Navigating the Future of Data Governance: Insights from ACA on Nasdaq TradeTalks

Carlo di Florio, Global Advisory Leader at ACA Group, recently joined Nasdaq TradeTalks to share his expertise on the critical role of data governance in the financial services industry. Carlo's insights covered the importance of strong data governance, the challenges faced by firms, and the impact of artificial intelligence (AI) and generative AI (GenAI) on data management. Here are the key takeaways from the panel.

Below we highlight what was discussed during the conversation.

The central role of data governance

The discussion emphasized that robust data governance is essential for financial services firms. It goes beyond merely managing regulatory risks like privacy and cybersecurity. Strong data governance helps firms manage their entire business more effectively. When a firm knows what data it has, where it is located, and how it is controlled, it can more easily design and implement new controls in response to regulatory changes.

Why data governance matters

Data governance is not just a regulatory requirement; it is a business imperative. In financial services, where data drives decision-making, operations, and customer interactions, having accurate, consistent, and secure data is vital. Without strong data governance, firms can face significant risks, including operational inefficiencies and regulatory penalties.

Data governance challenges

The panel pointed out several challenges firms face when implementing effective data governance:

1. Evolving technology: Keeping up with rapidly changing technology can be difficult, especially for smaller firms.
2. Operational hindrances: Sometimes, the safest data governance approaches can hinder business operations.
3. Data volume: The exponential growth in data and metadata can overwhelm firms if not managed properly.

AI/Privacy regulatory updates

Several key regulatory areas impacting data governance that were worth highlighting are:

1. SEC’s Regulation S-P Amendments: These amendments clarify the U.S. Securities and Exchange Commission’s (SEC's) expectations for investment advisers' cybersecurity programs. Firms must conduct drills, oversee vendors, classify customer data, and ensure robust data protection by 2025-2026.
2. EU AI Act: Passed in March 2024, this act provides safeguards for general-purpose AI, limits the use of biometric identification, bans social scoring, and ensures consumer rights.
3. UK AI Framework: Adopted in February 2024, this framework sets principles for AI use, including safety, transparency, fairness, accountability, and contestability.
4. Consultation Papers by the U.S. Treasury and European Commission: These papers seek input on AI use in financial services, informing the Financial Stability Board's work on AI.

Conclusion

The discussion underscores the importance of strong data governance in the financial services industry. As firms navigate the complexities of evolving technology and regulatory landscapes, robust data governance frameworks will be essential. By staying informed about regulatory updates and leveraging AI responsibly, firms can enhance their data governance practices, ensuring both compliance and business success.

How We Help 

Countries across the globe are warning financial firms of the risks inherent with using AI, and in some cases, taking decisive action to establish rules for how advisers and financial services firms are using AI. Firms need to be aware of this as they begin integrating AI tools into their work. Compliance and cybersecurity leaders should not only begin preparing the documentation necessary to satisfy the SEC, but they must take the initiative to educate the firm on the potential legal and regulatory risks associated with the use of AI. 

ACA's regulatory compliance, cybersecurity, and privacy consultants can help clients meet the evolving challenges of AI risks through the following services: 

• Cybersecurity risk assessments, which explore the usage and risks of generative AI.  

• Templates and guidance on acceptable use policies for generative AI that can be tailored to the organization. 

• Tabletop exercises designed to simulate generative AI risk scenarios. 

• Enhanced vendor due diligence offerings that evaluates vendors’ use of generative AI  

• Expert guidance on privacy and regulatory issues that are raised through the use of AI.  

To learn more about the SEC’s recent AI rulemaking and examination sweeps, or how ACA can support you to enhance your policies regarding the use of AI, please don’t hesitate to reach out to your consultant or contact us here.