Long reads

The 3 Key Risk, Compliance, and Governance Challenges for Finance to Tackle in 2021

Ian Raine

Ian Raine

VP Product Management, iManage

Financial services professionals across asset management, investment and commercial banking, insurance, and other subsectors create and manage mission critical information that guides their most important business decisions. COVID-19 and the shift to remote working that followed in its wake didn’t change that; it just added some new challenges.

As financial services firms aim to manage risk and secure and govern their sensitive work product, there are several key trends that they will need to stay on top of in 2021.

Remote Work Doesn’t Mean You Can Store Files on Your Laptop

Working from home, which became ubiquitous in 2020, will persist well into 2021. Pandemic aside, many professionals have become accustomed to this new way of working and may wish to continue in this mode on a long-term basis.

Remote financial services professionals should make sure, though, that they aren’t becoming lax around security and governance measures – for example, storing sensitive files on their local hard drive instead of filing them into a properly secured and governed document management system (DMS).

Non-compliance with DMS policies is a potential minefield for several reasons, starting with the necessity of meeting a client’s requirements around how and where their data is stored, managed, and retained. Regulatory compliance with an assortment of local and national regulations, from FINRA to GDPR, extends the risk of non-compliance, and the continuing saga of Brexit throws in an added degree of difficulty on this front.

Financial services firms will place a premium in the coming year on the ability to proactively spot employees who aren’t actively using the DMS and are storing their content in unsecured repositories. This ability to identify non-compliance with DMS filing procedures will be non-negotiable, as long as remote work remains a part of the financial services landscape and IT teams are faced with an ever-increasing number of diverse endpoints to manage.

If a Sensitive File Leaves the DMS, Is It Still Protected? 

A DMS provides a good way for financial services organisations to secure and govern their sensitive and confidential documents and emails – but what happens when that file leaves the DMS?

For example, suppose a commercial banking professional wants to share key documents and financial models with clients and external parties. Or maybe a fund manager wants to streamline the research and collaboration process by making sure early drafts of proprietary research reports are circulated to key stakeholders, enabling better decisions in the face of rapidly fluctuating markets.

For particularly sensitive content like this, there will be increasing interest in ensuring that protection travels with the file so that it’s properly secured and governed while it’s “out in the wild,” outside of the DMS.

Customers will seek out ways to make this added layer of security an easy and frictionless step, so that the end user hardly even has to think about it; instead, it’s just something that automatically “happens” whenever a file that has been categorised as particularly sensitive leaves the DMS environment.

Walking the Tightrope of Security and Knowledge Sharing

Financial services firms are under increasing pressure to implement measures like need-to-know security to help protect their sensitive and privileged content in the event of a breach, and it’s not hard to understand why. 2020 alone saw breaches at fintech firm Finastra, currency exchange Travelex, and established players like Scotiabank, to name just a few financial institutions who were impacted.

There is a careful balance, however, that firms need to strike between security and knowledge sharing.

Lock content down too tightly and professionals who can no longer find contracts, proposals, or intricate spreadsheets that they could leverage as a starting point for their own efforts might rebel and say, “We can't find the content we need; this approach is too constraining for us.” Open the system back up too much, and you have greater risk in the event of a breach.

In 2021, financial services customers will look for innovative ways to get the balance right between security and knowledge sharing. This will require a combination of technology and process alike – both must play a part.

As long as financial services firms remain prime targets for hacks and breaches – and rest assured that they will, because bad actors reliably go where the money is – there will continue to be a need to segregate content and lock it down.

The challenge is finding new and creative ways of ensuring that knowledge continues to flow throughout the organisation, despite the barriers that are put in place for enhanced protection.

Ahead of the Game

On the risk management front, financial services firms have their work cut out for them for 2021. But by paying attention to the right trends – including the need to ensure remote workers are storing files in a secure and governed location, the growing need for protection of documents outside the DMS, and the need to balance security and knowledge sharing – they will put themselves ahead of the game and ensure they aren’t tripped up by the thorny security and governance challenges the industry faces.

Comments: (0)