Transcript of "Gaining Competitive Advantage Through Risk Data Governance"
White Paper Gaining competitive advantage through Risk Data Governance - Nagharajan Vaidyam Raghavendran, Sudarsan Kumar, Partha Sarathi Padhi www.infosys.com
As a response to the banking fiascos that mushroomed across the globe, a slewIntroduction of regulations that aim towards a global recovery have been brought about. Key amongst these is the latest update to the BASEL rules. It is set to bring about a sea change for the financial services industry by redefining focus areas. There is even more stress on achieving higher levels of transparency and increasing the quality of assets. This provides an opportunity for the financial services industry to reinvent itself by reducing the redundancies that exist across different lines of business. The recurring challenge has been around consolidating data silos which originate from disparate systems. To achieve complete transparency and accuracy in regulatory risk reporting, it is evident that the quality and integrity of the data are going to be fundamental building blocks. These are necessary investments towards gaining a bird’s eye view of the process efficiency as well as the imminent risks facing the firm. In this paper, we examine the need for a comprehensive Data Governance Solution; establish strategic measures towards building it and highlight how it creates a competitive edge for the firm.Why Data Governance?It is said that not all bytes are born equal. Nowhere is this more evident than in a risk information system. An often overlooked aspect whenbuilding a risk information system is the quality of the source data.For regulatory compliance with BASEL norms, the data needs to be procured from a large number of disparate sources which are usually spreadacross different time zones. The data pertaining to different lines of business reside in silos as the firm operates on different platforms. Thesevarying and often redundant platforms were built to support diverse products and cater to unique requirements across regions and customers.This silo approach, gave rise to business data marts having multiple versions of the same data across the firm. The lack of consistency amongstthese data marts implied massive time and cost requirements for reconciliation.Data needs to be treated as a strategic asset and needs to be governed throughout its process cycle and end-usage. A strategic initiativetowards this goal would be to bring people across the enterprise together thereby creating a consistent and holistic view of the company’sdata. This would ensure that an accurate statement of the firm’s risk position is available for regulatory reporting and decision making.The figure below illustrates the deficiencies present in risk information across most firms where the source data is in silos. The deficiencieswill be examined across the dimensions of People, Process and Technology. · Manual Check Error · Incorrect Design · Limited or no data · Incomplete and Stewardship poor data standards ple Pro · Insufficient Business · Process failure o ce Pe awareness ss Causes of Poor Data quality Technology · Disparate sources · ETL Integration errors · Outdated technology2 | Infosys – White Paper
Challenges with the Existing SystemsThe financial services industry has evolved over the years and is now a complex system with data being transmitted continuously acrossmultiple entities world-wide. At the bare minimum, there are applications spanning front-office, middle-office and back-office platforms withdata being transferred back and forth, not to mention the myriad external sources of data. In this scenario, it is easy to see why numerous,disparate versions of the same data are present across the organization. The lack of consistency amongst the data marts and many applicationsis a core issue that needs to be highlighted and addressed. Overall, the present data architecture can be viewed as a set of multiple andinconsistent data marts, causing difficulties in the integration of data, which in turn presents limitations in the data validation process.In the table below, we look at the business impact stemming from these challenges. Issue Description Impact Some data errors have a disproportionate impact. i.e. Increased business system downtime leading to higher All or nothing processing they unnecessarily stop the system, rather than set overhead costs for providing continuous support. aside an error record and process the good records. Multiple point-to-point The same data is sent multiple times to multiple Increased impact of changes, complexity, overhead in interfaces, resulting in storage systems in multiple formats. This results in the same knowledge transfer and support, high cost of storage and transmission issues data being stored in multiple repositories. and back up. Data inconsistency, lack of data ownership over Multiple points of transformation Similar logic/calculations are applied at multiple sites business functionality, lack of control over the data for similar logic across systems. manipulation and increased overhead costs. Confusion and complexity, high dependency on SMEs Inconsistency in Data Mapping No common format for data intake. and additional/complex processing to bring about conformity. Some systems receiving data have explicit Tightly Coupled systems The effort and risk associated with change is magnified. dependencies on systems at the other end. The immediate impact is often on Legal Day 1 Assimilation of data across merging entities brings reporting which is manual, intensive and might not be about unique challenges in terms of platform accurate. Mergers and Acquisitions incompatibility, data dictionary mismatch, sunset of legacy applications, lack of formal data governance Increased costs due to multiple systems across the policies and many more. entities. Incorrectly assimilated data and systems can lead to top line and bottom line impacts.An Approach to Enterprise Risk Data GovernanceData Governance goes hand in hand with setting up the Data Management Infrastructure and Platform. When rolling out the architectureand systems for managing and reporting the data, it is essential to have a strong Data Governance mechanism that will monitor and controlthe data itself.An Enterprise Risk Data Governance Solution has 3 main Pillars: “People, Process and Technology”. This approach leverages enterprise dataand information as a key asset increasing the quality, consistency and confidence of decision making. The first figure below is a simpleillustration of a Basel risk reporting platform. Data governance is expected to permeate every activity in this system and be prevalent acrossthe life cycle of data. The second figure illustrates the People, Process and Technology approach to data governance. Infosys – White Paper | 3
Enterprise Risk Data Governance in a Basel Environment Data Sources Origination System Basel II Risk Environment RWA Calculation and Reporting Servicing Risk Datamarts System G/L Reconciliation Collateral RWA Calculator Data Quality/ ODS/Staging/CDC Mgmt. System Source System Extracts Factor Model Environment Risk Datawarehouse Loss & Reporting Tool Recovery Segment ETL ETL System Definition PD, LGD, Reference EAD FFIEC 101 Data Reports Op Risk Models External ICAAP Sources Reports Model Validation/ Feedback Management Reports General Model Execution and Output Ledger Data Governance e Risk data Gover erpris na nt nc E e · Manage & Feedback Assessment & Control · Review, approve, · Stake Holders monitor policy · Office of Data Collect, choose, Governance · review, approve, monitor standards · Data Stewards Pro ple · Align sets of policies Successful Data ce and standards o Pe ss Governance · Contribute to Business Rules · Regulations · Contribute to Data · Internal Policy Strategies · Risk handling procedures Identify stakeholders and establish decision rights Technology Enhance Monitor Confrom Standards, Strategy & Data Quality Assurance Create Measure Clean Customised Rules Datatype Mismatch Data Consistency De - Duplication Special data Data Parsing Missing Values Referential Intergrity Data Enrichment Data Matching Exception Handling Data Pattern Check Data Validation The role of people in data governance is one of the most important dimensions. Inculcating an enterprise wide sensitivity to Data Governance starts with building a Data Governance Council. The Council is responsible for formulating policy regarding storage, modification and PEOPLE distribution of data across the organization; maintaining the integrity of the data and providing broad guidelines. The data governance council is also responsible for creating awareness that data can be an asset to the organization if it is maintained correctly.4 | Infosys – White Paper
There are a few main roles that should be established as part of the Data Governance Council.Data Steward: This is a quality control role and is an executive of the data governance council who is entrusted to provide custodial care ofdata and is focused on improving data quality to the level required by the business.The role of the steward focuses on the following: • Business definitions and rules • Identification of critical data elements • Data quality monitoring, issue identification and resolution • Identification of trusted sources of data • Support in the simplification of the data environmentThe data steward needs to set a specific and measurable goal for data quality and is responsible for guiding the effort. An important aspecthere is culturally sensitivity, as there are many stake holders who are involved in framing the data governance policy and there will beconsiderable impact to lines of business within the organization. The data steward is also responsible for resolving any conflicts arising outof the new policies that are being established.Data Champion: Is appointed by the data governance council and is responsible for exception management as far as data quality is concerned.The data champions work on risk data exceptions and analyze every exception due to the deviations from the expected risk data qualitynorms. The data champion also lays down the business rules in consultation with people from the risk management team.Data Analyst: The data analyst provides a 360 degree view of risk data from different sources. The data analyst helps in the analysis of differentfeeds and sources for consumption of the risk related data with respect to Fit for Purpose. The risk data analyst, along with the data champion,is responsible for framing the matching logic used when standardizing the data from disparate sources.The Council forms a core part of the overall Data Governance strategy of the firm. The Council will put in place various processes, workflowsand solutions to deliver the Data Governance Vision. From studying past failures, it is clear that the absence of a strong data governance policy coupled with faulty business processes lead to poor data quality. The Data Governance process starts with the creation, documentation and implementation of data governance policies and procedures which should ensure data consistency, data standardization, data reusability PROCESS and data distribution within the organization. A formal governance council needs to be put in place to ensure the smooth implementation of these policies and procedures and provide a mechanism for communication of data related initiatives throughout the organization. The council will be a liaison between the business and the IT functions, which will review and monitor the data policy from time to time.When establishing the norms, data quality should be defined and monitored thoroughly on many dimensions such as completeness,conformity and consistency while maintaining data integrity throughout the life cycle of the business.Data quality assessment and improvement requires established processes for data profiling, standardization, matching and monitoring.Data Profiling is the systematic analysis of data to gather actionable and measurable information about its quality. Information gatheredfrom Data Profiling activities are used to assess the overall health of the data and determine the direction of data quality initiatives. Datastandardization is the process of detecting and correcting erroneous data and data anomalies within and across systems. It also ensuresthat the data conforms to the data quality standards. The standardized data is then used for matching purposes across various systems.Data matching across the systems reduces duplication and is also a means to identify similar data across systems. Data monitoring is usuallyan automated process used to continuously evaluate and report on the condition of the enterprise data. Information obtained from datamonitoring activities is used to evaluate the effectiveness of the current processes and identify areas of improvement.Metadata is an often ignored piece of the Data Governance conundrum. The holistic approach to Data Governance should reserve policiesand processes around creating, maintaining and using metadata. Metadata implies data about data; it bridges the business objective withthe information. The data steward or the person(s) reporting to the data steward use metadata in the context of building and expanding anapplication to meet business demands. Infosys – White Paper | 5
Metadata management ensures that metadata is created and captured with all the necessary details at the point of data creation. Metadatashould be stored in a repository that can be used by multiple applications and is not necessarily limited to a central physical repository. Evena logical association is sufficient to provide a link across physical repositories. Metadata captured at the source is helpful in maintaining thedata lineage through the data warehouse till reporting. This way any change arising from the business requirements can be deployed withease, irrespective of where the change occurs in the lineage, which leads to greater confidence in the minds of the end user and the business.Metadata is an invaluable tool when working with auditors and regulators to prove the capability and quality of the Risk Reporting platform.It is imperative to establish processes that take into account all these workflows. Only when one measures the current state of affairs is it possibleto go about fixing them. To this end, Data Governance processes should be clearly communicated and policies should be made a priority. Technology is a great enabler for improving data quality and maintaining data governance in coordination with people and process. The right technology not only acts as a vehicle for people to deliver and monitor the processes, but is also an effective force multiplier. Leveraging TECHNOLOGY technology in the right places, means the Data Governance process is made transparent and at the same time seamless. This is accomplished by providing the right work flow for maintaining data quality and integrity throughout the business life cycle.The right technology allows correlation of data across many sources; matches them and identifies duplicates, primarily around standard typesof client, product and account. It also provides a hub to integrate with other systems and turn data into information. Technology provides ayard stick for measuring the existing data quality and offers many ways for data type validation, corrections and ensures consistency acrossvarious systems. Data quality dashboards provide the data governance council a 360 degree view of the whole data management process andits effectiveness. The dashboards also help in bridging the gap between the business and IT functions by providing a graphical representationof the data quality scoreboard, trends in data quality and the improvement in processes over a period of time.Technology also helps in discovering problems with the data and automating the data quality processes. It helps the business create standardrules for data validation, transformation and standardization; define the workflows; and monitor the data throughout the business life cycle.The figure below is a sample snapshot of key criteria and demonstrates how dashboards can be leveraged to assess data quality. Missing key customer information like Name, phone, email, address components etc Fields % incomplete Fields % incomplete City 0.80 Original Account Name 0.36 Contact Person First Name 0.03 Postal Code 5.11 Country 0.00 Region / State 7.21 E-Mail Address 5.66 Standard Account Name 0.36 Last Name 0.05 Street 1.27 Orphan Sample analysis, pattern incorrect Completeness analysis values in for postal Con ity fields etc codes for egr mit Data Int y Quality Total Number Total number % of Duplicate Metrics ncy of duplicates of US Records Records Dup % non -standard cities and Detailed 10143 1,60,749 6.30% % iste account names lica s report based non-standard Con tes 30.00 20.00 on match Address 10.00 cities and conditions Cleansing 0.00 Account and survivor names identification Address verification Address cleansing Address parsing errors USPS / ROW database Enrichment parametersWhile formulating a Data Governance vision and strategy, technology should not be far behind. Putting in place norms and criteria to enablepeople to leverage the best technology that is relevant is an important step. The technology choices should be influenced by data qualityrequirements, metadata functionality and existing technology in the data management space.6 | Infosys – White Paper
ConclusionData governance is not just about Regulatory Compliance. Setting up a clear DataManagement philosophy and vision across the enterprise is imperative. People, Processesand Technology must be deployed to have the maximum effect on the data that is usedfor operational and management decision making.Data governance must reach beyond complying with legislation. The intent of legislationis to exhibit control over any data that is used for regulatory reporting. A key aspect is toensure that any standards regarding Fit for Purpose are applied throughout the enterprise.Data Governance is also analogous with maintaining and managing the storage andsecurity of sensitive data.All this should allow users and managers to focus on running the business, confident thatthe reports and numbers are accurate and reflect the true position of the organization.Firms should look at this new operating environment as an opportunity to re-jig their datamanagement capabilities and tackle more than regulatory requirements. It is possibleto gain a competitive edge by using risk data that has been rigorously controlled anddelivers a high degree of accuracy. This risk data that is used as the source for insightsinto customer behavior, or a 360 degree view of every dollar, is inherently more reliableand relevant for management decision making. Lastly, Data governance policies andprocesses should be aligned with the risk management philosophy and should be acorner stone of corporate governance. About the Authors Nagharajan Vaidyam Raghavendran is a Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. His responsibilities include solution architecture, design and technical assistance for Data warehousing, Business intelligence and Analytics projects. Sudarsan Kumar is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has over 6 years of experience in designing and delivering complex, large scale Risk Reporting systems. Partha Sarathi Padhi is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has experience in delivering Trade Surveillance and Enterprise Data Management solutions. Infosys – White Paper | 7