Gain full visibility across your data landscape, find meaning in your data and improve the quality of business decisions.
Discover and download solutions and pre-built integrations for the Collibra Platform.
Get unparalleled value through the combined expertise and unique strengths of our people and technology.
See how security plays a key role in everything from how we build and deliver our platform to how we hire and train employees.
Collibra Privacy & Risk
Discover and understand data that matters so you can generate impactful insights that drive business value.
Understand your ever-growing amount of data in a way that scales with growth and change.
Show how data sets are built, aggregated, sourced and used, providing complete, end-to-end lineage visualization.
Build customer trust by operationalizing privacy policies and scaling compliance across new regulations.
Modernize your operations with a solution that is scalable, accessible and resilient: data in the cloud.
Drive digital growth and customer engagement by breaking down data silos and adding value to customer interactions.
Fuel your self-services analytics with the right data to develop unique business insights.
Innovate for the future while successfully navigating the complex web of regulations.
Transform decision making in the public sector with secure Data Intelligence that is FedRAMP Authorized.
Cloud ready data
Government and public sector
Tap into our knowledge base by connecting, sharing and learning from your peers in our Data Citizens community.
See how Collibra is helping global organizations unlock the value of their data.
Find the resources you need to accelerate time to value and fuel your growth.
Learn from the leaders in Data Intelligence through our individual courses, learning paths, and certification programs.
Data Citizens '20
Take your data strategy to the next level by arming yourself with the knowledge you need to achieve Data Intelligence.
Get advice, tips and tricks from our product experts and industry thought leaders to learn how to make your data meaningful.
Join the world’s largest virtual gathering of professionals focused on empowering businesses to deliver on strategic goals through Data Intelligence.
Check our upcoming events calendar to discover exciting opportunities to learn from our product and industry experts.
Connect the right data, insights, algorithms and people to optimize processes, increase efficiency and drive innovation.
Read our latest announcements, news coverage and thought leadership articles.
Find an opportunity to challenge and be challenged, and work with some of the most talented people in the business.
Get in touch with a member of our global team by locating an office near you, calling us or sending an email.
Seizing an opportunity to improve data relationships with third parties
Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. They are creating a layer of rules about third party risk, operational resilience, and cybersecurity that go above and beyond new data privacy laws such as the EU’s GDPR and California’s CCPA in their impact. And as with personal information regulations, the rulemaking has only just begun.
Financial services firms should also be looking closely at data, including sensitive personal information, within third party data relationships too – but not just to meet compliance goals. Approached in the right way, these new regulatory requirements can open the door for organizations to consider taking a more strategic approach to their data relationships with third parties. Data is the water that enables digital transformation to flourish and so ensuring an organization has a robust approach to managing its data, including personal data, within third party relationships can morph into a competitive advantage. For example, FinTech and RegTech companies are very interested in working with companies that have a strong framework for managing data, including personal data.
There are several areas that the international financial services regulatory community is engaged in that touch on third party personal data relationships. First, regulators are talking a lot about “operational resilience.” For example, after an incident such as an IT failure, flood in a data center or a cyberattack, organizations need to be able to continue to function at a level that doesn’t cause harm to customers, the company, or the financial system. This means that third parties, particularly critical ones, need to be able to recover too. Data – especially personal data – must be kept safe and secure and be able to be used operationally after an incident. To achieve this, many relationships between financial firms and third parties will need to deepen into real partnerships.
1) Regulators are publishing prolifically on this topic. In December 2019, the UK Financial Conduct Authority (FCA) issued Building operational resilience: impact tolerances for important business services . In the EU, Digital Operational Resilience Framework for financial services: Making the EU financial sector more secure came out. In January, the US’s Office of Compliance Inspections and Examinations (OCIE), part of the US Securities and Exchange Commission (SEC), published Cybersecurity and Resiliency Observations. This follows revisions to the US Federal Reserve’s FFIEC Information Technology Examination Handbook in November 2019 to focus more on resilience.
2) Regulators are also looking more closely and explicitly at third party data relationships in their own right. For example, in December 2019, Outsourcing and Third Party Risk Management was launched by the Bank of England. This follows the EU’s European Banking Authority Guidelines on Outsourcing Arrangements, which came into force in 2019, and guidance on third party risk management from the US Office of the Comptroller of the Currency, which was updated in 2017.
Regulators are keen to protect data flows between financial firms and third parties throughout the whole relationship lifecycle — for example, firms are able to audit third parties for compliance with data relationships and privacy rules, and third parties are required to delete an organization’s personal information databases at the end of a relationship. Regulators are also looking more closely at how data, including personal data, is stored and shared in the Cloud. They are concerned that the concentration of data stored with a small number of Cloud providers could morph into systemic risk in the wake of a cyberattack, for example.
3) Regulators are worried about cybersecurity and the robustness of technology systems in general. For example, the UK’s Financial Conduct Authority (FCA) noted that IT failures at third-party suppliers are the second highest cause of disruptions to services, triggering 17% of incidents reported in October 2017 and September 2018. And the UK parliament held a series of hearings into a recent string of IT failures at banks in the country that pointed to the need for firms to invest more heavily in upgrading the technology they use, including the way they store and use data.
All of this work – on operational resilience, third party risk, and cybersecurity, is being fostered at the Basel Committee on Banking Supervision and Financial Stability Board levels, which means they are topics with forward momentum.
To meet these new compliance requirements, firms will have to become better at managing their data relationships with third parties, particularly when it comes to personal information. However, putting in the effort to develop the right approach to these relationships can bear additional fruit.
Many financial firms are finding that to embrace digital transformation fully, they need to partner more with FinTech and RegTech companies. Others are realizing that they need to outsource critical services to specialist service providers.
For these companies, achieving Data Intelligence can transform the amount of value that these relationships are capable of delivering. In such a relationship, both the firm and the third party need to be able to:
These three key elements of Data Intelligence can dramatically change how financial firms and third parties manage their data relationships, including personal data.
In short, financial services firms need to look beyond the new compliance demands that are evolving around data, toward achieving Data Intelligence within their third party data relationships. By taking this approach, companies will be able to embrace the opportunities that can lead to true digital transformation and generate real shareholder value.
© 2020 Collibra. All Rights Reserved.
A message to our Collibra community on COVID-19. Read more from our CEO.