Risk & Compliance Blog Post Header
Risk & Compliance Blog Post Header

Regulators Highlight the Data Challenges of Restructuring a Business

In recent months, a constant business theme has been managing change, with home-working and a significantly changed economic landscape being just two issues that stand out.

The only safe prediction one can make is for more change to come, as vaccines are rolled out and the world transitions back to something that resembles ‘normal.’

Restructuring one’s business, its systems, and processes will be a constant theme due to all this change. Some companies will merge and consolidate, others will grow, and some business units will be sold to new owners or spun off.

Ease of Use eBook Graphic Banner

Data management is in regulatory crosshairs

Regulators recognize this too. Managing client data in a changing business situation was recently highlighted by the UK’s Financial Conduct Authority (FCA) as an issue. Add to this the challenges of GDPR in the EU, the CCPA, and the NYPA in the US, and it becomes clear that data change management will be a significant issue for 2021.

That the US Office of the Comptroller of the Currency (OCC) recently fined a US institution $60m over data management shortcomings will also focus minds.

Issues with data management during a business process transformation project on any scale are typically due to process rather than technology. Specific points might include teams not being fully aware of data management policies or not having access to the most up to date versions. Alternatively, there might be inconsistent policies used throughout the business.

Another common issue is that essential customer data is not always held in corporate IT systems and can be stored by staff on spreadsheets. They may not fully appreciate the implications of the data regulations they need to follow, exposing their organization to additional risks.

The key to an effective – and compliant – data migration project is to manage all the data affected, use processes aligned to the key policies and regulations, and demonstrate that compliance.

So, what steps can you take to address these issues?

Getting control of EUCs

End-User Computing (EUC) applications – applications managed by business users themselves, typically spreadsheets – are used widely, especially where staff want the flexibility and speed that spreadsheets give them and their 3rd party suppliers. They are easy to forget about during a data migration project, as very often, there is no centralized inventory of these applications.

Taking control of EUC-based data in a business change project requires you to find these spreadsheets, identify their risk and importance to the business, and proactively monitor the most critical applications.

Data policy management is also essential. While the vast majority of businesses will have a data management policy, the challenge is ensuring that it is current, accurate, and consistent across the company and fully aligned with the critical rules and regulations. Staff also need to access it easily for reference and demonstrate their knowledge and application of the policy in their day-to-day work.

An effective policy management solution will feature an easy-to-navigate policy library, staff testing capabilities, integrated workflow capabilities, as well as audit tools to demonstrate change control and compliance.

Centralizing data storage

A centralized data store can also support effective data management if data is distributed widely across the business. This may especially be an issue where IT resources are light compared to organizations that invest heavily in ‘Big Data’ capabilities. Use an automated Enterprise Content Management (ECM) solution to collect, collate, secure, analyze, and delete-at-expiry the massive number of files in a modern business.

Another element to consider is how your third and fourth-party suppliers feature in your data management. Innovation and multi-channel customer engagement are driving much customer engagement and fulfillment to third parties. While offering speed and flexibility, these third and fourth parties’ data management needs to marry fully with your own, especially during business changes.

It’s essential you have the capacity to ensure they understand and follow your data policies. It’s also valuable to have early warning should issues arise with their own businesses. Automated reporting capabilities also help manage the outcomes of these efforts.

Entdecken Sie Mitratech GRC Management

Vereinbaren Sie einen Termin für eine Demo, oder erfahren Sie mehr über unsere einzigartige End-to-End-Lösungssuite für Risiko und Compliance.