Privacy and Cross Border in Banking #2

By | Sunday October 4th, 2015

Let me come back to the subjects of Cross Border, Data Governance and Privacy regulations.

In my last post I pointed out how the issues of cross border activities in the financial industry and the European rules about Privacy had at least one contact point in the overt need of a well structured, defined, measurable and controllabile data governance model .

However, really, is that it? Are legislation and regulations really the main causes?

Let me recap some definitions.

In banking, cross border activities consist of operations with an international dimension in the sense of financial transactions broadly pertaining export of the provision of services, the sale of a product or investing abroad on a foreign market subject to a different regulation.

This means that, in non-uniformly regulated markets, there will always be a party interested in:

  • The free movement of capital and services
  • The absence of authorizations
  • Compliance with the rules on budget: distinction of active and passive domestic and foreign / Proportion of foreign assets and the assets together
  • Respect for national monetary policy
  • Risk considerations
  • The incidence of foreign law

And a party interested to maintain its ability to control at least at a basic level, considering only the issue of risk management, money laundering and fiscal control.

It is clear, in my opinion that the balance becoming difficult to manage is between the force of a pure business driven approach and an opposite force from the defence mechanisms for verification and control.

The availability of reliable data is critical.

However, Privacy rules change the picture.

Control requirements would impose information transparency that Privacy Policies often do not allow for.

Then:

– The business needs are a potential regulatory issue for their lack of transparency;

– The Privacy compliance needs impose controls on information disclosure;

– The control institutions consider risk management as a prevalent priority.

At the end of the day, it is clear that data governance is not only an overlap but also the real enabler and solver of the diatribe. A structured model of data governance that takes into account all pressures may satisfy all the needs at the appropriate level of segregation, security and availability. Is it a coincidence that many recent standards even from different sources refer to specifications such as ISAE 3000 or similar best practices?

The ability to control and manage data and information in a complex context and ever-higher volumes is the challenge. However, that is another story…

Category: Open Forum Tags: , , ,

About Rosario Piazzese

Manager with huge experience in multi-national environments. Currently focused on Swiss marketshare, I developped a deep knowledge in Business Strategy and Team Management supporting several start up in Management Consulting and IT Business Area. With 20+ years of experience in IT and Consulting Industries, with a special focus on Architecture, Governance, Audit, IT Service Mgmt, Security and Risk Mgmt, BC and DR, I experienced the Big Four environment in the Deloitte network as Senior Manager and Director. I took place to ICT Governance, ITSM, BC, DR, BPR with focus on Audit, Governance, Risk Mgmt and Security in FSI. I was involved in the start up of TIG, an Italian consulting boutique, of THINK!, a no profit organization focused on ICT topics, of ISAS, a company focused on SMB companies, and of Siledo Global SA in Switzerland, currently a POWA Company. I'm now involved in the start up of the Swiss branch of Codd & Date as part of Vipera Plc. Group also in the role of GRCAS Group Competence Center, with the duty of Regional Executive Manager.

Leave a Reply