Often, it takes an unexpected disaster for one to realize the precaution that should have been taken from the onset. One of the most significant lessons from the global financial crisis is that banking institutions’ IT and data architectures were inadequate in supporting the broad management of financial risks. In order to help prevent a similar crisis scenario from occurring, the Basel Committee on Banking Supervision (the Basel Committee) put forth rules aimed at strengthening risk data aggregation and risk reporting practices at banks. According to the Basel Committee’s December 2013 report, Progress in Adopting the Principles for Effective Risk Data, BCBS 239 outlines a set of 11 principles, which when implemented, will “enhance risk management and decision-making processes at banks.” But the concept of data governance can be a challenge to even the most prestigious banks and financial institutions.
In preparation to meet the 2016 deadline, banks are facing several implementation challenges such as: legacy spaghetti and silo barriers, a lack of ownership, as well as little executive air cover. In addition, there can be mixed signals around who is responsible for implementation, resulting in issues in the organizational alignment between business, IT and operational capabilities.
In our experience, we believe there are five key questions that every bank should ask themselves when evaluating their organization’s data governance policy:
1. Can you confidently say that your data is defined, harmonized, and appropriately aligned to critical business and risk operation?
As a result of the 2007-2008 crisis, banks and financial institutions are realizing the importance of centralizing and harmonizing their data. But first, banks need to understand the weaknesses in their data governance capabilities. In the Basel Committee’s report, primary weaknesses range from not enough documented policies and procedures around risk data aggregation to fragile risk systems, weak controls around data quality assurance, and a lack of consolidated view of risk.
2. Are you prepared to prove by the deadline that you have a systemic way of working towards an end state?
Compliance on its own is enough of a challenge when it comes to BCBS 239, but compliance by the January 2016 deadline presents a whole new hurdle for some banks and financial institutions to overcome. Entire data architecture processes are due to bear intense scrutiny, and without a solid infrastructure the ability to accurately aggregate risk while having a complete view of exposure, liquidity risk position and reporting is nearly impossible.
As noted in the Basel Committee’s report, “all but one [of 30 G-SIBs] expect to comply with the Principles by January 2016, with time frames of June 2014 to January 2016.” However, some banks may not be fully compliant by the deadline, stating: “of the 30 banks that were identified as G-SIBs during 2011 and 2012, 10 reported that they will not be able to fully comply with the Principles by the 2016 deadline.”
3. Is your data infrastructure up to par?
Many banks are struggling with defining and unifying taxonomies of their risk data repositories, as well as establishing clear risk data ownership. The Basel Committee’s report found that “33% of G-SIBs during 2011 and 2012 will not be able to fully comply with the Principles by the 2016 deadline. The main reason reported is large, ongoing, multi-year IT and data-related projects.” For banks and financial institutions that resort to extensive manual workarounds, they are likely to impair risk data aggregation and reporting which impedes any coherent view into the data management lifecycle. This is crucial for those stressful periods and times when data is demanded at a moment’s notice. The report also shows how banks stack in terms of compliance, and notes “60% are materially non-compliant on data production and control across data lifecycle, while 83% are materially non-compliant on ability to meet ad hoc requests.”
4. Are you treating data governance like a project? Or a process?
For banks and other financial institutions, data governance should not be seen as a one-off intitiatve simply to satisfy compliance with regulations. An effective data governance infrastructure can highlight weaknesses in data source systems allowing banks to refine their processes for financial integrity. According to Forrester research, “less than 15% of organizations have data governance that is linked to business initiatives, objectives and outcomes […] More and more organizations are looking toward data governance as a strategic enterprise competence as they adopt the data driven culture.”
Adopting a data driven culture requires strategic planning with an acute eye on seamless execution in order to achieve enterprise-wide business goals. It is crucial to create a controlled data environment, governed by standards, policies and procedures that are then harmonized across the lifecycle and supported by key stakeholders within the organization. Because this requires a considerable amount of measurement, as well as continuous improvement of data quality, it is recommended to plan ahead and establish clear roles/responsibilies to ensure adequate controls are in place.
5. Do your senior executives have skin in the game?
With the deadline steadily approaching, it is imperative that executives understand the importance of availability and quality of critical data. They must be able stand behind the completeness, integrity, timeliness and accuracy of the data they are submitting to the regulators. Furthermore, if asked by a regulator today, we believe most executives would not be able to generate a full, accurate report as a result of poorly structured and regulated data governance infrastructure.
While executives should be leading the charge in data ownership given the high degree of accountability for risk data quality in the case that a sudden demand for data arises, various data stewards such as, the CIO, CDO and CRO, can also take ownership of the data in the enterprise and make it their duty to operationalize effective data governance. These efforts are most successful when they account for integration across organizational channels, as different parts of the BCBS 239 regulation apply to various stakeholders in a financial institution. With the proper solutions and groundwork in place, compliance to the BCBS 239 regulation in accordance to the deadline can be achieved.
As the speed of aggregating, sanitizing, consolidating and reporting the data grows ever more important, the prospect of overcoming current hurdles and finding solutions in line with BCBS 239 may seem daunting. However, there are several approaches banks can take to alleviate the complexity of the situation. Having a partner that understands regulatory data reporting requirements can aid in identifying the gaps or imbalances in the data, and illuminate them, allowing superb data governance and availability in stressful situations.