top of page

Managing Data Risks in an Organization

In July 2021, one of the world’s leading banks revealed a loss of $5.5 billion due to a default by one of its customers. The bank identified the “failure of management and controls” in its investment banking arm as the fundamental cause of this loss. This incident reinforces the importance of a robust governance framework for managing data risks – driven by the right combination of people, processes, and data within the banking industry.

Technological advancements have created expectations for on-demand banking that are typical of banks’ sustainable growth. Adopting digital banking solutions such as mobile, internet banking, kiosks, and WhatsApp has made it easy to service customers on the go. A typical bank offers services through 70-100 channels. Banks can also harness the insights obtained from big data generated from the interaction of customers with multiple channels.

Need for Managing Data Risks

Data, an enterprise asset, must be actively managed along with technology and people. With the evolution of open-source software, data management offerings like a cloud warehouse or lake and technology to analyze big data have also evolved. However, data curation, analysis, processing, and storage also carry multiple risks. Most of these risks may not be limited to data confidentiality, integrity, and availability. These risks could instead extend to data privacy, regulatory sanctions, and contractual risks associated with using third-party providers.

Traditional “command and control”-based IT control models can struggle to meet digital business demands. In a survey conducted in 2021, 61% of respondents indicated that their governance objectives include “optimization of data for business processes and productivity.” Hence, a flexible, responsive, and tailored model tailored to the bank’s specific data needs and objectives would be better suited than the one-size-fits-all, center-out model.

Focus on Privacy Risks and Traditional Risk that were ignored.

With the recent focus on customer privacy coupled with the evolution of public policy, banks are forced to acknowledge data privacy risks across the lifecycle of personal data. Generally, policies, guidelines, and regulations emphasize maintaining accurate personal information within the system so that it can be retrieved whenever a customer requests it.

Traditional risk management frameworks that focus on maintaining data availability, integrity, and confidentiality without addressing concerns of classification, quality, and privacy may leave banks struggling to meet legal and regulatory compliances. For instance, privacy laws require organizations to provide data subjects with copies of personal data they collect/process/store. Without a robust Data Governance framework where all such data are appropriately classified and centrally stored, banks could be required to spend precious resources manually collating this data and responding within the set timelines. It is, therefore, imperative that banks look at their risk management strategies to secure their data and derive value from it.

To read more on managing data risks for improved regulatory standards effecient operational outcomes, the book Data Risk Management provides ready-to-use frameworks and organizational models -


7 views0 comments


bottom of page