Let me come back to the subjects of Cross Border, Data Governance and Privacy regulations.
In my last post I pointed out how the issues of cross border activities in the financial industry and the European rules about Privacy had at least one contact point in the overt need of a well structured, defined, measurable and controllabile data governance model .
However, really, is that it? Are legislation and regulations really the main causes?
Let me recap some definitions.
In banking, cross border activities consist of operations with an international dimension in the sense of financial transactions broadly pertaining export of the provision of services, the sale of a product or investing abroad on a foreign market subject to a different regulation.
This means that, in non-uniformly regulated markets, there will always be a party interested in:
- The free movement of capital and services
- The absence of authorizations
- Compliance with the rules on budget: distinction of active and passive domestic and foreign / Proportion of foreign assets and the assets together
- Respect for national monetary policy
- Risk considerations
- The incidence of foreign law
And a party interested to maintain its ability to control at least at a basic level, considering only the issue of risk management, money laundering and fiscal control.
It is clear, in my opinion that the balance becoming difficult to manage is between the force of a pure business driven approach and an opposite force from the defence mechanisms for verification and control.
The availability of reliable data is critical.
However, Privacy rules change the picture.
Control requirements would impose information transparency that Privacy Policies often do not allow for.
– The business needs are a potential regulatory issue for their lack of transparency;
– The Privacy compliance needs impose controls on information disclosure;
– The control institutions consider risk management as a prevalent priority.
At the end of the day, it is clear that data governance is not only an overlap but also the real enabler and solver of the diatribe. A structured model of data governance that takes into account all pressures may satisfy all the needs at the appropriate level of segregation, security and availability. Is it a coincidence that many recent standards even from different sources refer to specifications such as ISAE 3000 or similar best practices?
The ability to control and manage data and information in a complex context and ever-higher volumes is the challenge. However, that is another story…