Data separation and migration for divesting businesses
Data separation and migration for divesting businesses
As organisations divest, transferring business applications and data from one entity to another can be immensely complex. It takes a clear strategy, a robust and transparent method, and a deep understanding of the risk implications and technology to do it successfully.
In today’s post-Royal Commission environment, many banks and other financial services organisations are looking to simplify their business, to reduce costs and to address regulatory compliance. The simplification agenda includes divesting parts of their business which presents complex challenges when it comes to the safe and accurate transfer of application and business data to the buyer.
Customer data, employee data, payroll data, financial data and procurement data are just a few examples of the vast information that could be involved. Brendan Gialouris, Director, Management Consulting, KPMG, says data is often sensitive and beholden to strict regulatory requirements – meaning awareness of risk and security must be integral to any transition.
“There are a number of different risks that might appear if this isn’t done properly,” he says. “There could be commercially sensitive material and customer data that could be shared and used in an inappropriate manner.”
Daniel Ferguson, Director, Management Consulting, KPMG, says that many organisations on both the buying and selling side can find the process overwhelming.
“People want to know, what‘s the best way to tackle this and where’s the best place to start?” he says.
With previous investment from companies to consolidate platforms and build a ‘single view of the customer’ by bringing all data together in the one system, Gialouris says it can now take much more analysis, planning and specific tooling to ‘unpick’ and extract the required elements of information to be transferred.
“When you sell off a business, you don’t necessarily want to offer that single view of the customer to the buyer,” he says.
Equally complex is extracting data from multiple legacy technologies and providing transparency to business owners to make the appropriate decisions on what stays and what goes. Many legacy architectures have simply kept expanding over the years, meaning an organisation can lack clarity about what data is where. Data can be structured and unstructured, requiring technical abilities including forensic capability to analyse and manage.
Ferguson says: “Organisations can have hundreds of legacy systems with data in various states, formats and quality. You need to think about unpicking various parts of your business on applications that are shared across the entire business. That gets very complex.”
Ferguson and Gialouris say that financial institutions going through data transition need to consider things such as:
- data segregation requirements driven by commercial, financial and customer risks
- any necessary access restrictions required throughout the process
- how specific regulatory processes are maintained as the separation takes place
- how to effectively manage demand for business-as-usual services during the separation period.
Once the data is separated and ready for transfer, it is necessary to look at:
- identification of the data to be transferred (e.g. application data, business records, support materials such as service management plans, or technical documentation such as testing scripts, configurations etc.)
- classification to provide confidence that only approved data is transferred, and that the data is complete and accurate
- ensuring that nothing is personally identifiable to a customer that shouldn’t be
- reconciliation and control of the upstream and downstream consequences of removing data sets from the host environment
- maintaining security of data during the transfer
- how to plan, manage and control the transfer during limited migration windows, ensuring no impact to the business or customers.
A streamlined, secure approach
With these challenges and needs in mind, KPMG has built a methodology to help organisations to manage the safe, accurate and timely transfer of data from one entity to another. The approach draws on a breadth of KPMG expertise in financial services, technology, data analytics, cyber security, risk, governance, legal requirements and others.
KPMG looks holistically at the impact of data migration on the whole business at the selling and buying ends – not just from a technical perspective. This involves understanding the business needs on both sides of the transition, establishing exactly what data is needed to support those needs, and applying custom designed technology to enable it.
Gialouris says: “We need to be confident that when we hand over the data that we don’t leave anything behind. At the same time, we have to consider, is there anything that we’re cautious about sending or we don’t want to give because they’re not entitled to it, or it represents some kind of risk?”
Transparency throughout the process is a prime consideration, to provide the owners of the data visibility and control as the data processes out from the seller and to the buyer site.
Collaboration is vital to the whole process, so KPMG’s U-Collaborate team step in to facilitate collaboration workshops bringing the right people together to deliver a cohesive end-to-end approach. For example, what are the objectives, what is the agreed chain of events that will occur, and when to ensure a seamless ‘switch off’ at one end, and ‘switch on’ at the other?
“We look at how to orchestrate that end-to-end series of events and make sure everyone is aligned, clear on the roles they have to play, and hand-off points are agreed,”’ Ferguson says.
More transitions to come
As divestment becomes more common in financial services, organisations will need to think deeply about the data they have and how that can be safely extracted and transitioned without putting the businesses or customers at risk.
Gialouris says: “Our approach to data transition brings confidence to stakeholders – they can be confident the data is transferred accurately and safely.”
KPMG Australia acknowledges the Traditional Custodians of the land on which we operate, live and gather as employees, and recognise their continuing connection to land, water and community. We pay respect to Elders past, present and emerging.
©2023 KPMG, an Australian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.
Liability limited by a scheme approved under Professional Standards Legislation.
For more detail about the structure of the KPMG global organisation please visit https://kpmg.com/governance.