Faculty of law blogs / UNIVERSITY OF OXFORD

The Emergence of Financial Data Governance


Time to read

4 Minutes


Douglas W Arner
Kerry Holdings Professor in Law, RGC Senior Fellow in Digital Finance and Sustainable Development, and Associate Director, HKU-Standard-Chartered Foundation FinTech Academy, University of Hong Kong
Giuliano G. Castellano
Associate Professor at the Faculty of Law of the University of Hong Kong
Ēriks K. Selga
PhD candidate at the University of Hong Kong

Finance is one of the most digitalized sectors of the economy. The processes of digitization – transforming analogical information into digital form – and datafication – converting any aspect of life into data that can be analysed – profoundly reshaped the financial industry. Since the invention of paper in China (2000 years ago) until the late 1970s, finance was an industry based on paper: paper ledgers, paper certificates, paper money (in addition to coins). With the devolvement and progressive diffusion of computers, finance evolved into a digital industry, where financial instruments (such as stocks and other securities) are dematerialized, and financial information is digital. Following the 2008 global financial crisis, the integration between finance and technology (‘FinTech’) propelled a digital transformation affecting all financial services and activities. With the deployment of novel data-intensive technologies, such as artificial intelligence and blockchain, finance and data are inextricably intertwined.

Data is not just the lynchpin of finance; it is its primary constitutive element. Financial transactions are transfers of data; financial infrastructures, such as stock exchanges and payment systems, are data networks; financial institutions, like banks and other intermediaries, are data processors – gathering, analysing, and trading data generated by customers. The emerging frameworks governing data and data flows (in general) intersect with both financial regulation regimes and new regulatory policies, in particular ‘open banking’ initiatives aimed to facilitate third-party access to financial data held by financial institutions.

The role of financial data governance has been put into stark perspective in the context of the war in Ukraine. Given the dematerialized nature of financial assets, the bulk of financial sanctions that the international community has imposed on the Russian Federation effectively result in a limited access for Russian entities – including public authorities as well as identified individuals and financial institutions – to the global data network that allows the domestic financial system to operate. In particular, the disconnection of seven Russian banks from SWIFT, the international interbank messaging system based in Belgium effectively cut off a quarter of the Russian banking system from the international payment network. Even more critical is the incapacitation the Central Bank of the Russian Federation to access to its foreign  currency reserves, which are normally dematerialized and consist of lists maintained by foreign-currency issuers and intermediaries, such as other central banks, foreign banks, and sovereign bond issuers.

In our latest paper, we introduce the notion of ‘financial data governance’ to expound the regulatory complexities and address emerging challenges. We define financial data governance as an emergent phenomenon comprising rules, processes, and strategies shaping the legal and regulatory framework pertaining to the digitization and the datafication of finance. Hence, financial data governance comprises at least the following three components:

  • General data regimes, comprising ‘data governance styles’; as defined in Arner, Castellano and Selga (2022), data governance styles offer a characterization of the overarching approach a jurisdiction takes towards data, data flows, and infrastructures.
  • Financial regulatory regimes applicable to financial data and stemming from the process of digitization; typically, these rules reflect the pursuit of traditional regulatory goals, such as market integrity, ethical business conduct, financial stability, and the solvency of financial institutions. 
  • Regulatory policies focused specifically on the use of personal financial data and the datafication of finance, such as credit information sharing rules and Open Banking strategies.

Based on this definition, a set of archetypical ‘financial data governance models’ is evolving, with examples in China, India, the EU, and the US.

Owing to their composite and heterogeneous nature, financial data governance models engender tensions when misaligned core components interact. As financial information is digitized and financial assets are increasingly digital data, finance is inextricably related to data governance. Hence, financial activities enter in the regulatory purview of data governance styles. Yet, the intersection of financial regulation, new regulatory regimes for digital finance, and general data governance regimes is not always harmonious. Conflicts that are capable of mutually frustrating their objectives arise at the intersections of these regimes.

In particular, two categories of challenges are arising. The first category pertains to the frictions between data governance and financial regulation regimes. The concomitant application of general data regime and financial regulation may generate incongruous outcomes, whereby the full access to financial information is limited by privacy regulations or by the territorialized approach to data flows. This can be seen particularly in the context of tensions in the context of anti-money laundering and countering the financing of terrorism between financial regulation and data regulation.

A second category of challenges affects the international dimension of finance. Conflicts and incongruences between financial data governance models create tensions, threatening the existing paradigm of globalized digital finance. As domestic data governance styles encroach on the ability of financial data to leave jurisdictions, the operational paradigm of free flow of financial data in global finance is challenged. Crucially, limited access to data and the absence of mechanisms to share financial information across jurisdictions undermine the ability to price, assess, and monitor risks. As both the 1997 Asian Financial Crisis and the 2008 Global Financial Crisis demonstrated, these limitations may have severe consequences on the stability of the financial system.

Addressing these challenges is key to ensure the proper functioning of the financial system, domestically and globally. Yet, depending on the challenges, different strategies are required. Within jurisdictions, the solution to the integration between data and financial systems should be seamless as the process of digitization and datafication of finance is irreversible. To this end, drawing from the ‘Commercial Law Intersections’ theory, we indicate that rules affecting (directly or indirectly) financial data and digital finance should be designed and interpreted to ensure legal coherence.

Transnational fragmentation, instead, should be addressed in a different manner. Unlike transnational data governance, global finance has a well-developed international framework for coordination, standard setting and information sharing. We argue that these frameworks – driven in particular by international cooperation and coordination via the Group of 20, the Financial Stability Board and a range of other international financial organizations – provide for a ground to develop effective coordination mechanisms. Areas of shared concern – including financial stability, financial crime, money laundering, and cybersecurity – will continue to underpin international financial regulatory cooperation.

At the same time there will be continuing competition to develop financial data governance strategies to maximize domestic gains from the datafication of finance. Central to the future of finance will be developing mechanisms – by regulators and industry, technological and legal – to address these new realities. Emerging technologies – such as decentralized storage, zero knowledge protocols, and federated analytics – can facilitate industry and regulators both to ‘store’ and to use data without requiring its transfer across jurisdictional borders, a change from the dominant paradigm of centralization of financial data (epitomized by Equifax) to a new paradigm of data decentralization, based on new technologies and new policy approaches.

Douglas W. Arner is the Kerry Holdings Professor in Law at the University of Hong Kong.

Giuliano G. Castellano is Associate Professor of Law at the University of Hong Kong.

Ēriks K. Selga is a PhD candidate at the University of Hong Kong.


With the support of