A healthy risk attitude starts with data compliance

Posted by Kristina King 24.02.21

Feeling hungry?

At times, our appetite can feel uncontrollable. When you’re ravenous, it’s easy to end up eating more than you’d planned. Even if all you really needed was a snack.

The same applies to risk appetite. When financial services firms know their hunger for risk inside out, they can build processes that satisfy it and keep their business moving in the right direction. When the opposite is true, firms face the prospect of exposing themselves to high levels of risk, without having the measures in place to mitigate it. And when financial services firms can’t compensate for these mistakes, they’re likely to land a hefty fine.

Of course, businesses will each have their own idea of what constitutes an acceptable risk. But when it comes to regulatory compliance, there are certain criteria that must be met. Before looking at risk in general, financial services firms must address regulatory compliance risks with a comprehensive data management strategy.

If financial services firms want to sustain a healthy risk appetite, they need to be able to demonstrate control over their data, or chance stumbling at the first regulatory hurdle.

Visibility comes first

It’s important to remember that just like our own diet, risk appetite is unique to each individual firm, and will depend on several internal and external factors. These include market attitudes, stakeholder influence, and how much capital the firm has available to rectify a problem.

But your risk appetite can’t truly be healthy unless you’re demonstrating regulatory compliance, and proper data management. Firms also need to have enough regulatory capital reserved for a potential breach – which is difficult to estimate, if you don’t understand the full extent of your data.

Sometimes, a firm’s attitude towards risk doesn’t match their ability to absorb damages. For example, a start-up could have a high tolerance for risk, but lack the capital to sustain their appetite, should something go wrong. One way firms can get clear on how much risk they can withstand is by analysing their unstructured data based on their governance and compliance against regulation.

No doubt, there’s plenty of it to sift through. Fortunately, data management systems can do most of the heavy lifting. And properly utilised, these platforms provide firms with a clear overview of their data estates and flag data which breaks information management strategy processes.

Real world impact

Businesses across multiple industries now carry an increasing amount of unstructured customer data. It’s why having a data management strategy is so important. Opening an email attachment on an unmanaged device doesn’t sound like a major threat, but it could leave a business wide open to a data breach. And as more businesses choose to implement working from home policies, this risk grows tenfold.

Data protection is imperative to customer trust and retention, but regulators are also looking to see good systems and control measures in place. They want to know that data is kept in the right place, for the right amount of time, with tools to flag data breaches and the capacity to deal with them quickly. The company risk statement can’t be a standalone document either. It should be a living, breathing resource. Because as the business changes, so does the potential for a data breach.

The average organisation sees their unstructured data expand by 23% every year, and roughly a quarter of organisations see their unstructured data double every two years, which makes it even more important for firms to have a live view over their data estates. It’s one of the reasons we created the hivera risk score dashboard, where users can monitor regulatory compliance risks in real time. Things happen quickly in the digital age, and if you’re standing still, you might as well be going backwards.

Better decision making

When financial services firms manage their unstructured data in a cohesive way, they can use it to make informed decisions that reflect their risk appetite. Alongside this, they can build a framework for managing regulatory risks so that employees from various departments are on the same page when it comes to addressing them.

In the UK, 90% of data breaches are due to human error, but it’s rarely the result of a malicious attack. Instead, firms often lack clarity on what they consider to be risky behaviour, and employees get caught in the crosshairs.

But with a data protection framework in place, teams from across the business can make strategic decisions on marketing, product development, and customer services that are fully in line with regulation and data protection.

Ultimately, when financial services firms can support their appetite for risk with empirical evidence from their unstructured data, it reassures customers and demonstrates control to regulators. These days, no two businesses are the same, and it follows that their risk appetites won’t be either. But if business longevity, regulatory compliance, and data protection are the aim, firms should start analysing their unstructured data.

For more information on how you can take the first step to understanding what’s in your unstructured data and bringing it under control simply contact us today.