The growing number of quality standards and regulations (industry-specific or not) mean companies must meet certain compliance criteria directly or indirectly impacted by the quality of data in the systems.

Businesses face many regulatory frameworks and potential risks that require the maintenance of extensive reporting mechanisms and specific processing and handling activities around critical customer master data such as details related to bank accounts, contracts, and contract conditions. In the finance, Insurance, retail, health and pharma segments, regulations vary from country to country but the message is largely the same – you need to know what data you have and you need to be looking after it properly.

Failure to take necessary steps to protect the data can lead to a variety of punitive measures being imposed by the authorities. This is separate from any personal liability claims that might be brought by individual members of the public in relation to incorrect or inappropriately handled customer master data. Appropriate management of customer master data is therefore essential not just to ensure that there are no negative financial implications but also to ensure the preservation of the organization’s reputation.

How a CMDM helps with compliance

A customer master data management system gives businesses a single reference point or single customer view. This can be of help when trying to meet compliance expectations by describing the records held, the content of the records and enumerating the evolution of those records over time from origin to current state.

A well-designed master data management platform makes it easier for businesses to audit and standardize their view and understanding of the customer across the many data repositories that they might have including data warehouses, transactional systems and other data sources that might use different technologies in different business units and geographies.

A centralized customer master data management platform offered under a PaaS or SaaS model is a continuous duty system by nature and backed up in alignment with best practices and all necessary regulatory requirements. Features that you can expect include the identification and optional removal of duplicate records, the maintenance of strict standards in relation to data quality and the presence of a user permissions hierarchy to ensure that only those who should have access, do.

Right to Erasure

Under European GDPR policy, the ‘Right to Erasure’ gives users the right to have their records erased from databases to meet privacy requirements. When you have the customer master stored in many places this is a difficult requirement to meet.

It is also amongst the key components under California’s CCPA framework and other frameworks of a similar nature exist in other geographies globally.

Removing customer information from your records, or even correcting it, is more straightforward when you have a centralized customer master data management system. In some cases, people want to remove only publicly recognizable information from the available channels, but this can become tedious if such information is expressed differently in a different system with no interconnected golden thread that forms a unified reference point.

For either removal, correction or suppression of data, having a master data management reference point is operationally more efficient and better supports the ability to be compliant. The CMDM platform offers that unique point of reference for each database. This means that compliance activities can quickly identify data quality issues, make the necessary changes and get those corrections syndicated across departmental and downstream systems in the organization.

KYC compliance (Know Your Customer)

All financial sector organizations must submit customer information to regulatory authorities, often before providing the person or organization with financial services. Regulators are quite strict on the importance of customer record quality; incorrect measures in an organization can risk exposure to compliance penalties, places assets at risk and also introduces reputational risks. The Dodd-Frank act overhauled the US financial regulation system and while some of the act’s regulations were rolled back by the Trump administration the new regulations being implemented at the individual state level and in Europe provide sweeping new protections for citizens that organizations need to subscribe to.

Financial institutions and Fintech companies that build secure systems and processes to collect and submit KYC data to authorities enjoy benefits over their competitors not only in terms of the quality of the data that they hold, but also the costs associated with maintaining their compliance, and of course the risks associated with specific accounts. A CMDM platform can help businesses centralize KYC information and make it easier for them to meet regulator screening requirements. According to Deloitte’s 2020 banking and capital markets outlook, “wealth managers are grappling with the rising cost of compliance and increasing focus on KYC/AML and data protection” something which a CMDM can surely help with controlling.

Meeting the requirements of compliance rules is also often time-consuming for businesses. For businesses that have been in the business for decades, this is particularly hard when they have ageing infrastructure and long-established customer data management practices.

Enterprise-level master data systems prioritize security and industry compliance, admittedly at a cost, but this cost is often more transparent than the many hidden costs associated with ad hoc and unstructured, even perhaps uncoordinated data management practices. CMDM helps businesses implement and comply with data quality standards and implement policies on demand.

If you’re challenged by compliance worries around your customer master data management, why not reach out to Pretectum today and find out how we can help.

We are all conscious of our digital selves and how much of who and what we are is visible on the internet, there’s a seedy underbelly that’s perhaps less known to many of us, particularly if we are not part of the hacker community. We’re also well aware that the likes of Cambridge Analytica and the Facebook fiasco, led to bad actors targeting ordinary consumers (and voters) with false narratives and targeted messages to manipulate the thinking and perspectives of the general public.

More recently you will have noticed that almost every site that you visit, now asks that you give your explicit consent to having them track your interaction and browsing on the site and potentially other sites too. Signing up for electronic newsletters has become as onerous or as legally webbed, as applying for a credit card, and just as for the credit card T’s and C’s, the degree to which we all read the fine print is likely very small.

For years we have assumed that businesses would store our details responsibly and not expose our information and especially our unique identifiers, email address, and vitals to those who might engage in nefarious deeds.

Despite the fact that there have been many data breaches, it is surprising then, that many companies still do not appropriately secure their customer data. This securing of data should be thought of in the context of being a defence strategy. This is not unlike a gate and perimeter fence to property or controlled borders of a country.

Adequate data security, quality, and access control combined with meeting the rigours of compliance are data management defence measures and they’re a critical part of ensuring that customer data is held appropriately and securely.

“The only defense against the world is a thorough knowledge of it.”
― John Locke, English philosopher and political theorist

Every time identity-related data or personally identifiable information (PII) is stolen or leaked and then abused, it is the companies that carry the cost burden. As a consequence, it is very important to take on defensive data management measures to neutralize risk and threats.

Poor data quality and poor data security ultimately carry a cost that is often greater than simply monetary values. Miscommunication or inappropriate communication from poor data quality and the more serious loss of data as part of a data breach, all damage the reputation of a brand or organizational identity which in turn can lead to the immediate loss of trust between your company and its customers.

Some of the more rigorous compliance expectations that your business should be adhering to, under the various regulations, include lawful possession of data, fairness in the use of that data, and transparency about the data that you have. Some other requirements are that you only use the data for its originally agreed purpose, that you only hold the absolute minimum of data that you need, that you retain it only for so long as you previously agreed or until the data no longer serves its original purpose, that the data be correct and proper and not exposed publicly and that if any of these facets are not adhered to, that the persons to whom that data relates, will be appropriately informed.

The fines and penalties associated with violations and failures can be extremely punitive and actually put organizations out of business.

The Pretectum Customer Master Data Management platform addresses aspects of this defensive strategy by offering five key characteristics to the customer master data management practice that support your CMDM function in being compliant.

Encryption – all data stored in the Pretectum CMDM platform and as such, data at rest, is encrypted by default in a secure database

Access Control – all access to objects within the Pretectum CMDM platform is granted through a “least permissions” model and is granted to users via an identifier with an accompanying password for UI access, and the same with a token via API. Users are then further restricted based on a hierarchy of permissions based on the organizational assignment and very fine-grained permissions within that organizational assignment.

Identifiable users – all users are identified by way of an email address that is part of the domain associated with the Pretectum platform subscription.

Data Quality built-in – depending on the way schemas are defined, all data either confirms or conflicts with self-defined business rules and configuration. The ability to observe the compliance of a given record with the specific rules defined, is observable at every stage in the platform.

Verbose Auditing and change logging – a verbose history of changes and events is tracked for all data and all objects in the platform including changes to user permissions and access.

To learn how the Pretectum Customer Master Data Management platform can serve you best in your defensive data management endeavors contact us today.