Copyright Professional IT Personnel Ltd. - 2010

Achieving Regulatory Compliance

The devil is in the data (Governance)

Ken O’Connor – Professional IT Personnel Ltd.22 Feb 2010

Copyright Professional IT Personnel Ltd. - 2010

Ken O’Connor Data Governance Consultant

Early years in Airline Industry – involved in drive towards information sharing

Past 15 years helping organisations achieve regulatory compliance

– Euro Changeover (Ireland and Europe wide)

– UK Euro Changeover readiness assessments

– Sarbannes Oxley (SOX)

– Anti Money Laundering

– BASEL II

– Single Customer View (UK FSA requirement – 2010)

• Data dependent “End of food chain” programmes

• The same Data Governance issues kept occurring

Copyright Professional IT Personnel Ltd. - 2010

What is Data Governance?

Wikipedia:

• A set of processes that ensures that important data assets are formally managed throughout the enterprise.

 • Data Governance embodies a convergence of

– Data quality– Data management– Business process management– Risk management

surrounding the handling of data in an organization.

Copyright Professional IT Personnel Ltd. - 2010

July 2009 – Started my blogKen O'Connor Data Consultant

Copyright Professional IT Personnel Ltd. - 2010

I posted details of my “Data Governance Issue Assessment Process”

Measures “how well an organisation handles common issues” on a Scale of 0 - 6

0. Unaware 1. Aware2. Understands3. Policy defined4. Process defined5. Infrastructure in place6. Governance in place

Evidence is critical – In SOX terms: “If it’s not written down, it doesn’t exist”. - 5 W’s – Who, What, Why, When & hoW

Copyright Professional IT Personnel Ltd. - 2010

My blog has introduced me to Data Quality Professionals worldwide

Dylan Jones editor@dataqualitypro.com  - Coventry, UK

Henrik Liliendahl Sørensen – Copenhagen DenmarkJim Harris  Iowa, USAPhil Simon  - New York, USACharles Blyth  - York, UK Dalton Cervo  - Denver, USA Daragh O Brien  - Wexford, IrelandJulian Schwarzenbach  - Walsall, UKPhil Wright  - London, UKThorsten Radde  - GermanyRick Wilson – USARonan Brennan  - Dublin, Ireland

Copyright Professional IT Personnel Ltd. - 2010

Data Quality Professionals worldwide experience similar Data Governance issues

Same issues affect far more than Regulatory compliance systems

• Replacement of existing systems (Data Migration)

• Information sharing with Business Partners

• Population of CRM systems – 70% of CRM projects fail (source: Gartner Research)

• Business Intelligence / Data Mining

• Single view of Customer

• Etc.

Copyright Professional IT Personnel Ltd. - 2010

Why is Data Governance important?

PrinciplesBased

RulesBased

• UK FSA has proposed a “Data Accuracy Scorecard”

• Regulators will punish inadequate Data Governance

Regulation

Copyright Professional IT Personnel Ltd. - 2010

In USA, the Financial Crisis Inquiry Commission (FCIC) has begun hearings in Washington

"Providing accurate responses to inquiries about the complex combination of information and data will be crucial to the reputation of a financial services firm and its officers – and may even determine who spends time in jail."

Source: Rick Wilson – Blog post Jan 18 2010

Data Governance

Copyright Professional IT Personnel Ltd. - 2010

Inadequate Data Governance can cost $Millions

20 January 2010 –UK FSA fines Standard Life £2.45m for serious systems and controls failures

In addition:Standard Life paid a further £102.7 Million into the fund to compensate for the losses incurred

What regulation did they break? “There is a regulatory onus on the investment manager to ensure that product information they put into the public domain is consistent, timely and accurate.”

Source: Ronan Brennan's Blog: Data Quality MattersSource: Standard Life and the FSA 

Copyright Professional IT Personnel Ltd. - 2010

What went wrong at Standard Life ?

The FSA investigation concluded that:

• marketing material regarding the Fund was not 'clear, fair and not misleading';

• despite the majority of the Fund being invested in Floating Rate Notes by July 2007, marketing material issued by SLAL referred to the Fund as being wholly invested in cash;

• there were no adequate systems or controls in place to ensure that marketing material issued accurately reflected the investment strategy for the Fund;

Total cost: £105 million

Source: Standard Life and the FSA  InadequateData Governance

Copyright Professional IT Personnel Ltd. - 2010

Exploring Standard Life further…

“There is a regulatory onus on the investment manager to ensure that product information they put into the public domain is consistent, timely and accurate.”

• By July 2007, majority of fund invested in Floating Rate Notes

• As the fund was switched from “Cash” to “Floating Rate Notes”, the updates to the “master” information may have been perfect…

• The marketing material contained a “copy” of the information.

• The marketing “copy” was NOT kept “consistent” with the master

• So simple, so common, so costly, so easily avoided

Copyright Professional IT Personnel Ltd. - 2010

Could your organisation suffer the same fate as

Standard Life? Ask yourself:

1. How is our product data (or Customer data…) captured?2. Where is the “master” held? 3. Where has the “master” been copied to?4. How many copies are there?5. How are the copies kept consistent with the master?6. What controls are in place ?7. Where is evidence of controls being used, and resultant actions?

Copyright Professional IT Personnel Ltd. - 2010

Most Investment Managers believe…

“Most investment managers believe their data is accurate by the time it gets into the public domain, although the behind the scenes processes to getting there are often extremely costly, manual, labor-intensive, prone to error and wholly inefficient.”

Source: Ronan Brennan's Blog: Data Quality Matters

Copyright Professional IT Personnel Ltd. - 2010

People reasonably assume that:

Systems and controls are in place to ensure:

• Our water is safe to drink…

Copyright Professional IT Personnel Ltd. - 2010

People reasonably assume that: Systems and controls are in place to ensure:• Our children are safe in schools, churches

and state institutions…

Copyright Professional IT Personnel Ltd. - 2010

People reasonably assume that: Systems and controls are in place to ensure:• Our hospitals are clean…

Copyright Professional IT Personnel Ltd. - 2010

People reasonably assume that:

Systems and controls are in place to ensure:• Information subject to regulatory compliance

is consistent, timely and accurate.”

Copyright Professional IT Personnel Ltd. - 2010

Craigslist founder on Information Quality

Craig Newmark: Sunday Business Post Interview

“Large organisations are normally run in a way that people tell their boss what they think their boss wants to hear, and that continues right up the ladder,”

‘‘Because of this, the result is that the people making decisions rarely get good-quality information.”

My experience:Senior management in large organisations are unaware that their data governance processes may be inadequate

Now is a good time to check…

Copyright Professional IT Personnel Ltd. - 2010

Let’s explore a classic “End of Food Chain” programme

BASEL II

CRM

Reporting

AML

SOLVENCY II

External Audience

Internal Audience

Canned

Queries

Canned

Queries

Canned

Queries

Canned

Queries

Vendor Solutions

VendorSupplied Data Repository

Extract

Transform

Load

Etc.

Accounts

Transactions

Products

Customer

Data source Data Population

Client Responsibility

Copyright Professional IT Personnel Ltd. - 2010

Data Governance issues cost money…

• Business users experience difficulty and delays in locating required data

• Projects dependent on existing data must

– locate the data and research business rules from first principles

– face the risk of not finding them, or finding inconsistent business rules.  

– deal with the “load and explode” approach to data population

• Repeated re-invention of the wheel, duplication of work, with associated costs.

Copyright Professional IT Personnel Ltd. - 2010

One Notable Exception

• IBM’s Financial Services Data Model (FSDM)

• Dublin based centre of excellence

• BASEL II turned FSDM into “Overnight success”

• Ten years + after it was developed

• Organisations that have adopted the FSDM complete regulatory compliance programmes

– More quickly

– More cost effectively

– With greater degree of confidence in results

Copyright Professional IT Personnel Ltd. - 2010

A tale of a thousand pieces…

• My son loves building lego

• His collection grew with every birthday and Christmas

• Suddenly he lost interest – he found it too difficult to find the piece(s) he needed in the big bucket he was using to hold them

• We sorted the problem out with a trip to the local DIY, followed by hours of fun sorting the pieces into segmented containers…

Copyright Professional IT Personnel Ltd. - 2010

Top Tips to take away

• Inadequate Data Governance can be expensive

• Perform a “Data Governance Health Check” now…

Copyright Professional IT Personnel Ltd. - 2010

Questions ?