In our increasingly digital world, teams of all sorts are at the forefront of managing the opportunities and challenges that data now presents. Our ability to responsibly, efficiently and securely handle data is not only an important competitive advantage, it can be existential to firms of all shapes and sizes.
In the 6 months between July-December 2023, several industries witnessed a staggering 19% increase in data breaches. Regulators have been taking note of this growing threat and increasing their focus on resilience, preparedness and enforcement across a multitude of data handling contexts. So, to say that our ability to manage our customer’s data in this environment is a high priority, would be an understatement. With legacy processes, systems, and technology adding to the challenge, it’s easy to understand why many firms continue to see data sharing as a key challenge in the years ahead.
Whether you’re managing a transition away from disparate data stores, trudging through a plethora of incompatible data formats or looking for better ways to protect your customer data, having an effective data strategy is about more than simply where the data ends up.
We’ve outlined five key challenges to building a data strategy that places sharing, collaboration and team-enablement at its core, plus tips on how to tackle them effectively, improve data sharing and ultimately increase productivity.
1. Defining Your Data Sharing Needs
The most common hurdle to successful data sharing is often a simple lack of clarity. There are good intentions to tackle the issues all at once, but without a clear understanding of where the data flows (internally across departments or externally with partners), its purpose, and the access requirements, it's difficult to determine what security measures and access controls are appropriate. This lack of clarity can quickly lead to confusion and problems.
Departments also have a habit of working within silos, storing that only assists within their own teams. But what about internal and external party requirements? How would they need to use the data and what format would work best for them? In payments, teams often need to collaborate on shared data. For example, payment and compliance teams often share information to process payments and fulfil regulatory obligations. Data sharing is often also required with external teams, you may want more information from your customers about the purpose of a payment, or your banking partners may want that data from you. By taking the time to understand these needs, we can ensure smoother data sharing for everyone.
Tip: Start small and clarify your objectives
Start by taking stock of your data situation. Identify exactly where data is needed, why it's important, and how it will be used.
Then, choose one specific problem to tackle. Map out who needs access to what data for that problem. Highlight any potential risks or legal issues that could slow things down. Think about the different ways people might need to use the data. This will help you determine the right security measures and access controls. The goal here is to give everyone the data they need, while still keeping sensitive information safe.
Once you’ve mapped the first problem, move to the next. If you come across a complicated set of data, break it down into objects, categories or types of data. Look at similarities in the models to identify how much structured vs unstructured data you have and lean on the information you’ve gleaned from other problems. Tackling issues one by one will help prevent feeling overwhelmed and reduce complications.
2. Overcoming Collaboration Roadblocks Caused by Data Silos
Data exists in different formats across numerous internal and external teams, and the reasons why parties need data is not always clear. So much disparate data leads to data silos. These occur when different parties have ‘hoarded data’ which is difficult for others to access and utilise. These silos create information bottlenecks causing inefficiencies, missed opportunities and even conflicting decisions across departments, ultimately hindering the ability to gain a holistic view of the business.
Tip: Break through data silos
The key here is to create a “data collaboration ecosystem”. This connects numerous data sources, providing teams with one single way to access and share information seamlessly.
We see two common problems that most businesses face today:
Data is scattered everywhere, and no one knows where it is, how much there is and who owns it.
Data is stored all in one place, limiting collaboration and encouraging manual sharing and over-engineered security.
Because of this, businesses are typically only using data to glean some basic statistics or trend analyses, and missing out on the value of data to solve problems! Instead, focus on sharing the rules of engagement, and not just the data you need. Look to build a sharing ecosystem that puts access and collaboration first. In financial services, participants need greater access to data, including regulators, customers, counterparties, and internal departments across risk, compliance, operations, and customer success. This means that it is important to protect the underlying data, instead of gatekeeping the data storage systems themselves.
We need to enable greater control and oversight of the data itself, and not the data store. This simply cannot be achieved when data is shared using email, spreadsheets, and other manual handling. The result? Increased operational transparency, efficiency, and even stronger security and compliance.
Within this ecosystem, understanding why data is required is crucial. Does every team need all the data? What about Personally Identifiable Information (PII)? Can the data be broken down by role? Exploring these questions can reveal overlap and highlight areas needing additional security.
Finally, when managing sensitive data like customer information and PII, remember: less is more. Requesting only what's truly needed reduces the risk of cyberattacks and data breaches.
3. Navigating the Trade-offs Between Security and Accessibility
Data privacy and security regulations are becoming increasingly stringent, making it crucial to prioritise data security throughout the sharing process. Overly restrictive access controls can stifle collaboration, but uncontrolled data access is a serious security risk that can be triggered by something as simple as unknowingly emailing sensitive information to the wrong department. It can be easy for organisations to lose control over who has access, where and how it is being stored, and when it needs to be removed. Striking the right balance between security and accessibility is a constant challenge for every business.
Tip: Identify existing data sources
One of the biggest challenges of an effective data sharing strategy is duplicate data scattered everywhere, creating ‘data pollution’. To fix this, start by identifying all the existing data sources within your company. Then, create clear sharing agreements based on how the data is used, workflow rules, and attributes. This way, everyone can access the right information without creating unnecessary copies. Plus, it saves money and reduces confusion.
Tip: Implement Attribute-Based Access Controls (ABAC)
Controls that focus on roles are typically all or nothing when it comes to sharing data sets. Making use of an ABAC approach gives you greater granularity of control over who can see what, without the admin overhead of creating custom or bespoke data sets that need to have information removed. By taking an ABAC approach you define your data attributes and specify who can see what types of data, such as PII.
For example, a compliance team may have access to the underlying PII such as ID information that is sent with a payment, but a customer accounts team may only need access to high-level transaction data without the PII.
A granular ABAC approach allows you to ensure that sensitive information is only accessible to those who truly need it without limiting access to other information within the data sets. This method also improves protection against data breaches and unauthorised access, with the added benefit of having detailed logs for every data interaction—crucial for compliance obligations and security audits.
4. Tackling Data Inconsistency and Incompatibility
This is a frequent complaint we hear from businesses attempting multi-party data sharing. Inconsistent and overlapping data formats across departments and partner organisations can create significant roadblocks. The need to continuously navigate various compliance, legal and internal requirements over time can lead to data being stored in spreadsheets, databases, legacy systems or third party cloud systems, each with its own formatting conventions and data types.
Additionally, there are many different data models in the payments world to support. There are different data models depending on the payment rails and payment instruction methods, reporting obligations across AUSTRAC, ASIC, and APRA also have their own proprietary data models.
This inconsistency makes it difficult and expensive to accurately match and integrate data, particularly from multiple sources with many entry and exit points.
Tip: Leverage data mapping and standardisation tools
Understanding your obligations for sharing, storing and securing data is critical. Consider how the data needs to be treated, stored and transmitted. Look to inhouse experts like your data or technology teams who may provide guidance on best practices.
Once you’ve grasped your obligations and business processes, refer to industry tools to boost productivity:
Data mapping tools can automatically translate data elements from one system to their corresponding elements in another - think of it like having a universal data translator, allowing seamless communication and exchange regardless of the source format.
Data standardisation tools on the other hand can help establish consistent formatting standards across multiple teams. This could involve defining common units of measurement, date formats, or customer ID structures. By implementing these standards, businesses can simplify data sharing and integration across the multiple parties involved.
Tip: Avoid building one data model to rule them all
It can be tempting when using multiple data sources that are roughly about the same thing to combine them into one “easy to use” singular data set. A better approach is to create a translation layer that makes it easier for you to move from one data model to another, which will also allow you to add additional data models over time without needing to throw your singular data dictionary away and start again.
5. Reducing Waste in Manual Data Mapping
Manual data mapping, the process of translating data between different systems, is a tedious and error-prone task. Data sharing is too easy to get wrong, exposing organisations to costly repercussions in a world where data risk is growing. A data analyst can spend weeks manually mapping customer data because the systems use entirely different formats. Not only does this kill time but also introduces the risk of human error during data translation. Many data mapping tasks are often treated as one off, but are typically part of some broader context or mission critical need. Getting down to that need will help you reduce the time spent on “one offs” and help you build a more sustainable approach to managing access to your data sets, especially when much of that data can be highly sensitive.
Tip: Build data sharing workflows that work for you
While we may think about data in terms of processing, storing and transmitting, the data lifecycle is often multi-faceted. Once you have sent or received data, work out what upstream and downstream processes or obligations you need to be aware of, and where possible - automate it! Avoid the dreaded “one off”.
Composable workflows can be built by combining pre-defined modules, and customised to automate repetitive tasks. This can streamline workflows by automatically translating data from different formats, eliminating manual mapping and reducing the risk of errors.
Be aware of your data requirements! If you need to keep data for seven years to meet a regulatory requirement, you should ensure data is destroyed after that time period, not left to languish and increase your data risk profile. You may also have obligations to notify external parties that data has been stored, removed or shared. Ensure you know who these parties are and when you need to notify them. This will guarantee you meet your regulatory obligations and reduce your data risk profile.
Navigating multi-party data sharing is no small feat, especially with the variety of data types and stringent compliance needs in today's financial services environment. By addressing these key challenges, teams can significantly enhance operational efficiency and security, experience boosted productivity, free up resources, and improve collaboration and compliance standards.
