Get Started with Compliant Data Sharing
Learning Objectives
After completing this unit, you’ll be able to:
- Describe data-sharing concerns in the financial services.
- Define Compliant Data Sharing.
- Explain how Compliant Data Sharing sets access permissions to records.
Financial Services Cloud is now called Agentforce Financial Services. You may see references to Financial Services Cloud in our application and documentation.
Ethics, Regulations, and Information Sharing
There’s little personal and business data more sensitive than financial information.
In financial services, clients trust you with their data as much as they trust you with their deposits and investments. And regulations about data sharing and insider trading mean that your institution must work carefully to make sure data is accessible to only the appropriate staff members.
By following the Principle of Least Privilege, you make sure that employees only have access to data necessary for their roles. You must set up barriers to separate departments, such as investment banking and retail trading, and make sure that non-public, market-moving data doesn’t leak across the organization.
Salesforce includes many tools to enforce data access, and Agentforce Financial Services adds Compliant Data Sharing, which enables admins and compliance managers to configure advanced data-sharing rules easily. These rules help your institution control and monitor exactly what data gets shared with whom, all without complex code.
In this badge, you learn the basics of Compliant Data Sharing. Start in this unit with the basics, before following an example scenario to explore how Compliant Data Sharing works.
Participant Roles
Compliant Data Sharing helps record owners and users with edit access securely and selectively grant other users access to records. To do this, Compliant Data Sharing uses customizable Participant Roles, which define a level of data access, such as read-only or read/write, for an object.
Instead of sharing records to one user at a time, Salesforce admins can also create Participant Groups to share a record with a team of users who play the same role in a client relationship.
When you assign a user or group as a participant for a record, the system creates a junction object that connects the user, the participant role, and the specific shared record. Compliant Data Sharing can then grant the user access to the record, even if it's beyond what’s given by org-wide defaults.
Role hierarchy–based sharing is enabled by default for some objects, so turn it off to prevent senior users from accessing data from users below them in the org chart.
Consideration
You can’t assign opportunity participants to an opportunity set to Private. See Control Who Sees What with Compliant Data Sharing for details.
Users and compliance managers can audit who has access to a record and why. You learn more about that later in the badge.
Now that you understand the basics, explore how Compliant Data Sharing works by following an example.
Compliant Data Sharing in Practice
Cumulus Capital is an investment banking firm and part of financial services company Cumulus Cloud Corporation. Cumulus Capital has two divisions: corporate investment banking and capital markets.
- The Corporate Investment Banking division provides mergers and acquisitions advisory, and capital raising through initial public offerings.
- The Capital Markets division handles research, sales, and trading in stocks on behalf of clients.
Today, there’s a buzz in the Cumulus Capital office. Northern Trail Outfitters (NTO), a retail company that specializes in outdoor gear and apparel, is looking to foray into the food and beverages industry. The company is planning to merge with a popular fitness cafe chain called Dorjeling Kitchen.
NTO wants Cumulus Capital to represent them and handle all aspects of the merger. The Corporate Investment Banking division handles this kind of work, and the related confidential information regarding deals and clients. This sensitive information is called material non-public information (MNPI) in the financial world.
To prevent insider trading, that’s the type of information that the capital markets division can’t access.
So, there are strict confidentiality rules around the deal, but it also requires contributions from several team members in the Corporate Investment Banking division.
Here are the detailed requirements that Cumulus must meet when handling this information.
- Prevent deal data from leaking to the capital markets division with a virtual information barrier, or an ethical wall.
- Allow the Corporate Investment Banking team working the deal to share confidential details without compromising data privacy.
- Enforce strict granular control over data sharing, such as who has access to data and to what extent.
- Support collaboration within the limits set by compliance regulations and company policies.
Compliant Data Sharing can meet all of these requirements. By using the feature, compliance managers, Salesforce admins, and staff members make sure that sharing follows compliance regulations and corporate policies.
While this module uses an investment banking example, Compliant Data Sharing works equally well with other financial services sectors such as insurance, wealth management, and retail banking.
Automatically Shared Objects and Compliant Data Sharing
The objects you use with Compliant Data Sharing can’t be automatically shared, such as with sharing controlled by a parent object.
For example, consider meeting notes.
The Corporate Investment Banking team at Cumulus is working with both NTO and Dorjeling Kitchen to figure out the details of the merger. They talk on the phone, meet at the Cumulus office, and have business dinners. These interactions include confidential MNPI. The Corporate Investment Banking team must track and document such interactions and details carefully, so that they can share details among the team and keep a record of their discussions with the clients.
If the team stores these notes in Activities, such as tasks, events, and calendars, they’re accessible to other teams because their parent object controls sharing. If the Corporate Investment Banking team adds call details to Activities on the Opportunity object, the details are shared in the hierarchy automatically.
Alternatively, by using an object such as Interaction Summary enables you to specify the confidentiality of notes. Your team has complete control over who can access them, sharing them only with relevant stakeholders according to Compliant Data Sharing rules. To learn more about Interaction Summaries, see Capture and Share Meeting Notes with Interaction Summaries in Salesforce Help.
What’s Next?
In this unit you learned how Compliant Data Sharing works in Agentforce Financial Services, including how Participant Roles and Participant Groups control access to sensitive records, and why these tools are essential for preventing MNPI from crossing between banking divisions.
In the next unit, you learn how to configure Compliant Data Sharing in your org by setting up sharing defaults, enabling the feature, and assigning the right permissions.
Resources
- Salesforce Help: Compliant Data Sharing
- Salesforce Help: Considerations and Limitations for Compliant Data Sharing
- Video: Compliant Data Sharing Deep Dive