A Data Management Maturity Model Case Study Ally Financial Inc., previously known as GMAC Inc., is a bank holding company headquartered in Detroit, Michigan. Ally has more than 15 million customers worldwide, serving over 16,000 auto dealers in the US. In 2009 Ally Bank was launched – at present it has over 784,000 customers, a satisfaction score of over 90%, and has been named the “Best Online Bank” by Money magazine for the last four years. Ally was an early adopter of the DMM, conducting a broad-based evaluation of its data management practices, and creating a strategy and sequence plan for improvements based on the results. Ally’s implementation of an integrated, organization-wide data management program including data governance, a robust data quality program, and managed data standards, resulted in a “Satisfactory” rating on its latest regulatory audit. In this webinar, you will learn: How Ally employed the DMM to evaluate its data management practices Who was involved / lessons learned How Ally prioritized and sequenced data management improvement initiatives How the data management program has been enhanced and expanded Business impacts and benefits realized Major initiatives completed and underway How Ally is leveraging DMM 1.0 to proactively prepare for BCBS 239 compliance.

1. 1
How Ally Financial Has Used the
Data Management Maturity (DMM)SM
Model on its Regulatory Compliance
Journey

2. 2
Discussion Objectives
• How Ally employed the Data Management Maturity (DMM) to evaluate its data
management practices
Who was involved / lessons learned
How Ally prioritized and sequenced data management improvement initiatives
• How the data management program has been enhanced and expanded
Business impacts and benefits realized
Major initiatives completed and underway
• How Ally is proactively preparing for BCBS 239 compliance

3. 3
Regulatory Environment
Regulatory publications have been raising the bar regarding the integrity, accuracy and completeness of
the data used in analytics, management reporting, and regulatory filings. Enterprise Data Governance
within Ally started to take shape under Basel II compliance efforts, and has continued to evolve with new
regulations.
12 CFR Part 252: Enhanced Prudential Standardsfor Bank Holding
Companies and Foreign Banking Organizations;Final Rule:
“……The bank holdingcompany would maintainmanagement
informationsystems and data processes sufficient to enableit to
effectivelyand reliably collect, sort, and aggregatedata and other
informationrelated to liquiditystress testing……….
BCBS 239 - Bank of International Settlement’s “Principles for Effective
Risk Data Aggregation & Risk Reporting”:
o Data Governance/ Architecture / Infrastructure…..
o Aggregation Capabilities-Accuracy / Integrity / Timeliness…
o ReportingPractices – Comprehensiveness, Clarity, Usefulness,
Frequency, Distribution……
Capital Planning at Large Bank Holding Companies:
o Reconciliationand data integrity processes for all key reports
o A capital policy that addressesdata controls
o Data quality and logic checks to ensure results from scenario
analysisreconcile to both management and regulatoryreports, with
transparentmapping between reportingtaxonomies.
ConsumerFinancial Protection Bureau(CFPB) Supervision and Exam
Manual:
“… adequatecontrols and an adequate data integrity programto
ensure that information…is accurate and containsall material
information…”
Dodd-Frank– EnhancedPrudential Standards, Basel III, and SR 12-7
Stress Testing SupervisoryGuidance:
o Data quality and traceability for Capital Management/Stress
Testing / Liquidity
o Data definitionsin line with CCAR Instructions/ FED FR Y9 – 14
Instructions
o “…appropriate managementinformationsystems and data
processes that enableit to collect, sort, aggregate,and update
data…efficientlyand reliably…”
SR 12-17 ConsolidatedSupervision Framework for Large Financial
Institutions:
“ …comprehensivedata collectionand analysis, independentvalidation,
and effective governance,policies,and controls.”
Basel II -
o Creation of a Data Control Framework to ensure documented end-to-end processes that articulate the locations, timing, and activities along the
data path where data control pointsfor Basel ll data elementsare in place and to certify that the data is of sufficientquality(Data profiling, quality,
data remediation and escalationcapabilities)

4. 4
2012 – 2013 Maturity Assessment Initiative
Scope Statement
• Develop a methodology and maturity assessment process that enables an objective, auditable
measure of the current state of Ally’s Enterprise Data Governance Program
• Benchmark and evaluate Ally against industry best practices for data management maturity,
strengths and challenges in order to provide prioritized recommendations
Deliverables
• High-level current state data governance gap assessment / maturity model exercise for each line of
business, identifying observations, and action points
• Prioritized list of major gaps, their dependencies, and actions that need to be undertaken to promote
the target level of maturity
Approach
• Evaluated approach and methodology based on
Industry best practices
Framework and information readily available for use
Sound methodology and outputs
• Selected Data Management Maturity framework
Leveraged Maturity Level Ratings, Definitions, Categories, Process Areas
Scaled down the number of Capability Statements to just over 100

5. 5
Maturity Assessment Approach
Developed
Methodology
& Approved
by Ally’s
Enterprise
Data Council
Kick Off:
Enterprise DG
met with each
LoB Data
Steward to
provide
guidance on
methodology
and training
for completing
Assessment
Pilot:
Pilot
conducted
with one Line
of Business’
Data Stewards
Finalize
Approach:
Compiled
results of pilot,
reviewed with
LoB and
adjusted
approach for
enterprise roll
out
Enterprise
Assessment:
EDG
facilitated
discussions
with each
LoB’s Data
Stewards
Compile
Results:
EDG
facilitated
review
sessions
to discuss
findings with
LoB
Action Plans:
Improve data
management
maturity
across the
enterprise
Quarterly Updates
With the DMM as its model, and merging together lessons learned and industry experience,
Ally defined and embarked on an independent Self-Assessment.
• Ally completed its DMM Assessment in Jan. 2013
• LoBs used results to define their respective action plans to
improve data management capabilities
• 2015 Ally will assess maturity and readiness aligned with the regulatory
“Principles for Risk Data Aggregation and Risk Reporting” (BCBS 239)
and determine reasonable level of target compliance; LoB action plans
will be adjusted accordingly

6. 6
Maturity Assessment Process Lessons Learned
Lots of hand holding
• Initially expected to provide targeted training and easy to use templates that would be competed by
the respective Data Stewards
• Assessment required facilitated sessions with LoB Data Stewards to ensure accurate interpretation of
the maturity statements
Business and Technical team relationships benefited
• Business owners of data had often never met their Technical counterpart
• Lack of real Business “ownership” led to heavy reliance on Technical teams
Confidence in maturity varied significantly
• Received a lot of “Yes, we do that” but “No, we don’t we have it documented” or “Oh yeah, we do
have that capability”
• Resulted in unanticipated education and awareness that helped to drive cultural change
Normalization of results was time consuming
• Compiling the data took much longer than expected and couldn’t be managed
in Excel; we built Access database
• Original Plan = 2 months; Actual Result = 7 months

7. 7
DRIVERS:
• Reporting processes may be
inefficient or inconsistent
• Minimal understanding of where data
is used
• End-to-end view of data flow (or
controls) often doesn’t exist
• Increasing regulatory pressure (“Bar
is Rising”)
BENEFITS:
• Have trust in our data, both historical
and forecasted
• Ensure appropriate use of our data
• Improve data quality
• Ensure compliance with policy and
regulation
• Create a competitive advantage with
our data
• Less data scrubbing, more data
analysis
Ally’s Data Governance Goal
Adoption momentum was gained when we began to focus on:
1. Identification of ACE
2. Establishing data ownership & accountability, achieving
agreement on business definitions
3. Documentation of data flows
4. Monitoring, measuring & reporting on data quality
5. Managing ongoing changes to the data
GOAL
To have measurable
confidence in the data
we are reporting and
using to make
business decisions
Ally Critical Elements (ACE) are
data elements of the highest priority
and importance in performing critical
business functions for one or more
Lines of Business.

8. 8
ACE Pilot
Objective
Demonstrate significant progress toward maturing Ally’s data management and data quality monitoring for
critical data elements used in our Federal capital reporting processes to ensure management and
regulatory confidence in our subsequent submissions
Prioritization
The Enterprise Data Governance team and the Risk Management team recommended a straight-forward
approach to prioritizing how the capital reporting schedules and their associated data are addressed:
1. What business functions are the most critical to Ally?
2. Which schedules should be addressed first to maximize impact and business value?
3. If necessary, LoBs will further prioritize criticality of elements
Recent Federal Regulatory attention has focused on:
• Evaluate oversight related to the overall data governance framework and risk management
• Policies, procedures, and limits being adequate to support effective data aggregation and validation
• Documented data flows and associated control points
• Risk measurement, monitoring, and IT adequately reflect data fluctuations, summarize data
quality issues, track data gaps, and document any deviations

9. 9
The ACE Journey Continues
• Finalizing activities on current engagements and beginning work on additional federal reports
• Planning for numerous other engagements in Treasury, Compliance (Financial Crimes / Money
Laundering), Privacy, Investor Relations reporting, and many others…
2015 Action Plans
• Identified Enterprise Data Governance 2015 objectives and are starting prioritization and scheduling
• EDG will provide minimum action items for each LoB that are focused on:
Ensuring each LoB has designated people in the role of Data Stewards
Forming Data Working Groups for multiple LoB’s in the same product line
Planning for BCBS 239 Regulation Requirements
• Requesting Data Stewards to include key action items in their 2015 performance plans
Major Initiatives….

10. 10
14 Principles (BCBS 239) spanning information, analytics and data management to address
key shortcomings the financial industry experienced
2015 Ally Objective
- Establish understanding of Risk data gaps related to
BCBS 239
- Define Scope of Risk data and Compliance date
targets
- Develop Communication Strategy
- Design assessment approach in alignment with
previous maturity assessment and DMM 1.0
- Finalize gaps and overlap with previous ACE
engagements
- Develop roadmap based upon prioritization with
business and Enterprise Architecture team
Principles of Risk Data Aggregation & Reporting:
1. Governance
2. Data Architecture & Infrastructure
3. Accuracy & Integrity
4. Completeness
5. Timeliness
6. Adaptability
7. Accuracy
8. Comprehensiveness
9. Clarity and Usefulness
10. Frequency
11. Distribution
12. Review
13. Remedial Actions
14. Home Host Cooperation
Governance&
Architecture
AggregationCapabilitiesRiskReportingPractices
SupervisoryReview,
Tools,Cooperation
Risk Data Aggregation & Risk Reporting (BCBS 239)

11. 11
Contact
leslie.burgess@ally.com – Leslie Burgess
313-410-6373 (M)
mmecca@cmmiinstitute.com – Melanie Mecca
240-274-7720 (M)

12. 12
For More DMM Information
Please visit our web site:
Home, FAQs, White Papers, Model Download
http://whatis.cmmiinstitute.com/data-management-maturity
Training Schedule and Registration
http://whatis.cmmiinstitute.com/training
DMM Partner Application
http://partners.clearmodel.com/become-a-partner/become-
partner-dmm/