Establishing Effective Data Governance in Your Bank
March 31, 2016
By Mohammad Nasar and Christopher J. Sifter, PMP
Financial institutions regularly encounter a variety of data-related challenges involving issues such as data quality and accessibility, as well as a constantly growing array of data security challenges. In today’s highly automated banking environment, such challenges can have serious effects on virtually all aspects of bank operations.
Whenever organizations seek ways to make better use of data or overcome data problems, there is a natural tendency to turn to technology for answers. Ultimately, however, finding practical and sustainable solutions to data challenges is not simply a matter of installing new software or adding more IT resources.
Rather than focusing primarily on the technological aspects of a data problem, bank management teams must take a more comprehensive approach, beginning with a clear and objective look at their overall data governance structure and processes. Although there is no single, one-size-fits-all approach, bank management teams can employ some underlying data governance principles and practices in order to more successfully collect, manage, protect, and deliver data throughout their organizations.
Data Challenges – Their Symptoms and Impact
Data problems produce a broad range of symptoms that often can be seen throughout an organization. Some of these symptoms are annoyances, such as having more reports than anyone can follow but very few that are actually used.
Other symptoms move beyond mere annoyance and are frustrating and costly. Examples of these symptoms include ongoing production issues due to missing or incorrect information or the need for costly reactive measures to respond to changing regulations.
Still other symptoms actually pose a serious threat to an organization’s success – or even its survival. For example, an inability to perform meaningful analysis or deliver accurate forecasts due to unreliable or inaccurate data can undermine a bank’s strategic planning capabilities.
Beyond these immediate symptoms, problems with data quality, access, or security can affect virtually every aspect of a bank’s management and operational environment, including:
- Business operations. Data problems often manifest themselves in reduced productivity, decreased throughput, longer processing times, and increased reworking needed to correct inaccuracies.
- Financial performance. Increased operating costs and IT expense are directly attributable to data issues, but less obvious effects include decreased revenue, delays in cash flow, and missed opportunities.
- Risk and regulatory compliance. Beyond the obvious risk of increased penalties and fines, data quality concerns also affect credit assessment and investment risks and lead to higher compliance costs as banks must acquire, develop, and implement new systems and processes.
- Customer relations. Data access problems can make it difficult or impossible to view the full portfolio of products and services a customer uses, impede a bank’s ability to timely respond to customer requests, and damage the bank’s reputation when mistakes become visible to customers.
- Business confidence. When customer and employee satisfaction is diminished due to data quality issues, the result typically is decreased organizational trust, internal rivalries among the business lines and the IT function, and reduced confidence in forecasting and decision-making.
- Strategy. When resources must be expended on reacting to issues rather than making investments in strategic initiatives, banks often see their competitive edge slipping away.
The Need for More Effective Data Governance
Data shortcomings arise for diverse reasons. In most banks, the data landscape has grown over time, either through mergers and acquisitions or through organic growth, and the data governance structure has not kept pace with business change. Many banks also rely on legacy systems that cannot be updated to meet new needs or integrated with new sources of data.
In terms of funding and resources, data concerns often take a back seat to compliance and operations spending. As a result, when new requirements cannot be met using existing systems and processes, many workarounds or one-off solutions are put in place – leading to an increasingly complex and unwieldy data management structure.
These diverse challenges have one thing in common: They all point to the compelling need for banks to introduce a formal data governance structure or to upgrade their existing structures to make them more effective. Moreover, in addition to the broad, ongoing challenges just mentioned, three specific current industry trends are greatly accelerating the need for effective data governance – and the challenges of achieving it. These are:
- Increased strategic demand for relevant customer data. Factors driving this trend include the growing use of data mining and analytic technologies to support marketing and customer retention efforts, the development of new customer channels that require integrated and accurate data, and the need to identify links in customer relationships in order to take advantage of cross-sales opportunities.
- New regulatory challenges that require trustworthy data. Accurate and comprehensive data is essential for banks to comply with the complex regulatory requirements stemming from the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), particularly its comprehensive capital analysis and review (CCAR) and annual stress test (DFAST) requirements. In addition to bank capital and liquidity data, however, banks also need access to accurate customer identification data, as well as data on conductor, beneficiary, and counterparty relationships across all channels to comply with the Bank Secrecy Act (BSA), the USA PATRIOT Act of 2001, and other fraud prevention regulations.
- New technology and mobile channels that affect data quality. As banks move toward increased use of digital and mobile channels, they must continually re-evaluate how they adapt their data standards to support such platforms, how they maintain adequate data security, and how they can enforce data quality when data is entered directly by customers rather than bank employees. These challenges add to the already growing demands on IT resources.
The Pillars of Effective Data Governance
Once the symptoms and effects of inadequate data governance are recognized and understood, the logical next question is, “What’s the alternative? What does good data governance look like?”
There are many definitions of effective data governance and many perceptions of what it encompasses. At the highest level, though, the overarching objective of data governance is to permit a bank to recognize data as a business-critical organizational asset and to begin treating it as such. To achieve that broad objective, effective data governance rests on three foundational elements – the three pillars of data governance:
Pillar 1: People and Organizational Structure
Data governance is not just an IT issue – everyone in the organization is responsible for maintaining accurate, accessible, and secure data in support of business needs and priorities.
The major stakeholders in this effort can be organized into two groups – those who establish the broad vision and strategy for data governance and serve as the effort’s sponsors, and those who are responsible for actually executing the governance effort. (See Exhibit 1.)
The Key Players in Establishing and Maintaining Effective Data Governance
Pillar 2: Data Governance Processes
The data governance board, along with the business lines and IT leadership, must implement policies and procedures that not only establish standards for data management, but also put enforcement in place. These processes must address all four phases of the data management life cycle:
- Collection. Bankwide standards for the ways various pieces of data are collected, entered, and stored should be instituted. These standards include the basics – such as consistency in the way names, abbreviations, and numerical codes are entered – as well as the more demanding – such as detailed documentation of how data is to be sourced and collected, and in what format.
- Management. It is important to establish clear responsibility for who owns data, how it is to be used, and who is accountable for maintaining it. In addition, those responsible must follow clear, documented policies and procedures to maintain proper management.
- Protection. A bankwide data privacy protection program is needed to address data identification and classification and control access to it. Such a program should:
- Identify and document the data and where it is stored
- Classify the data based on sensitivity
- Protect the data by defining control standards at various stages
- Define an organization’s response in the event of a security breach
- Delivery. The final phase defines how data is reported and delivered to users, how it is extracted from the systems and disseminated to provide inputs into dashboards and other reporting systems, and how it is aggregated and cleansed for use elsewhere.
Pillar 3: Data Governance Technology
The people and processes of effective data governance cannot function without effective tools and technology to maintain and manage data in a way that makes it accessible and reliable for business uses. In many banks, data technology consists of a disconnected series of one-off applications and solutions, each designed to meet a specific need, with no centralized and consistent governance, as illustrated in Exhibit 2.
Typical Data Technology Approach
A more effective approach, as illustrated in Exhibit 3, invokes a consistent, reusable, and governed approach for extracting, transforming, and loading data.
Best Practice: Extract, Transform, Load (ETL) Process
Regardless of whether they are developed internally or purchased from outside vendors, data quality platforms and frameworks should provide accountability and complete transparency within the lines of business and the IT function.
All too often, management and the IT team devote most of their attention to the technology aspects of data governance and neglect to recognize or adequately address the other two pillars: the organizational structure and processes that must be in place before effective data governance can occur.
The Goal: Reliable, Accessible, Secure Data
The desired outcome of any data governance effort is to reach the point at which the financial institution’s data meets four critical criteria:
- Trust. Users trust that the data that is collected and made available for operations, regulatory compliance, and all lines of business is accurate, without question or hesitation.
- Consistency. Business stakeholders have consistent access to the information they need to meet their business requirements and priorities.
- Commitment. There is an enterprisewide commitment – backed up with sufficient funding – to maintain data quality and availability throughout the bank.
- Clarity. Processes and technology clearly indicate how new needs for data or information will be addressed.
Ultimately, the goal is for data to be regarded the same way as electricity, telecommunications, and other essential business utilities – as something end users can access with ease and rely on with confidence, without worrying about its quality or understanding how it’s generated or maintained.
Most people turn on the lights without giving it any thought, but they nevertheless recognize that this effortless process is possible only because of an enormously complex infrastructure with countless controls and checkpoints. Achieving the same effortless access to bank data – and the same level of trust in its quality – will require a similarly sophisticated and tested data governance structure.
Employing a balanced approach that addresses all three of the pillars of effective data governance will help banks make significant strides toward achieving this eventual outcome.
Data Quality – How Trustworthy Is Your Data?
The widespread prevalence of data quality concerns was highlighted in a recent online survey of participants in a webinar sponsored by Crowe Horwath LLP. Overall, eight out of 10 survey respondents said their banks’ data requires either periodic cleanup or many manual workarounds to be useful. Exhibit 4 below illustrates the following survey findings:
- Only 19 percent of the survey participants characterized the data in their banks as being “very trustworthy,” which was defined as data that is available, accessible, and usable without concern.
- Almost half (47 percent) reported their bank’s data generally is available and accessible but requires cleanup on a periodic basis.
- More than a third (34 percent) characterized their data as only “somewhat trustworthy,” requiring many manual workarounds to make it usable, along with the need to constantly react to data quality concerns.
The Current State of Data Quality
Microsoft and Microsoft Excel are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.