The 3 data governance priorities for Financial Services in 2021


The 3 game-changing data governance priorities for Financial Services in 2021

Report Methodology

The insights shared within this report were acquired during a virtual roundtable discussion with a select group of security and data governance specialists, and customer experience and innovation leaders. Working for some of the world’s largest financial services organisations, they serve millions of customers and seek to find ways to use data to both protect and power the business. The event was hosted by Exonar and chaired by Johnny Spragg, managing partner and co-founder at Connect Media Consulting.

Present at the event were:

  • Danny Reeves, CEO, Exonar.
  • Head of data and security at a leading international savings and investments business.
  • Head of customer and cx management for a retail bank offering a range of banking and insurance products.
  • Group data operations director of a major insurer.
  • Head of data standards and governance strategy for a global enterprise providing investor services for some of the world’s largest financial institutions.
  • Head of data management risk at a multinational investment bank and financial services company.
  • Head of digital and innovation at an international company that’s recognised as a centre of excellence for funds banking and depositary services in Western Europe. 


Priority 1: how to enable working from home

As COVID took its hold in the UK, the Government enacted powers the country had never before witnessed – directing people to work from home wherever possible. It meant that overnight organisations were forced to deliver new ways of working. In financial services, 70% of employees worked remotely during lockdown.¹

Considering these are highly regulated organisations, wrapped up in red tape and under the watchful eyes of the regulators, this is an impressive achievement. The head of data management risk explained what this looked like in practice:

“We were shipping large volumes of laptops across the world. And there would be managing directors jumping in the back of taxis to deliver them to some very remote destinations. But we were up and running within the week, it was amazing.”


For the lucky few that had already embraced remote working, the transition was a little less disruptive. As the head of data standards and governance strategy explained:

“Pre-COVID we were quite flexible with working from home and most people did it a few times a week. I feel we did well enabling remote working because it felt like a seamless transition.”


Faced with the crisis, financial service organisations were able to cut through huge swathes of bureaucracy to spin things up quickly, so they could continue serving and protecting customers within a world of uncertainty.

However, as our head of data management risk said,

“We were able to cut down bureaucracy during the pandemic, but then the question was how to control that new environment?”


The devil is in the detail

In many ways, telling people to work from home was the simple bit – the real challenges emerged as people tried to continue with business-as-usual:


Handling data

While the majority of our participants had a blanket ban on printing at home, the head of data and security highlighted this wasn’t the case for all:

“Before, people would send information home so we’d closed those incident paths. But people still need to print, so how do we control the physical copies of information?”


Without people physically in the office, it becomes much harder to control and retain oversight of what’s happening with the data. This is when it’s critical that data policies have been embedded into the operations.

Our head of data management risk shared how they had ramped up supervisory efforts, to ensure that remote workers were aware of their regulatory obligations when working from home.

“Nearly a quarter (24%) of UK COVID-19 homeworkers claim they ‘rarely or never’ consider data protection issues when sharing information – despite nearly three quarters (72%) claiming to need to access, share and receive sensitive customer information to do their job.” 

Source: Exonar research conducted amongst 2,000 people in the UK working at home due to Covid-19²


Sharing data

But the challenge isn’t just with internal data. The head of customer and cx management expressed how their customers are sharing more data and the challenge it creates:

“Our customers want to share more data to help with chargebacks and disputes. But rather than come in a pre- defined web form, they’re sharing copies of information. So how do we ensure this data becomes structured and therefore secure?”


The head of data standards and governance strategy had experienced similar issues with customer data.

“The way our clients need us to report has changed. We’ve looked at digital tools for a while, but the pandemic has certainly expedited things. Now we have the ability to spin things up in digital areas very quickly.”



Collaborating on data

Employees may have been working remotely, but they still needed to communicate and collaborate.
All of our participants said they were using tools
like video conferencing to stay connected. But this presented challenges of how to protect data while still openly working on it. As our head of data and security explained:

“Our people have been keen to collaborate using Teams, including with third parties. While you’re in that meeting space, you can control who has edit rights. But what happens after the meeting, when that document is passed to someone else? These collaboration channels may have always been there, but we’ve never really thought through how they would be used before.”


Our head of customer and cx management agreed. He said:

“COVID and working from home created more internal challenges round collaboration. Before we’d traditionally meet external people in the office, but now we have to do that through Teams. It’s created a new challenge for the operating model in how to collaborate in a controlled way, and how to achieve the equivalent of white boarding.”


And one participant went further, sharing how his organisation had used Zoom to virtually collaborate with customers for the first time.


Adhering to data policy

Financial organisations have had to show remarkable agility during the crisis. As previously said, this has involved cutting through much bureaucracy. But for some, it’s involved cutting through the policies that exist to protect the data, the organisation and the people it serves.

“We’ve had policy deviation requests that were approved,” said the head of data management risk. “For example,
we had traders working from home, which can incur the risk of collusion because we can’t monitor voice calls on personal devices in as much detail as we’d have on the trading floor.”


How to achieve it: regain control

In the midst of the crisis, organisations were busy responding to the latest daily developments, desperately trying to support a stressed workforce and anxious customers, within an uncertain environment. But with light now on the horizon, and the promise that things will look much brighter, organisations are afforded the opportunity to start relaxing into their new way of working.

“Bureaucracy is now ramping up as organisations attempt to lock down data that is flying all over the place.”

Danny Reeves, CEO, Exonar


But taking the pressure off is perhaps the worst thing to do. As the head of data management risk explained:

“In the crisis we were really able to pull together as a collective and make an enormous impact very quickly. But when the pressure has gone, things slow down and bureaucracy starts to creep back in.”


Now is the time that organisations should prioritise embedding their new ways of working to maintain that agility for the future.

Even before the crisis, 80% of employees expressed their desire to work from home³. After having that wish granted, many will be reluctant to return to the office.

“People’s expectations are a lot more now, so how do we implement working from home permanently?”

Head of customer and cx management


According to our head of data and security,

“We’ve had more interest in working from home, either full time or part time, and we’ve seen BYOD has increased. But this changes the protection model and how we contain data as it moves from a corporate to personal space – the strategy shifts to digital management over perimeter controls.”


Things to consider...

  • Where new digital initiatives were enacted quickly, make time now to revisit them, embed them in properly and mitigate
    any risks that may have been overlooked.
  • Remote working will form part of ‘the new normal’. Evaluate what has/hasn’t worked well during 2020, and ask people for their ideas on how to improve for 2021.
  • Look at how you ask customers to share information with you. Think about how you could spin up a digital product to capture unstructured data in a structured way.
  • Get to know your collaboration tools and share that knowledge. Most platforms offer far more functionality than just
    video conferencing that will enrich the meeting experience.
  • Revise your data policies for a remote and distributed workforce. Is there anything you can learn from how your peers have adapted their policies?


 Priority 2: the reacceleration of GDPR

Leading up to the GDPR deadline, organisations were fixated on the potential fines that the Information Commissioner’s Officers could inflict for non- compliance – up to 4% of the annual global turnover. But there’s a broader financial threat they didn’t see coming: consumer litigation.

2020 has been the year that we’ve seen a rise in consumers taking large corporations to court for failing to protect their personal data.

In one case against Oracle and Salesforce, a ‘Privacy Collective’ is asking for a €500 payment for each user who has not consented to the use of their sensitive personal data, which would equate to €10bn in fines. While another claimant is seeking action against Google, which it claims has unlawfully targeted up to 5m children on YouTube. If successful, those affected would be awarded £2bn.

“We’re seeing the reacceleration of GDPR with the ambulance chasers now going after data breaches. The challenge is that hackers are getting smarter and the volume of data just continues to grow,” said Danny Reeves. “We’re seeing it an awful lot – companies are coming to us after suffering a breach because they have no idea what was in their compromised data. It’s a huge risk. And once we’ve scanned their data estate, there’s always shock at what we find. For one insurance company we revealed customer data relating to a business they’d sold 4-years ago.”


Data fatigue has set in

Data governance is a critical component of every organisational strategy because it can protect and power the organisation and the people it serves. And yet ongoing frustrations and struggles are preventing many organisations from realising success with data governance.


Ongoing regulatory changes

Over the last 3-4 years, financial service companies have endured endless regulatory changes. And while there’s been a lot of hard work behind the scenes to ensure compliance, at times it can feel like you’re walking through treacle. As the head of data management risk explains:

“More and more we’re seeing data fatigue in the organisation. We’ve done lots of data governance to keep up with the regulatory changes, but it’s not really fixed the problems in our data. We’ve still got data quality issues, there’s reporting gaps, and the run rate is not fast enough. And then this makes it really hard to draw a bridge to create value through digitisation and the customer journey.”


Exonar’s CEO shared insights from a conversation he had with an NHS trust, which typifies the main struggle most organisations have:

“They’re frustrated. They’ve spent so much money on the data warehouse but they still don’t know what’s inside.”


Fighting defensive mode

For a lot of organisations, particularly within
financial services that are highly regulated, data is predominantly viewed as a business risk. Our head of data management commented:

“As an organisation, we’re confused about what to do with data – the mitigation of risk vs the extraction of value. We’re constantly fighting defensive mode where we’re under pressure to please the regulators through general housekeeping and hygiene. And yet at the same time we know we need to be in offensive mode, trying to extract value that enables us to create a better customer payment journey, or to find cross product opportunities.”


When it comes to managing data as a risk, the group data operations director believes there’s only really one option:

“It starts with going back to basics to invest in the fundamentals, like GDPR, privacy and security.”


 Uncomfortable with technical

One of our guests shared an interesting observation about how data initiatives are perceived at board level:

“When you work with people that have a strong business knowledge, they become unstuck on the technical details, like how to migrate to cloud, which is why it’s easier to look at data as a risk and make unstructured data a priority. But when you get them to look at the data lineage, they see that there isn’t a central repository for all data. To understand the requirements needs some serious technical knowledge, which is why you need to have people with that knowledge involved in the decision- making process.”

With oversight of data, organisations can begin the process of classifying data, which is critical for underpinning controls. For example, knowing how to treat ‘standard’ personal data vs. ‘special classification’ personal data.


How to achieve it: take a different approach to data

“To enable organisations to meet the challenges or opportunities of tomorrow, they need an index of all their data, all in one place.”

Danny Reeves, CEO, Exonar


When the same frustrations and struggles prevent organisations from realising data governance success, it’s time to try something different.:

“We want to take a different approach and re-write our cyber strategy to take a zero-trust approach,” said our group data operations director. “We have a great framework at the moment, but we need to take the next step to move it out of the 20th century and into the cloud. We need to look at a different way to secure data, while also tackling analytics, automation, digitisation and the data architecture that sits behind it.”


With a holistic view of data, it’s possible to turn a compliance approach where data is viewed as a risk, to also consider how data protection laws can enable data to be used in a more insightful way, to deliver more value to the business and its customers.

The head of data management risk commented,

“What I feel we’ve done really well is to have a group chief data officer that covers all divisions. This has created a high degree of accountability in divisions and reinvigorated one of the goals of what to do with data governance.”


Things to consider...

  • If you treated GDPR as a tick-box exercise first-time round, perhaps now is the opportunity to consider how you can use the laws to derive value from your data.
  • Think of your structured and unstructured data both on-premise and in the cloud. Do you know exactly what data you have? Where it is? And who has access to it?
  • Review your GDPR, privacy and security policies to consider whether they’re fit for the new world of work and actually help strengthen your data protection efforts.
  • Identify the data within your business that needs to remain confidential from other business units and ensure it’s adequately protected.
  • Ensure the board has access to the appropriate technical knowledge to stop it operating in defensive mode, instead, leaning into conversations about the value data poses as an asset.


Priority 3: answering a new breed of customer

In response to the financial crisis, the UK witnessed a number of challenger banks enter the market, seeking to disrupt the status quo. They had the simpler business models, which gave them the agility to meet consumers’ changing demands quickly. They ripped apart the application process, boiling it down to a few simple steps that took minutes and didn’t require you to talk to anyone. And they embraced digital technologies as a way to deliver a more personalised and convenient service.

Today, more than one in five people in the UK use challenger banks – for younger age groups, like millennials, usage increases to more than a third5.

And yet recent data shows that UK consumers are beginning to question the sustainability of challenger banks, with 45% of consumers believing neobanks would still exist in 12 months’ time, and only a tenth placing ‘a lot’ of trust in fintechs to look after their data – compared to 41% for traditional banks.


Data is the new oil

Data is an organisation’s most precious commodity. And if traditional banks can harness their data as an asset, there’s a huge opportunity to gain the competitive edge, by distilling the data’s insights to know how to deliver the same level of service provided by the challenger banks.


New customer expectations

Today’s customers don’t necessarily want to bank in branch – or even via a browser. There’s a new breed of customer choosing to live their life exclusively through digital channels. To remain competitive, financial organisations must embrace that change and find new ways to deliver their service(s) digitally. The head of digital and innovation commented:

“We have customers crying out saying, ‘I don’t want my financial data stuck within a silo in your bank. I want to be able to port that information in and out, and overlay other parts of my life to add value’. We can’t ignore that. We need to look at the ways to help them do that and embrace the change.”


But getting to that point may be easier said than done, as the head of data management risk explains:

“It’s certainly one of the goals. But even with a centre of excellence we’re struggling to get a standard data taxonomy, standard data dictionary, standard data models – and then the knowledge of how those models talk to each other. We’ve done what we were pushed to do from a compliance perspective, but that data is still not useful yet.”


Ability to join data sets

As we explored previously, it’s common for organisations to operate in silos, particularly those in the financial sector who face different regulatory obligations in different countries, and/or target different markets with different products. But data is an enabler, allowing organisations to deliver a more personalised experience – offering a better service through recommending products that meet each customer’s specific needs. Our head of customer and cx management explains:

“As we drive more on the digital road, it becomes more intertwined with data for personalisation. We have core data sets, but then there are wider datasets from across the business that we could tap into. Historically, data hasn’t had much of a focus, but as we start to get uber personal, digital and data can’t help but get more attention.”


Lack of understanding of data 

Data as a risk appears the default position with organisations approaching it from a defensive management position. And yet to realise the inherent value within data, it needs to be approached from the perspective of data as an asset.

One participant had already started on this transformation, beginning with the roles of the stakeholders involved:

“We recently changed the structure of the data team, with the chief data officer becoming the new group head of data and analytics. We feel it sets the tone and sends the right message for what we intend to do with data. By moving the conversation towards ‘let’s understand what’s in our data and do something with it’, we can take a more practical approach to data governance.”


How to achieve it: understand what's in the data

“Companies may have spent a lot of time, effort and energy on compliance, but if they’ve failed to really understand what’s in the data, they won’t derive value from it. I see companies spending a fortune on data science and analytics, but without that complete view of data, those guys can only ever work in silos. Thankfully, we’re starting to see the recognition that discovery is a critical component of digital and data, because it allows organisations to see all the data, all in one place, and in detail.”

Danny Reeves, CEO, Exonar


Perhaps the biggest challenge organisations face is that they lack a single view of their data – without that oversight they can’t distil its value into actionable insights. Our head of data standards and governance strategy said:

“Our biggest challenge is knowing our data.”


The group data operations director agreed:

“We still have fundamental questions over what is in our data, and where it is.”


The head of data and security explained how his organisation had started to address the issue, but that there was still work to be done:

“We’ve looked at understanding where our sensitive data is. We have a team that sets rules to protect what goes out of the organisation. But there’s value in pointing those tools internally to protect how that data moves within our organisation. This would help inform the data catalogue service. And then we could overlay how that data is protected for a multilayer view.”


At its core, data discovery is the ability to discover your organisational data at scale. When an organisation has that oversight, data can be used to both power and protect the business and the people it serves. And with complete oversight of data, it’s possible to maintain the quality of that data, by identifying where it is most valuable to clean data, and how that data flows between systems to enable richer analytics and insights.


Things to consider...

  • Do you know what your customers actually want from you today? How does it differ from the service(s) they currently receive?
  • Does your business have a standard data taxonomy, standard data dictionary, and standard data model? If not, identify what’s preventing you from achieving it.
  • Determine which data sets would deliver the greatest value if they were joined up to give a more complete picture of the customer journey.
  • Imagine anything was possible – how personalised would your service(s) be? What stops you delivering that today?
  • Look at what data can do for the business from an internal perspective, as well as how it benefits your customers externally.


2021 is the year we all need a single view of data

Before the virtual roundtable we asked the participants about their investment priorities for 2021 and out in front was ‘simplifying digital and IT transformation through a single view of related data’.

With a single view of data, it becomes possible to use data to both power and protect the organisation and the people it serves. As Danny Reeves, Exonar’s CEO explained:

“You need to spend time on the things that are strategically important to your business. With an index of all your data, all in one place and in detail – as well as the APIs on top that feed into other programmes and initiatives – every business is set up to meet tomorrow’s challenges or opportunities.”



To overcome the priority of enabling a remote workforce, organisations must seek ways to regain control and prevent bureaucracy creeping in, which constrains business agility.

To address the reacceleration of GDPR, organisations need to take a different approach to data, considering it from a holistic view and how it can be used in a more insightful way to deliver value.

To meet the needs of the new breed of customer, organisations have to understand what’s in their data by gaining a single view of data in detail to distil its actionable insights.



  1. Fintech Futures

  2. Exonar Blog

  3. Global Workplace Analytics

  4. Compliance Week

  5. Fintech Futures

  6. City AM


Further information

Blog: Six things we learnt that will change data strategy in 2021

Report: How to strengthen information security with data discovery

Webinar: Juggling data priorities: can you secure, protect and exploit the value in your data?

Live demo: See Exonar Reveal in action

Talk to Exonar about gaining a single view of your data

Should you need us...

The Exonar smart index enables data to be used to protect and power the organisation - billions of
items all viewable and manageable in one place, and instantly searchable via a user-friendly browser interface.

To get you started, we’re offering you the opportunity to see how Exonar Reveal can uncover what’s in your data estate at scale, so you can see what you could do with that data to protect and power your organisation.

Talk to us about how we can help you.



Would you like to attend our next (virtual) roundtable event?

Although places at our roundtables are by invitation only, we’re always interested in hearing from people that would like to get involved.

To register your interest, please contact:

Anna Cotton

Phone: +44 (0)7779 270558