Financial services companies that do business in multiple languages often ignore the very real risks associated with third-party data transfer during the translation process.
In the financial services space, information governance plays an increasingly prominent role in best practices as businesses look to ensure customer confidence, reduce risk, and comply with regulatory authorities. Most financial services companies are currently facing some degree of exposure across a number of different fronts, but there’s one major source of risk that’s often neglected.
Nearly every major bank and financial services company conducts business in multiple countries and/or deals with customers that speak a range of languages. This creates an imperative for language translation at some point during an interaction, project, or engagement. For many companies—particularly those in the retail banking space—it’s a major ongoing requirement across multiple areas of the business, from application submission and processing to contracts and customer service.
Third-party management is an important concern of any information governance policy, but the reality is that these policies often stop short at managing the transfer of customer data to any third parties that have been validated by the lender or bank, including translation providers. Typically, third-party translation risks fall into the following categories:
Transfer of Sensitive Data to Third-Party Providers
Financial institutions deal with all manner of sensitive data that may require translation—for example, the mortgage and loan applications submitted by expats, immigrants, and other limited-English-proficient customers to banks in the USA or Canada. These applications can include a range of personal data as well as social security numbers, loan numbers, passwords, IDs, and logins. If their documentation is sent to translators or translation agencies in an unsecured fashion, or if the providers don’t follow best practices for storing and handling data during the translation workflow, banks are putting that sensitive personal data at risk. A crucial tool for combating these risks is Information Rights Management (IRM). IRM is the practice of ensuring auditable and controlled endpoints for any third parties involved in the customer data workflow. It also protects data at the personnel level by restricting linguists and other employees who handle documentation from copying, downloading, or screen-grabbing sensitive information.
Real-Time Interpretation and Multilingual Call Centers
Interpreters play an important role in guiding non-native English speakers through complex financial transactions, general Q&A, dialogue with bankers, or even customer support. Interpreters that sit at home in a loose environment pose a risk of capturing sensitive information outside the governance of the sponsoring entity. Most risk-averse banks are looking for partners that enforce an in-center interpretation model, where interpreters are clocking in, taking calls, and don’t have access to recording devices or papers to carry out SSNs, loan numbers, or other protected info.
Public-Domain Translation Tools
Use of publicly available translation tools is common across both retail and investment banking. In the M&A and research space, analyst teams typically operate at breakneck speed and will often turn to public domain tools that provide instant translation of websites and due diligence info. Retail teams are also guilty of using these tools to communicate with international partners or investigate potential customers’ credit histories. While these tools may appear to provide an obvious solution to the need for instant translation, they are major sources of exposure. Any information that runs through an open and available translation environment moves into the public domain, and is part of a searchable database. For businesses looking for improved protection and governance, the use of on-demand, controlled translation platforms is often the best alternative—as they function similarly, but ensure client confidentiality is not in jeopardy.
Guidelines for Addressing Translation Risks
Each company has unique needs and requirements, but there are a few best practices that most companies can easily and cost-effectively implement that will reduce risk both internally and externally:
Perform an analysis of non-English content that could require interpretation or translation and implement clear processes for handling each one
Shut down enterprise access to on-demand translation tools and instead offer an internally controlled on-demand translation platform
Develop a communication plan on what is acceptable and what is not
Partner with translation providers that offer Information Rights Management (IRM) and implement best practice procedures for securing their facilities and hardware.
To learn more about our information governance and IRM solutions, visit http://www.transperfect.com/solutions/transcend or give us a call.