Comprehensive Capital Analysis and Review (CCAR)
CCAR is a regulatory framework established by the Federal Reserve in the United States to evaluate, regulate, and supervise significant banks and financial organizations—commonly referred to as bank holding companies (BHCs).
Basel Committee on Banking Supervision (BCBS 239)
BCBS 239 is a standard that aims to strengthen banks' risk data aggregation and internal risk reporting capabilities.
California Consumer Privacy Act (CCPA)
The CCPA is a state act that strengthens consumer privacy rights and safeguards for California citizens. It applies to all businesses doing business in the state. For financial institutions, it defines a more extensive definition of personal information than the NPI, restricts the purpose for which personal information may be used, and establishes a private right of action.
While these standards vary in scope, they all share a fundamental goal: minimizing risk and safeguarding regulated data. They want financial institutions to classify sensitive and personal data and drill down into the data for a more acceptable level of granularity. These companies require insight into regulated data to report on and assess their data practices and take proactive measures to secure the sensitive, personal, and customer data they gather and process.
The key to meeting various and layered regulatory requirements is to understand the data: it is vital to detect, identify, and classify all regulated data throughout an organization's complete data environment to comply with regulatory requirements.
