Compliance Risk - How to mitigate it by matching application data usage to licensing?
Getting grip on data usage
As financial institutions consume more data from sources than ever before, the task of administering external data services is growing both in complexity and scale.
At the same time, data services are frequently consumed by applications rather than humans that can be tallied by head count. These applications often consume more data than humans as they carry out multiple business processes. In many instances they also produce data themselves that is derived from the original external fee-liable data sources and distributed to a new set of consumers, including applications. So the cycle continues.
As a result, the ambiguous task of counting and reporting applications that consume financial information has become far more complex. Supplier licensing agreements and invoices have necessarily become more complicated as firms add to the list of sources whose data they consume. As data cascades from application to application, this complexity is intensified.
It is good practice for firms to periodically recertify which applications are consuming data and to ensure that this checks out with existing licensing agreements. And when it becomes time to audit a firm’s use of specific data sources, tracking which data sets are used by which teams and applications is a substantial and time-consuming task.
The never-ending cycle
With the growing number of data sources, practitioners complain they are in a near-constant cycle of monitoring applications’ data usage. Keeping up with this is challenging for hard-pressed data teams, and the complexity posed by applications’ onward distribution of derived data – often under difficult-to-measure non-display licences – can result in an inability to gain an accurate view of how data is being consumed within the organization.