Banks can store hundreds, even thousands of data points on their customers. They include everything from basic biographic information (name, address, national ID number, etc) to comprehensive big data predictive models based on past transactions, demographics, and a wealth of other inputs.
Many financial institutions focus on mitigating the regulatory compliance and security risks of collecting, storing, and analysing that data. However, they can also benefit tremendously by deriving latent customer demand and market trends from that information. Good data governance can help banks do both.
Simply stated, data governance is the internal processes institutions implement to manage their and their customers’ data security, usability, and availability. Effective data governance can be split into offensive and defensive elements. The latter complies with regulations and safeguards data from hackers and other malignant actors. The former directly impacts the bottom line by ensuring data can be easily accessed, indexed, and analysed to identify revenue opportunities.
Defensive data governance
Most financial institutions are intimately familiar with defensive data governance. Most commonly, defensive data governance dictates whether banks comply with data privacy and security laws including the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR).
Financial institutions that process EU citizens’ personal data outside the EU run the risk of triggering GDPR fines. Countries around the world—including many in the Caribbean such as the Bahamas, Barbados, Jamaica, and T&T—, therefore, drafting a suite of laws and regulations to align their data governance compliance with the GDPR.
“We’re seeing efforts across the region to reinforce and standardise data governance across the Caribbean,” stated Marcelo Gorrini, Citi’s Central America & Caribbean CEO. “That’s why our long-existing strong data internal governance strategy grants Citi a competitive advantage. It helps us better manage risk, comply with regulations, achieve efficiencies, and assist clients with first-class service.”
Good data defence also lowers costs by preventing fraud and theft. These measures have the added benefit of improving financial institutions’ public trust, thereby reinforcing their market positions relative to competitors. Broadly speaking, defensive strategies interface with compliance, financial, IT, and legal departments. Ensuring data accuracy and tagging are key to a good defensive strategy, which is why control is often more prioritised than flexibility.
“We place an extremely high premium on data security and regulatory compliance,” explained Maximo Vidal, Citi’s Dominican Republic managing director.
“Our customers trust us with their data. Maintaining that trust is fundamentally important to our continued success, which is why we constantly deploy the latest in defensive governance strategies.”
Offensive data governance
Offensive data governance takes a more proactive approach to improve customer satisfaction, profitability, and revenue. It seeks to derive actionable insights and trends from large datasets that grant financial institutions competitive advantages over rivals. Its analyses and reports can help launch, execute, and reorient products and services.
Offensive data governance projects directly support business objectives, making them more focused on real-time trends than defensive efforts. Their activities directly affect sales and marketing teams. As a result, they place a greater emphasis on the flexibility and utility necessary to optimise data analytics than defensive data governance initiatives.
“Citi is on the cutting edge of data management,” said Mitchell De Silva, Citi’s T&T chief country officer. “We use the latest strategies to design innovative financial services that best cater to customers’ constantly shifting needs and desires.
Striking a balance
Good data governance demands foresight and a set of principles that can be applied uniformly across datasets. At minimum, customers’ biographical information must be correctly ascribed, tagged for future analysis, and securely stored. However, exactly how it is organised may lead financial institutions to feel they are stuck in a zero-sum game. If they choose to follow a more defensive strategy, then they will need to implement more control. A more offensive stance will demand more flexibility.
Rather than exclusively opting for one strategy or arbitrarily choosing a 50/50 split, banks should regularly assess their needs and the needs of their clients to correctly pinpoint where they should land on the offensive-defensive spectrum, allowing them to deploy both defensive strategies that meet compliance requirements that protect personal data and offensive measures to derive customer insights from it.