Read Time: 5 Minutes

Data Governance is how we describe the processes and management of data in any given organization. This includes the processes around the protection and use of data. In our specific context today, we will be discussing data governance for a financial institution (FI).

AdobeStock_150170725

Who's Responsible for Data Governance?

The responsibility of data governance begins at the very top of an FI, the Board of Directors. The Board provides oversight and strategy into the processes the company should have in place related to data governance. The Executive level would then be responsible for creating a tactical plan for implementing the strategy developed by the board. This would require significant involvement from the CIO or IT Director, providing specific data management insight regarding the FI’s infrastructure and IT environment. This information would complement the other Executive’s expertise regarding insurance, investments, and other processes at the FI.

Drivers of Data Governance

This process may sound overwhelming. In a moment, we will break it down into more bite-sized pieces, making it easier to tackle. Before we do that, I want to discuss the motivation behind making these changes and implementing data governance processes.

One of the main drivers of data governance, especially in the financial industry, is compliance. For example, the General Data Protection Regulation (GDPR) impacts any FI with data related to European citizen’s or companies, which encompasses a broad scope across the US. Additionally, current state and federal regulations require companies to remain on-guard as data becomes more of a currency and one of the greatest organizational assets to be protected.

Another powerful motivator for implementing a data governance strategy is the fact data is being generated and gathered at an unprecedented rate and is often beyond current processing capabilities. Developing and implementing a data governance strategy makes data more valuable to an FI in ways that allow for structured data sets. Structured data sets provide transformation of information for decision makers, users, and stakeholders.

Models for Data Governance Processes

Now that you have the motivation to develop a strategy and have, at the board level, put this plan in place, let’s discuss what a tactical data governance process looks like.

Well, there are several models that require the skillset of different individuals in an FI. Keep in mind that these processes will need to be flexible, with the ability to expand and contract as needed, as the data sets change over time.

Examples of organizational models include:

  • Virtual Team: In the Virtual Team model, individuals in the FI will maintain their current responsibilities but will also take on duties related to the data governance processes. This model can limit the initial cost investment and help integrate multiple business areas by utilizing existing resources. Risks, of course, could include over allocation of resources and limited buy-in due to lack of accountability across the institution.
  • Centralized Team: This model allows for an entire team whose sole responsibility is maintaining data governance processes, reporting directly to the Executive responsible for the institution’s data governance strategy. This would allow for greater accountability and focus on delivery and structure on the team. The risk related to the Centralized Team model would be the initial cost and resources needed to hire and train new team members.
  • Hybrid Team: Of course, there is an option of creating a limited centralized team paired alongside several allocated individuals with additional responsibilities to assist with the institution’s data governance efforts. With knowledge of the institution and a strong focus on data governance efforts, this model allows for faster implementation. The Hybrid Team model can encompass some initial costs and competing priorities.

Data Governance Best Practices

A best practice process for developing a plan is to first establish a data governance policy. This would be developed under the direct supervision of the IT Steering Committee and IT Director, ensuring strategic continuity and clear lines of responsibility are established within the policy. Assigning those clear lines of responsibility early on is a critical step in the process. Once the lines of responsibility are documented in a policy, the next step is training within the institution. It is important to encourage a one team mindset within the FI to ensure the IT and business owners work together well, as the transformation from data to information will require both parties. Remember, data governance tools and processes are only as effective as the people who are managing them.

Part of the implementation process will also include a threat or risk management exercise. It is important to recognize where the data is located within the institution to properly secure, manage and transform it. However, it is equally as important to assess the risk associated with that data through a risk assessment. This involves an inventory and classification by risk level of the data present on the institution’s network. At this point, the data becomes more manageable from a governance standpoint.

Keep in mind that you want to choose a process that works best for your institution. It is critical to keep the process simple; don’t over complicate things and create a very complex process. Also remember that there needs to be constant monitoring, regardless of the processes in place. Review and supervision of the controls and processes in place is key to ensuring they are performing optimally, and that any necessary changes are made at the appropriate time.

Data Governance Provides Peace of Mind

As we look toward the future, our team at HORNE Cyber deeply encourages clients to develop and implement a data governance strategy. Data is being generated at an exponential pace. As technology advances, a complacent mindset puts your institution at risk.The benefits of implementing a data governance process are numerous and will extend for years to come once the strategy is in place at your institution. A data governance strategy gives an FI the peace of mind in knowing where its critical data is, what the high-risk areas are, and that the necessary controls are in place to protect that data. Protecting the data held by your FI also facilitates trust with your customers / members and helps protect your brand’s reputation by preparing for the inevitable.

COMMENTS

THIS POST WAS WRITTEN BY Megan Hudson

Megan is a Manager for HORNE Cyber where she specializes in cyber risk related assurance services. She provides analytic expertise regarding policy design and implementation as well as IT and data governance. Megan also consults on information systems environment compliance and management for public and middle market clients.

Find me on: