Data Virtualisation and Data Masking - The road to better compliance reporting for banks

Even the best banking compliance teams will fail to meet their regulatory deadlines when forced to rely on infrequent or slow access to data.

Even the best banking compliance teams will fail to meet their regulatory deadlines when forced to rely on infrequent or slow access to data. Many banks we speak to find the process of compliance data delivery difficult. Accessing and securing high volumes of data from disparate IT systems is manual and cumbersome. This has to change.

As you will be painfully aware, the number of regulations to report on, as has the sheer volume of pages defining each, is growing fast. In the last eight years alone, 40 new Financial Services regulations have been introduced. The average length of a report submitted by banks like yours has increased from 30 pages in the 1980's to 84 pages today. The upshot? More time and resources spent on non-revenue generating reporting.

The solution, as with other back-end banking process, is automation. By automating data security and delivery, banks can speed up testing across environments, rapidly shortening the road to compliance.

It's not just the volume of reporting required by regulators which increases the complexity.  Time is another compliance wrecker. The unplanned nature of ad-hoc reporting for audits leaves only small windows of opportunity for compliance professionals to source, secure and deliver the data required for regulatory audits.

Banker's concerns: the latest data

Reliable and repeatable strategies to cope with ad-hoc reporting may well make differences of billions between the banks who can meet deadlines and those who cannot. Our survey shows the EU's General Data Protection Regulation (GDPR), a non-banking specific regulation which requires ad-hoc reporting delivered to a local Information Commissioner within 72 hours of a data breach, should be high on banks' agendas.

Next on the compliance agenda, according to the bankers surveyed, should be the EU Directive on Security of Network and Information Systems (NIS Directive) and the Money Market Reform. Together with the GDPR, these are the three most troublesome regulations for European Banks to comply with.

Problem understood - what next?

Given that automation and the ability to flexibly adapt compliance regimes is key. Smart data virtualization and masking technologies are worth reviewing. Used together, they can meet the needs from troublesome ad-hoc reporting and shield the bank from potential reputational and real financial damage resulting from compliance failure.

Data Virtualization removes the roadblocks in traditional data provisioning. It no longer takes months to set up new testing environments for each new regulation or audit request and for each new product the bank wants to offer. Data delivery can bypass the limitations of physical databases in terms of storage and access rights. By virtualizing data, multiple testing environments can be created at once, saving valuable time, as developers are not waiting to access one shared environment. In addition, it saves money as the storage traditionally need is no longer required.

Forget the manual - automate

The huge amounts of data held by every bank is dynamic, not static. It constantly changes as customers update details and make payment transactions and investors make new trades. Compliance teams need fresh and up-to-date data to report with, meaning hours, days or even weeks of manual data refreshes. This ups the inconsistencies between production and development data, which results in more errors when it comes to reporting.

By automating the bumpy, bug ridden process of moving data from a production environment to a non-production environment, routinely and automatically refreshing data more defects can be detected and fixed early. 

The tech behind modern data masking

With virtualization, data delivery can be completed within minutes simply by creating limitless virtual copies of near real-time data. However for a smooth compliance journey, data virtualization should come hand in hand with data masking.

Non-production copies, with few exceptions, should never contain sensitive data. Data masking automatically ensures this information is removed. However traditional data masking, where data had to be masked every time it is moved to an application, consumes a lot of time adding to the delays in reporting. Fortunately, tech has moved on. By combining data masking with data virtualization it enables you to not only automate the delivery of the data but the security too.

Your compliance journey should address the complex requirements of data security and delivery. To find out more about how Delphix can help your bank,  click here to download the data sheet.