For years, data breaches were treated as a server-room problem. Something the IT team could fix with a firewall and a late-night coffee. That illusion ended the moment JPMorgan Chase CEO Jamie Dimon was called before the US Congress to explain how the contact details of 76 million households had been stolen. 

When the leader of America’s largest bank had to answer for a breach himself, data breach stopped to be seen as a technical issue. It became clear that banks need to have a structured approach to protect their data and government should monitor and control the process for the safety and privacy of the consumers.  

Regulations such as DORA and GDPR have raised the bar, forcing banks to build transparent systems for data protection. Data governance framework was created to help financial institutions safeguard information, ensure compliance, and maintain the privacy of their customers in structured and systematic manner. 

Data governance in banking refers to the policies, ownership models, and tools that ensure the accuracy, security, and usability of data across its lifecycle. It involves stewardship roles, consistent KPI definitions, metadata management, data catalogs, lineage, and access controls. Unlike data management (which focuses on storage and processing), governance establishes the rules that keep data compliant and trustworthy. For banks, it is both a compliance foundation (GDPR, AML, DORA) and an enabler of AI adoption. 

Regulators expect data traceability and control. GDPR mandates privacy by design, DORA enforces digital resilience, BCBS 239 sets standards for risk aggregation, and AML/PSD2 require secure transaction data handling. Now with EU Act  

Yet regulatory pressure isn’t the only challenge. Many banks still run on outdated systems that hide unseen risks – legacy IT environments that make data harder to trace, secure, and standardise. As highlighted in Financial Services Data Management: 3 Hidden Risks of Legacy IT, ageing infrastructure can lead to poor data quality and result in non-compliance. Governance helps uncover and resolve those hidden vulnerabilities before they turn into fines or breaches.  

The risks of poor governance include multi-million-dollar fines, reputational damage, and operational inefficiency. Every fragment of data must be accounted for. If there is no certainty where sensitive information lives and who can access it, that should be the top concern.  

Starling Bank was fined £28.9 million by the FCA for significant AML control failures, which its rapid expansion had outpaced its ability to enforce. This points to governance weaknesses in scaling controls. Source 

The authority fined mBank €950,000 for a data breach and a subsequent failure to notify customers, even after being instructed to do so by the regulator. Source 

The ECB imposed an administrative penalty of €10.4 million on BNP Paribas Fortis SA/NV for misreporting capital requirements, specifically for reporting miscalculated risk-weighted assets for credit risk over a period from 2014 to 2021. Source 

To sum up, SSM sanctioning activity in 2024 was dominated by breaches in internal governance, which accounted for 55% of all proceedings and 60% of administrative penalties imposed in 2024. Source 

For boards, governance equals risk management. With strong frameworks the audits are smoother, and the risk of fraud is reduced. Executives should see governance not as IT spend, but as legacy-defining transformation. 

Governance also lays the groundwork for AI projects, particularly predictive analytics.  In banking, it opens possibilities for decision makers to forecast risks, detect fraud earlier, and model customer behaviour with confidence.  

IT leaders face legacy systems, fragmented platforms, and manual reporting. What they need: unified, AI-ready platforms with automated lineage, built-in compliance, dashboards, and minimal disruption. Without this, risk of downtime and integration failure rises. The dream state: modern infrastructure that accelerates insight while meeting regulator demands. 

To support executives and decision-makers, our exclusive “Executive Guide: Data Governance in Banking” is available for download. 

Inside, you’ll find: 

A comprehensive overview of key banking regulations.
Case studies showcasing real-world success stories.
A framework for linking governance to tangible business value.
An actionable plan to implement strategic data governance. 

Download the Executive Guide to explore how governance leaders are turning compliance into opportunity. 

Centralised catalog & metadata management 
Role-based, row-level, and column-level security 
Lineage and traceability 
Real-time monitoring & compliance alerts 
Hybrid/cloud compatibility (Azure, AWS, Databricks, etc.) 
Audit-ready dashboards 

Microsoft Purview
Strong fit for Microsoft-centric banks (Office, Teams, E-licenses). Simplifies vendor sprawl and monitors risky data flows. 

Databricks Unity Catalog
Centralized lineage and cataloging across data pipelines. 

Collibra & Alation
Vendor-neutral governance leaders with strong usability. 

Informatica & Atlan
Strong for integration-heavy estates.

OneTrust
Compliance and privacy-first governance. 

Choose based on ecosystem strategy. Microsoft-heavy estates may benefit from Purview, multi-cloud banks may prefer neutral tools. What matters most: cataloging, lineage, access control, and monitoring. 

Improved data quality and accuracy
Regulatory compliance and risk reduction
Stronger security and access control
 Increased efficiency (e.g., consolidated reporting with RLS/CLS)
Better decision-making & AI readiness
 Scalable infrastructure
 Competitive advantage 

Strong governance balances four essentials: data quality, stewardship, protection & compliance, and management. Neglect one, and the entire framework weakens. 

 Treating governance as IT-only (no executive backing) 
 Over-customizing solutions (scalability issues) 
 Ignoring regulatory alignment (GDPR/DORA mismatches) 
 Underestimating change management & adoption 
 Vendor lock-in & siloed approaches

Define goals (compliance, efficiency, trust in reporting) 

Secure executive sponsorship 

Map current vs. future data landscape 

Assign data stewards and KPI owners 

Define policies for access, retention, documentation 

Choose the right platform(s) 

Pilot high-value use cases (fraud, reporting) 

Train users and embed governance in onboarding 

Monitor, adapt, and evolve governance 

DORA
Applies from 17 January 2025 (ICT risk, incident reporting, third-party oversight). 

GDPR
In force since 2018. Relevant: privacy by design (Art. 25), processing security (Art. 32). 

EU AML Regulation
AML Authority operational from mid-2025; AMLR applies from 10 July 2027. 

BCBS 239
Ongoing supervisory standard for risk data aggregation and reporting. 

Governance protects PII, educates people, and reduces the chance of breaches succeeding. Regulations set the floor, not the ceiling. 

With the right balance of data quality, stewardship, protection, compliance, and management, banks can create a foundation of reliable, compliant data. Beyond regulatory assurance, strong governance also accelerates AI adoption. Every project that relies on large language models (LLMs) demands vast amounts of accurate, well-structured data and organisations with governed data are already ahead. They don’t waste time cleaning or validating information. They start innovating from day one.