Following the publication of the Basel (II and III) and Solvency Regulations, implementing Governance, Risk and Compliance (GRC) practices within financial institutions has gained predominance. To meet the challenges of data governance stated in the pillars of these regulations, companies have multiplied their efforts to recruit the best in GRC concerning Risk Management, Internal control, Internal Audit and Compliance.
According to a study conducted by the consulting company Optimind Winter and mandated by the Observatoire des métiers de la Banque (Banking Career Observatory), “Banking companies are also victims of new risks and must create new job profiles to deal with these new challenges. GRC departments must face new challenges, such as coverage of systemic risk, development of Cloud Computing or Mobile Bank (technological nomadism).” Here, we refer to digitalizing the banking sector and using the Internet to manage personal bank accounts. Banks and insurance companies have thus implemented solutions to protect their customers’ data against cyber-attacks. While the efforts made to secure customer data have proven effective, the threat now lies within financial companies in their daily workflow.
Along with new working methods, a new phenomenon has emerged, known as “Shadow IT,” which is any application or method of transmitting information used in a business process without the endorsement of the internal IS department. Often unaware of its existence, IT departments don’t provide any support. Such processes generate "informal" and non-controlled data that can contravene existing standards and regulations such as Basel and Solvency. Continue reading