You wouldn’t drink milk if it was five days past its sell-by date. You wouldn’t buy a computer in 2017 running Windows 98. Would you use data that you know is bad, incomplete or outdated? Rishi Dave, CMO at Dun & Bradstreet talks to Finance Monthly about the impact of using bad data, and what makes it bad.
Clearly, the answer here is a resounding no. Yet it seems this is common practice for many enterprises; in 2016, poor quality data alone cost the Unites States $3.1 trillion. Most companies know how important data is – managers, financial decision makers, data scientists and so many others use it every day at work. Due to the constraints of time, some employees simply have no choice but to accept the data they’re given and use it for financial contracts, supply chain management or prospecting new customers.
But this is risky business. A company can have all the data in the world at its fingertips, but realistically, how much of that data is accurate? And how is it being processed? Only by having the right tools and analytics can the consequences of bad data be avoided.
What’s the worst that could happen?
Bad data can mean many things; the data itself could be outdated, poorly formatted or inconsistent.
For sales and marketing teams, they rely heavily on the most-up-to-date, real-time data to allow them to effectively do their job properly. It’s no use calling up the MD of a company, only to find out they no longer work there or now have a different title. This can be incredibly timewasting and fundamentally limits a salesperson’s ability to sell; the average sales rep spends 64% of his or her time on non-selling activities. Wasted time leads to wasted revenue, which means bad data is directly impacting the company’s bottom line.
A vital ingredient to growth
Bad data isn’t just a timewaster, but a growth-stopper. For companies to grow, they need the right data for the right business function. Marketers need to ensure their contact database is up to date, or face stultified growth opportunities. Nowadays, businesses are demanding more intelligent, data-driven, real-time insights to realise higher return; 80% of marketers see data quality as critical to sales and marketing teams and more than half are investing to address persistent data challenges.
Incorrect names or job roles, outdated phone numbers and inconsistent & badly recycled data will actively prevent a company from reaching desired prospects. The Databerg report in 2015 found that medium sized companies were spending £435,000 on redundant, obsolete or trivial data. For SMEs, growth via data could certainly be the difference between black and red. And therefore making sure they have the right data is paramount. After all, if you water a plant with seawater, it won’t grow. Feed it with normal water and watch it flourish.
Data is an opportunity
Data has the power to transform businesses – but feed bad data in to a machine (or company), and you’ll only get bad results. From losing customers, a damaged reputation and decreased revenue, everything is at stake. Of course, no company is immune to human error. But what a company can control is its flow of data and how it uses it.
Most businesses know that they have to act to improve the quality of their data. But the way they do this is flawed; most batch cleanse, but they do this once a year at most. In the current age where data flow is constant and new information about customers, partners, suppliers and the economy is available all the time, data insight is only ever as accurate as the data feeding it.
What’s the answer?
What businesses really need to do with their data is to integrate, clean, link, and supplement it so they have an accurate database on which to build their algorithms. This starts with foundational master data.
Master data is the foundational information on customers, vendors and prospects that must be shared across all internal systems, applications, and processes in order for your commercial data, transactional reporting and business activity to be cleaned, linked, optimized and made accurate. It’s essentially the foundation of your enterprise and without it not only does your AI infrastructure breakdown, but so does your business.
Whether it’s a hospital, a financial institution or a marketing agency, ensuring you have the right quality data must be top of every agenda. Data is an opportunity; don’t waste it.
Data & content management have a visible impact on a business, whether done correctly, in half measures, or not at all, and can have adverse effects on a firm’s reputation, operations, and in the long run, vision. Here Katie Rigby-Brown, VP of global financial services at SDL, discusses the currency of content in a global financial economy.
Arguably in one of the world’s first global industries, financial services organisations are no stranger to the challenges of managing an intercontinental customer base.
However, financial service organisations are now embracing digital revolution in the race to survive against a back-drop of fintech competition, the hangover of reputational damage, and increasing regulatory compliance. Yet this is also presenting new challenges for how firms with a global employee and customer base handle their content.
One thing is certain, whether boutique or behemoth, the need to engage, capture and retain your customers at speed and without compromising data protection, anti-bribery, or corruption law, irrespective of location or language, is now greater than ever before.
Traditionally, financial service organisations have managed their multi-lingual content in one of three ways; using in-house teams, local niche providers or trusted freelancers, or a hybrid of both. A myriad of systems currently exists to create, store and publish content; from managing marketing content and regulatory publications to managing customer information, policy documentation and learning programmes. At best, the sheer volume of options available causes businesses to overspend much needed cash. At worst, irreparable reputational damage is caused and companies receive financial penalties for non-compliance.
Many will know that while this silo model worked historically, it is not a scalable solution for today’s environment. The rate of content production has increased sevenfold and added to increasing regulation, often unique to each country; this model simply isn’t sustainable anymore.
As the industry becomes more digitalised, forward thinking, and interconnected, and at a rate incomprehensible to most, we must ask what this means for business and how to succeed in such an environment.
One way financial service organisations can succeed in this new digital environment is by taking control of their content ecosystem. A piece of content goes on a long, protracted journey, passing through content optimization software many different hands before it reaches its target audience. By having a strong grasp on where all content is and who it is with, from beginning to end, businesses reduce the risk of non-compliance with market or data regulations.
Having a tight grasp on the content ecosystem from end-to-end is critical for organizations who want to avoid fines or reputational damage. When content management is a top priority, the chance of physical or electronic content going missing or falling into the public domain is greatly reduced.
Another crucial way to succeed is to leverage your own existing assets. This is a catch-22 for many companies who may have style guides for some areas but not for others - standardising these can be a challenge, especially when trying to maintain legacy. However, customers today expect companies and brands to communicate to them in a certain tone of voice that still manages to be personable.
The easiest (and cheapest) way to make the most of existing company assets and to take control of brand tone of voice is by maximising the investment that’s already been made. Most companies already have an established tone of voice. But instead of starting from scratch, creating style guides that show how to use that tone of voice in target markets will ensure the hard work already done doesn’t go to waste. This will also help to reduce the chances of being non-market compliant in those territories.
It may sound obvious, but using the right technology for the right use case is essential. A mixture of on premise, saas or hybrid solutions that support your content classification and organisational appetitive for cloud will allow you to respond to the challenges presented by agile fintech competitors, personalising, targeting and protecting your content.
Understanding the challenges that need to be overcome and finding the right technological solution to solve them could be the difference between a successful campaign and a reputational crisis. While financial service organisations are no stranger to dealing with global communities that require different content usually all at the same time, organizations that do not embrace the speed of change will fall foul and ultimately fail. Can your business risk playing fast and loose with data and brand reputation? The likely answer is no – so take action now before it is too late.
Established in 1988, Target Professional Services is a UK-based company providing Data Cleansing and Verification solutions to the financial sector. Target verifies that common data is accurate, complete and up-to-date. Where records are found to be out-of-date, Target are able to accurately trace and verify the data to ensure records held are always compliant with GDPR and other regulations within the Finance sector and in particular, The Pensions Regulator record keeping guidance. Here Lisa talks to Finance Monthly about the company’s services, the upcoming GDPR and its impact on the business, and her role in growing Target into a leading data verification and trace company.
With the EU General Data Protection Regulation (GDPR) scheduled to come into effect in May 2018 – what would you say will be the impact that GDPR will have on businesses?
The new regulations will require greater data accuracy and accountability. The potential to fine and the size of fines that can be imposed are significant, so GDPR should not be overlooked and needs both focus and a budget within any organisation.
What have Target Professional Services done to ensure that the company will demonstrate compliance with the directive in its entirety?
First of all, Target have reviewed and updated all of our internal processes where GDPR will require change. In addition, we are checking our suppliers to ensure that they will be compliant for the new regulations, so we are clear that we are using consented data. We know that some datasets will require individuals consent to continue to be used, so we are looking to ensure that consent is obtained or that type of data is not used.
In what ways can the company’s services assist others with becoming fully-compliant?
We are sharing our experience and understanding with our existing clients so they are clear about GDPR. We are constantly finding different levels of understanding throughout our client base and we work with them to improve their knowledge.
Could you tell us a bit about your career path?
Leaving school at 16 with 10 GCSE and unable to afford to go to University, I started work with Halifax Building Society and by 18, I had been promoted to Department Manager. However, I took the decision to leave the Halifax, as my aspirations were not in banking. At that time my father had invented a high-pressure valve cap for vehicles. He needed a BS5750 certification, so I studied the requirements and wrote his manuals for him. I also worked as a part-time book keeper for my mother, who ran a small independent debt collection agency, while I studied Accountancy, Law, Economics and credit control at night school. After successfully building a computerised accounts system for my mother, I identified a need in the market to transfer manual accounts to a computerised system and went on to support other businesses to successfully migrate their accounts data. With the merger of several rental companies in 1997, the debt collection business expanded, as did my role. Along with designing and implementing the CRM database to support the expansion, I took over the management of the Customer Service and Field Operations, before finally buying the business in 2001.
You’ve managed to build Target from a small debt collection business to a leading data verification and trace company – what were the challenges that you were faced with and how did you overcome them?
The debt market was very competitive and I had one very large client when I took over the business. I knew that I had to change the dynamics and the markets the company operated in. We entered the Pensions Market bringing innovation and competitive pricing at a time of regulation change. Target has focused on Customer Service, Data Quality and flexibility to ensure that our business does not become stagnant and stale. We bring innovation to solve the problems legislation brings to the industry and to ensure that our clients are always ahead of any changes.
What would you say are the company’s top three priorities towards its clients? How has this evolved over the years?
Our philosophy in working with our clients remains the same today as it’s always been. We look to develop long standing working relationships with all of our clients and understand what they require from us. Every client is different so we also look to be flexible in order to suit each client’s needs. Target has always been industry innovators and this is still a driver for us today, as tracing and data availability changes and develops.
Looking into the rest of 2017 and beyond, what does the future hold for you and Target?
We see opportunity to apply what we do to many different industries, especially with GDPR soon upon us. We predominantly work in the financial services sector and then mostly, in the pensions sector, but tracing and data screening is of value elsewhere. We are exploring such opportunities and offering solutions in new markets. Contact us if you think we can help you. Through a partnership approach we may be able to offer you a service that gives value to what you do.
With GDPR just around the corner (May 2018), the new EU rules are probably something you want to start thinking about, and companies could risk serious vulnerability in the face of data protection. But do the rules require you to hire a data protection officer? Richard Henderson, global security strategist at Absolute, provides Finance Monthly with the expert tips you’ve been looking for.
In just over a year the EU’s General Data Protection Regulation (GDPR) comes into effect, with part of it stipulating that some organisations will need a data protection officer (DPO). Impacted companies that haven’t already assessed their data protection technology, policies and processes against the regulation’s mandates, need to take action now to address any shortcomings.
The regulation may have been four years in the making, and amended throughout the process, but what has been clear from the start is that it intends to define an era where lax data management is not tolerated. The letter and spirit of the regulation reflects an expectation that data protection should be a priority, not an afterthought. Individuals’ rights around their data will be strongly upheld and companies found wanting will face tough punishment.
In this, the financial services sector has some experience. Despite being responsible for a relatively small percentage of the total security breaches reported to the Information Commissioner’s Office (ICO) in 2015-16, it attracted a third of the financial penalties the ICO pursued. With fines for data protection non-compliance set to rise significantly under GDPR (up to four per cent of annual global turnover), the industry cannot afford not to take note and to prepare.
The overall aim of GDPR is to make EU privacy laws fit for the 21st century. While there is a major emphasis on enforcement it also introduces mandatory data breach reporting requirements, in some cases within a challenging timeframe of 72 hours.
The role of the data protection officer
The requirement to appoint a data protection officer (DPO) is summarised as being in the case of “public authorities,” “organizations that engage in large scale systematic monitoring” and “organizations that engage in large scale processing of sensitive personal data”.
Organisations meeting these requirements will need to make someone responsible for data protection. It will be extremely important to have the right person for the job so legal advice should be considered when hiring.
The DPO must have expertise on data protection law and practices, is expected to keep their knowledge up to date and to report directly to the highest level of management. In short, this is not a responsibility to be taken lightly or to be tagged onto an existing role where the necessary level of expertise, knowledge and responsibility does not already exist. It is a professional role, expected to be accorded a sufficient level of seniority, with standing in the firm and the resources to maintain and build on knowledge.
DPOs will need to be supported by a thorough assessment and (where necessary) overhaul of policies, processes and procedures to ensure GDPR-readiness. A big part of their job will be ensuring the right technology is in place to prevent data breaches, while maintaining and reporting on security.
Enough is not good enough
The cyber-attack threat landscape continually changes, forcing businesses to evolve their security strategies and policies to keep up. The risk of non-compliance with GDPR is simply too high, not just in terms of potential financial impact but also corporate reputational damage from compromised data. A DPO will be central to safeguarding the organisation’s reputation, maintaining the right technology and ultimately, preventing a large-scale data breach.
GDPR recognises that situations have changed immeasurably since its preceding 1995 Data Protection Directive when the internet was still in its relative infancy. Today, larger volumes of data are not only created and stored but also widely transferred and held on mobile devices.
GDPR had to bring data protection enforcement up to date for the modern day. By setting the fines level for infringements at the level it has, it is sending out a clear message that ‘enough’ is not good enough. Companies need to make data protection part of the fabric of their organisation or pay the price for not doing so.
The price could be hefty indeed for UK business. If cybersecurity breaches stay at the level reported in 2015, fines could rise from £1.4 billion to £122 billion, according to the Payment Card Industry Security Standards Council.
Companies with limited IT knowledge and expertise may feel that punishments meted out after the event should be balanced by guidance and instruction on breach prevention, so that they can prevent falling foul of the regulation. While it is rightly incumbent on companies to adequately secure data, the options available to them to do this are matched only in their number and variety by the methods hackers have for getting in.
EU GDPR is incontrovertibly punitive but companies looking at it in full must see the opportunity the regulation gives to them to avoid incurring penalties.
Taking stock
By interpreting what the measures require companies to do, they can take action to keep data safe and thereby avoid non-compliance. This includes putting in place processes to provide data to subjects if they ask for it and to remove records if requested when it’s no longer necessary to hold them. It includes potentially putting in place the data protection officer and - perhaps above all - mandates ‘privacy by design’, meaning that data protection has to be built in to systems when they are designed rather than afterwards as an add-on.
This last measure is – if any were needed – the clearest indication of the regulator’s intention to instil into all companies a culture of data protection, one that drives systems and processes rather than the other way round.
A designated DPO dedicates a level of time and expertise that is required now for robust data protection. After all, 72 hours to report a breach is a short space of time and staying on top of policies and processes around data retrieval, access and removal is a big job. Organisations need the capabilities in place to manage data across their entire device estate. A single point of contact with specified responsibilities stands to help the company at the same time as helping the regulator.
Above all else, a dedicated data protection role will help companies prevent data issues, safeguard their reputation and avoid potential non-compliance.
For one particular part of the financial services sector, GDPR presents a specific opportunity. Strict new rules should mean the cyber insurance market will grow. With breaches set to be more widely reported under the new regulations, more data will be available to insurers to set premiums so we are likely to see an increase in the number and range of cyber insurance offerings.
Companies concerned by the length and breadth of the EU GDPR should step back and consider that, in simple terms it obliges organisations to put in place security measures appropriate to the risks. If a data breach occurs it will be hard for that organisation to argue that it had done this. Therefore, the goal will be then what it is now – to have in place the resource, policies, processes and technology to prevent breaches.
Companies should reassess how they detect suspicious activity on their network and consider options for persistent connectivity and encryption for systems, devices and data. The threat of higher fines certainly focuses attention on data protection but in reality, it must always be a top priority for the financial services sector.
No one wants to have their good company name smeared in the headlines because of a breach or incident that could have been avoided. It’s up to all of us in the security space to ensure that we are doing everything we can to keep the data entrusted to our protection safe from harm. We owe it to ourselves, our shareholders, and the public who trust us to steward their most sensitive of data.
Data should be one of your strongest assets, not a confusing uncertainty or a burden to work with. Alastair Luff of global information services group Experian here talks about how you can make the most of the data you gather and use it for e key decision making in your operations.
Big Data has become a buzzword in the Financial Services industry. Put simply, it’s about businesses having an amount of data so large, it becomes difficult to digest and define a clear strategy.
Information is created every second of the day, and its complexity is advancing as new data comes onto the scene. The volume of data is growing significantly, presenting a notable challenge to businesses. On its own, data isn’t valuable – it’s the business insights it provides which makes it a vital asset. The more information, the greater the insight, and the bigger the opportunity to drive optimum outcomes.
Data – a confusion or a complement?
Data can seem daunting. It needs to be controlled, understood and used to avoid hindering compliance, and to create real value. It can also confuse the customer – with less than 8% understanding how their data is being used within organisations.
But it can also complement. Organisations are not only faced with external data sources, but also first party data generated internally. But two data streams doesn’t result in a complete customer profile, and in some situations, information captured over an extended period of time may become outdated. Overlaying current and validated data, such as credit bureau data, can add a layer of insight that fills gaps and helps complete a fuller picture.
The more comprehensive view available, the better lenders can tailor credit risk policies to ensure financially inclusive lending strategies that consider all relevant data assets, e.g. within credit scoring.
Scoring with the customer
Credit scoring is nothing new, but it’s not just about banks and lenders. Industries outside of finance are beginning to recognise its benefits and scoring is offering enhanced outcomes for customer engagement and enhanced credit risk provisioning. In Africa, for example, data from mobile phone usage is helping with credit scoring where no financial services data exists, giving more people access to credit.
While scoring itself is well established, the process behind it has evolved. Organisations, lenders especially, are approaching scoring differently, considering individual risk strategies, profiling and in some instances different data assets. All of these factors, whether standard or bespoke, can provide an automated risk assessment that identifies the credit strategy of an individual.
Simplifying complex information
The ability to make responsible lending decisions comes down to how well information is interpreted. This is where scorecards come in to their own. They can help rationalise complex insights and automate decision making. Businesses who overlay internal insight into scoring, with enriched external insight achieve a more comprehensive view of each customer’s credit history.
In an era confused by a mass of information, a more demanding customer and pressure on minimising loss, businesses need to understand the value and opportunity – but balance both. This extends beyond scoring as an action, and therefore it would be prudent businesses automate this area – using available insight to free up resource to support developments across other business areas which aren’t so easily resolved.
Using comprehensive scoring can provide advanced data feeds that contain varying benefits for the organisation, for example:
Differing and advanced data assets can be used to on-board, and when a customer is on-boarded. It can be particularly useful during the lifetime of a loan in order to understand better any potential alignment to a business’s growth strategy.
In a world of Big Data, organisations have the opportunity to translate information into a currency. Understanding what insight it can bring, embedding it within credit risk and scoring policies can ensure accurate assessments and appropriate lending. Businesses just need to understand what data provides what – and why.
Forget about high-tech espionage. Many of the headline-grabbing hacks from the past few months hinged on low-tech social engineering—the use of deception to manipulate users into giving up their passwords and other data, writes LeClairRyan attorney David Z. Seide in a new post on the national law firm's "Information Counts" blog.
"This kind of hack takes many forms—examples include security alerts from what appear to be trusted websites to update passwords, and phishing emails from what appear to be known, trusted contacts asking to download files or click on provided links," writes Seide, a partner on LeClairRyan's Compliance, Investigations and White Collar team, based in the national law firm's Alexandria, Va., and Washington offices.
In the Feb. 27 post ("Cyber Security and Social Engineering: A Big Low Tech Problem"), Seide notes that the consequences of computer network penetration through social engineering have been dire for victims. He cites a prime example: the hack of Hillary Clinton's 2016 presidential campaign.
"There, the campaign chair received what appeared to be a genuine email from Google's 'Gmail Team' informing him that a Ukrainian computer had just used his password to try to sign in to his Gmail account," Seide explains in the piece. "The email went on to say that Google had stopped the attempt, advised the chair to change his password immediately, and provided a 'Change Password' link. Believing the email to be authentic, the chair clicked on the link and changed his password."
As the world now knows, of course, the new password went straight to hackers, who promptly downloaded 30,000-plus emails in the account and sent them to WikiLeaks for publication. "This hack succeeded only because hackers used social engineering techniques to trick the unwitting user into effectively giving a secure password to what appeared to be a trusted source," writes Seide, an experienced litigator and internal investigator, who led multiple high-profile internal and financial investigations for several federal agencies prior to joining LeClairRyan last month. Those roles included leading the Department of State Office of Inspector General team that reviewed and published multiple reports in 2016 concerning the use of personal email for official business by Hillary Clinton and four other Secretaries of State.
For the foreseeable future, he notes, low-tech social engineering hacking will continue to be a dominant cyber risk. "If anything, it is likely to proliferate across growing and emerging technology platforms—mobile and other Internet-enabled devices (Internet of Things) and social media," he explains.
This is precisely why defending against such hacks requires more and better "cyber hygiene," which Seide describes as "no different than regularly washing hands to prevent infection." Toward that end, he offers a set of best practices for guarding against social engineering. They include ramping up education about social engineering; closely monitoring the level of security-protocol compliance within your organizations; maintaining vigilance and skepticism, and engaging in timely reporting of hacks or potential hacks.
"Cyber security is an ongoing process that changes as fast as technology changes. And technology changes fast," the attorney writes in the conclusion to the piece. "These suggestions are by no means cure-alls. But they will reduce social engineering risk and may demonstrate a prudent effort to address a serious problem we all regularly face."
(Source: LeClairRyan)
Adaptive Insights has released its most recent global CFO Indicator report, taking a closer look at the reporting process and how CFOs can free their teams to deliver the value-added analysis desired by key corporate stakeholders. Alarmingly, CFOs report that their teams continue to spend very little time on strategic tasks—just 17%—and remain reliant on the standard processes and technologies that negatively impact their ability to deliver actionable information.
The CFO Indicator Q4 2016 report reveals that while 85% of CFOs say their teams have direct access to the financial and operational data needed to generate accurate reports, it is the non-value-added tasks—like data gathering, verifying accuracy, and formatting reports—that take time away from the strategic analysis desired by top management and other stakeholders. Most CFOs also cite data integration as the biggest technology hurdle to gaining actionable reporting information, given the increasing need to report on both financial and operational data typically housed in disparate, unconnected systems.
“Our survey validated the ongoing challenges CFOs face today—the need to provide greater strategic value while balancing the increasing volume and sources of data,” said Robert S. Hull, founder and chairman at Adaptive Insights. “Reporting efficiency plays a critical role here as CFOs want their teams to spend more time on strategic tasks yet recognise both the technology and process challenges associated with today’s reporting activities—namely, time-consuming, error-prone manual data aggregation. CFOs must address these challenges now if they expect to fulfill their roles as strategic partner to company management teams.”
The key findings in the report show that:
Manual data aggregation eats up time, causes errors
This quarter’s report shows more than half of CFOs (54%) say they generate reports by exporting data out of their ERP systems and into a Microsoft Office® application such as Microsoft Excel®, Microsoft Word®, or Microsoft PowerPoint®. Of those that report an inefficient process, 64% take this approach. For those who generate their reports directly out of their ERP system (21%), 41% periodically found their numbers to be inconsistent from report to report.
Because the lack of a centralised reporting system introduces inconsistencies in metrics, data, and calculations, finance teams must spend an inordinate amount of time verifying the accuracy of their reports. The report advises that to mitigate risk and save valuable resources, CFOs will need to solve the data integration issues standing in the way of gaining actionable information.
(Source: Adaptive Insights)
With the implementation of GDPR on our doorstep, companies risk serious vulnerability in the face of data protection. This week Finance Monthly has heard from Rafi Azim-Khan and Steven Farmer of Pillsbury Law, who gave us a rundown on how you need to prepare for the regulatory changes.
From the debate about the UK’s ‘Snooper’s Charter’, to a number of high-profile cyber-attacks and the wrangling, both legal and political, over the abolition of the EU-US data sharing treaty, Safe Harbour, data privacy has remained firmly in the media spotlight in recent months.
Following the most significant overhaul of the EU data protection regulations in recent years set to come into effect with the introduction of the EU General Data Protection Regulation (GDPR) in May 2018, this trend looks set to continue.
The GDPR rips up the existing legal framework and provides for the imposition of heavy fines. Equally seismic is the fact that the new rules have an extra-territorial reach, catching companies who traditionally did not need to prioritise data protection laws.
Significantly, however, few businesses are reported to have actually looked at what they need to do to ensure compliance under the GDPR. As the time until enforcement dwindles, it is essential that firms act, as the UK data protection regulator has said herself. So what do companies actually need to be aware of?
The letter of the law
The GDPR replaces the current EU Data Protection Directive 95/46/EC. As a Regulation, and unlike the old law, the new laws will be directly applicable in all EU member states.
Specific changes introduced include the following:
Of course, with the UK set to leave the European Union, there is much ongoing discussion about what the post-Brexit regulatory regime may look like. It is generally accepted, however, that after the UK leaves the EU, UK laws will nevertheless track the GDPR (e.g. via some form of implementing legislation or a new UK law which effectively mirrors the GDPR). In other words, even if you are purely a UK company, or you are outside the UK and targeting UK consumers only, you should not ignore these changes on the basis Brexit is some sort of get out of jail free card.
Who needs to comply?
All organisations operating in the EU will be caught by the new rules. Importantly, organisations outside the EU, like US-based companies that target consumers in the EU, monitor EU citizens or offer goods or services to EU consumers (even if for free), will also have to comply.
The GDPR also applies to “controllers” and “processors”. What this means, in summary, is that those currently subject to EU data protection laws will almost certainly be subject to the GDPR and processors (traditionally not subject) will also have significantly more legal liability under the GDPR than was the case under the prior Directive.
What can businesses do to prepare?
To ensure compliance, companies need to ensure that they have robust policies, procedures and processes in place. With the risk of heavy fines under the GDPR, not to mention the reputational damage and potential loss of consumer confidence caused by non-compliance, nothing should be left to chance. In terms of key first steps, companies might consider prioritising the following as a minimum:
As May 2018 draws inexorably closer, companies need to start thinking about compliance before it is too late to avoid being made an example of. As the old adage goes: those who fail to prepare, prepare to fail.
You may have heard the words ‘data management’ flying around left, right and centre with no clear understanding on what it is and how paying attention to said meaning could be useful to you, so this month Finance Monthly heard from Maysam Rizvi, a 15-year banking innovator, who provides particular insight into exactly why the data revolution is worth paying attention to. Maysam is the Founder and MD of Aelm, and is responsible for managing change initiatives at international institutions including J.P. Morgan and National Bank of Dubai.
In 2006, UK mathematician Clive Humby coined a phrase that was utterly obvious, hugely prophetic and unerringly timeless. Pointing at the raw material with which we'll build life's next phase, he said: “Data is the new oil.”
In 2017, some 2.5 quintillion bytes of data are created each day. At this rate, it'll take just three months to double the world's entire existing data stock. So Humby's statement is truer now than it was then: data is every industry's imperative. And that's quintuply true for banking.
If financial institutions want to edge ahead, and stay there, it's time to fully embrace data and its possibilities for the long term.
Financial institutions have been longsighted enough to harvest data, but our putting it to work has been sporadic and disorganised. We've been slow to deploy data in areas like regulation and compliance, and we've probably been over keen, and under-effective, in areas like credit and risk.
To digress slightly, I grew up watching movies like Terminator 2: classic struggles depicting robots (bad) versus humans (good). As a young man, I learned – as many of us did – not to trust a world that's in the hands of Artificial Intelligence (AI).
Whenever machines edge out a human workforce, or Hollywood spawns a new cyber villain, robots' reputations nosedive. But it's important to remember that AI is simply a manifestation of data: sets of numbers, trends and analytics built and programmed to perform tasks.
It's daunting, but today's data is the foundation of tomorrow's AI. And the effectiveness of banks' AI will, as the future of finance draws nearer, separate the wheat from the chaff.
The proposition is this: banking will soon rely incalculably on AI. The bedrock of AI is data. We are in a position to mine and manage rich data now.
If the story of the industrial revolution is one of optimising processes and stripping out costs, the tech revolution has utterly multiplied that paradigm.
Twenty years ago, cars started to, basically, build themselves along production lines. Today, quantum data and real-time machine learning means cars can now drive themselves. That's data in action.
And so is this: a 2013 study by Oxford University’s Carl Frey and Michael Osborne estimates that 47 percent of US jobs may be replaced by robots and automated technology within 20 years. Owing to all the brains required, banking is the kind of high cost industry where an AI coup is inevitable.
Since the ATM, we've given pieces of banking over to machines. From internet banking to intricate trading algorithms, anything that can be handed over to machines has been – and will be.
So, that's the proposition. And we can probably make peace with it. Then comes the practical.
How can banks adapt and ensure a steady transition?
On that, there's no quick answer. Whether it's retail or investment banking, preparing for mass AI means dramatically improving technology infrastructures, and sorting a lot of data.
Aside from what already sits in banks' data vaults – and what data is being crunched this very moment – 2017 will bring more machines, software and apps that'll further swell the data highways. We will probably never hit a data ceiling so I can't overstate the importance of a sound and forward-looking data management strategy now.
Central to that strategy are things like business intelligence: drilling quickly to the truth in your data. Storage: expensive server farms versus the Cloud. And security: Tesco got hacked, TalkTalk got hacked – the threat is very real.
Unfortunately, fix-all, pan-department, off-the-shelf AI systems aren't available. So, automated platforms, AI, robots – call them what you will – need to be mapped, developed, integrated and trained. And this data management strategy can't exist in isolation: banks need to roll it up as part of a wider digital strategy, and as part of an overall business strategy.
For starters, new talent is required to develop, design, deploy, analyse and work with new technologies, while current employees will need to be reskilled for a new reality.
Then there's clients and customers. Institutions that are able to construct and manage efficient, intertwining data flows must find ways to push benefits down the chain.
Like it or not, banking is not a trusted industry. Putting more automation between customers and their money or goals may be a bitter pill to swallow. In addition, the AI push will see certain people nudged out of jobs, so banks must think about payoff.
Customers aren't daft. Facebook, Google, Uber - we wearily trade our data in exchange for what, in the end, are personal, hyper-relevant services. Banks need to, basically, come up with their own 'crystal ball' technology.
Uber knows where you are, before, during and, now, even after your ride. It knows where the driver is; how much you'll pay; what service you require.
Uber has a crystal ball. But all that goes to show is that we're not staring down an impossible task. Banks have power, reach and resource at their disposal so my last point, which might sound laughable after all that, is to try and keep things simple.
A comprehensive data strategy for your bank may include only a dozen key end goals, so start there and work back: there are some great brains out there to help you with the detail.
Banks need to believe in and invest in a future made of data. If you don't, the others will.
In fact, the others are.
If you’re a bank looking at AI solutions, I advise you to consider
Where can you apply AI and how to set it up?
How quickly can you adopt an AI solution?
How to manage your team's transition through this technology upscale;
What do you need to do to your existing infrastructure to make this successful?
Tying business strategy closely with technology strategy;
Taking baby steps, solving one problem at a time;
Building the right partnerships to facilitate the transition.
SimCorp recently announced the results of a comprehensive survey, titled 'Realizing Growth Through Operational Agility', which examines the current state of IT and operations in the global buy-side investment management industry and includes several notable findings. This includes the fact that 47% of the surveyed firms lack confidence in either their IT infrastructure, their data, or both.
The results also show that firms that are confident in both their data and infrastructure are much more likely to pursue a growth strategy than those with data/infrastructure problems. Further, firms with a lower degree of confidence in data or infrastructure are more likely to increase IT spend in the future, according to the survey.
The availability of real-time data in the front office is generally perceived as an important factor in buy-side firms' ability to make quality investment decisions. The survey shows that almost half (47%) of the respondents do not have access to real-time data in the front office. When breaking this down by IT strategy, the findings show that more firms running on 'an integrated investment management solution' have access to real-time front office data than those running with 'a core platform with multiple add-ons' or a 'best-of-breed strategy'.
Other findings include:
David Beveridge, Senior Product Marketing Manager at SimCorp commented: "Having roughly half of all surveyed firms express a mistrust in either their IT infrastructure or data is alarming. While this is damaging to the firms' own ability to generate growth, the ultimate losers could very well be their clients. The survey results clearly suggest the integrated solution strategy as the most viable path to higher operational agility and efficiency."
The survey was conducted in mid-2016 by the market research firm Lindberg International and covered 150+ respondents worldwide. For a full presentation of survey results and conclusions, please download the white paper: 'Realizing Growth Through Operational Agility'.
(Source: SimCorp)
According to a survey of nearly 1,000* senior finance professionals, non-financial data may be the game-changer for forecasting success. This finding was revealed as CFOs admitted that non-financial data capture ranked only fifth in their top five priorities, despite the proven benefits when planning, budgeting and forecasting.
The Future of Planning, Budgeting and Forecasting Survey, carried out by the FSN with members of its Modern Finance Forum was commissioned by Advanced, the UK’s third largest software and services provider, to understand how financial decision makers can get ahead with better data-driven decision making.
The findings revealed that CFOs who make better use of non-financial data are:
“The survey shows the latent potential of non-financial data to transform the accuracy of business forecasts. It’s no exaggeration to say that it is a game-changer yet CFOs rank it a lowly fifth in their priorities for the forecasting process,” says Gary Simon, FSN’s chief executive officer and the leader of the Modern Finance Forum on LinkedIn.
“The current business climate is characterised by huge business uncertainty yet the effective use of non-financial data allows businesses to extend their planning horizon, improve forecasting accuracy and improve decision-making.”
“It’s clear that many CFOs are missing a trick when it comes to recognising the value that a connected business can offer. Connected CFOs will ensure every board member - but especially the CEO - has an integrated and real-time view of the projected financial performance of the business. However it is vital that this financial insight is inextricably linked to the operational performance of the business, informed by areas such as people skills and the development and impact of digital transformations for example. This is the silver bullet to give every organisation the best chance to drive efficiencies, productivity and growth across every aspect of the organisation, comments Andrew Hicks, CFO at Advanced.
A full infographic reveals further results from the research, such as the top four priorities for CFOs being:
*There were 955 people of the Modern Finance Forum who responded to the survey were senior finance professionals covering 23 countries and 13 industry sectors. Approximately half of the respondents were from organisations with more than 1,000 employees.
(Source: Advanced)
