www.infosys.com

Whi

te P

aper

Gaining competitive advantage through Risk Data Governance

- Nagharajan Vaidyam Raghavendran, Sudarsan Kumar, Partha Sarathi Padhi

2 | Infosys – White Paper

As a response to the banking fiascos that mushroomed across the globe, a slew of regulations that aim towards a global recovery have been brought about. Key amongst these is the latest update to the BASEL rules. It is set to bring about a sea change for the financial services industry by redefining focus areas. There is even more stress on achieving higher levels of transparency and increasing the quality of assets. This provides an opportunity for the financial services industry to reinvent itself by reducing the redundancies that exist across different lines of business. The recurring challenge has been around consolidating data silos which originate from disparate systems. To achieve complete transparency and accuracy in regulatory risk reporting, it is evident that the quality and integrity of the data are going to be fundamental building blocks. These are necessary investments towards gaining a bird’s eye view of the process efficiency as well as the imminent risks facing the firm.

In this paper, we examine the need for a comprehensive Data Governance Solution; establish strategic measures towards building it and highlight how it creates a competitive edge for the firm.

Introduction

Why Data Governance?It is said that not all bytes are born equal. Nowhere is this more evident than in a risk information system. An often overlooked aspect when building a risk information system is the quality of the source data.

For regulatory compliance with BASEL norms, the data needs to be procured from a large number of disparate sources which are usually spread across different time zones. The data pertaining to different lines of business reside in silos as the firm operates on different platforms. These varying and often redundant platforms were built to support diverse products and cater to unique requirements across regions and customers.

This silo approach, gave rise to business data marts having multiple versions of the same data across the firm. The lack of consistency amongst these data marts implied massive time and cost requirements for reconciliation.

Data needs to be treated as a strategic asset and needs to be governed throughout its process cycle and end-usage. A strategic initiative towards this goal would be to bring people across the enterprise together thereby creating a consistent and holistic view of the company’s data. This would ensure that an accurate statement of the firm’s risk position is available for regulatory reporting and decision making.

The figure below illustrates the deficiencies present in risk information across most firms where the source data is in silos. The deficiencies will be examined across the dimensions of People, Process and Technology.

Causes ofPoor Data quality

Technology

ProcessPeop

le

· Incorrect Design· Incomplete and

poor data standards· Process failure

· Manual Check Error· Limited or no data

Stewardship· Insu�cient Business

awareness

· Disparate sources· ETL Integration errors· Outdated technology

Infosys – White Paper | 3

Challenges with the Existing SystemsThe financial services industry has evolved over the years and is now a complex system with data being transmitted continuously across multiple entities world-wide. At the bare minimum, there are applications spanning front-office, middle-office and back-office platforms with data being transferred back and forth, not to mention the myriad external sources of data. In this scenario, it is easy to see why numerous, disparate versions of the same data are present across the organization. The lack of consistency amongst the data marts and many applications is a core issue that needs to be highlighted and addressed. Overall, the present data architecture can be viewed as a set of multiple and inconsistent data marts, causing difficulties in the integration of data, which in turn presents limitations in the data validation process.

In the table below, we look at the business impact stemming from these challenges.

Issue Description Impact

All or nothing processingSome data errors have a disproportionate impact. i.e. they unnecessarily stop the system, rather than set aside an error record and process the good records.

Increased business system downtime leading to higher overhead costs for providing continuous support.

Multiple point-to-point interfaces, resulting in storage and transmission issues

The same data is sent multiple times to multiple systems in multiple formats. This results in the same data being stored in multiple repositories.

Increased impact of changes, complexity, overhead in knowledge transfer and support, high cost of storage and back up.

Multiple points of transformation for similar logic

Similar logic/calculations are applied at multiple sites across systems.

Data inconsistency, lack of data ownership over business functionality, lack of control over the data manipulation and increased overhead costs.

Inconsistency in Data Mapping No common format for data intake.Confusion and complexity, high dependency on SMEs and additional/complex processing to bring about conformity.

Tightly Coupled systems Some systems receiving data have explicit dependencies on systems at the other end. The effort and risk associated with change is magnified.

Mergers and Acquisitions

Assimilation of data across merging entities brings about unique challenges in terms of platform incompatibility, data dictionary mismatch, sunset of legacy applications, lack of formal data governance policies and many more.

The immediate impact is often on Legal Day 1 reporting which is manual, intensive and might not be accurate.

Increased costs due to multiple systems across the entities. Incorrectly assimilated data and systems can lead to top line and bottom line impacts.

An Approach to Enterprise Risk Data GovernanceData Governance goes hand in hand with setting up the Data Management Infrastructure and Platform. When rolling out the architecture and systems for managing and reporting the data, it is essential to have a strong Data Governance mechanism that will monitor and control the data itself.

An Enterprise Risk Data Governance Solution has 3 main Pillars: “People, Process and Technology”. This approach leverages enterprise data and information as a key asset increasing the quality, consistency and confidence of decision making. The first figure below is a simple illustration of a Basel risk reporting platform. Data governance is expected to permeate every activity in this system and be prevalent across the life cycle of data. The second figure illustrates the People, Process and Technology approach to data governance.

4 | Infosys – White Paper

PEOPLE

The role of people in data governance is one of the most important dimensions. Inculcating an enterprise wide sensitivity to Data Governance starts with building a Data Governance Council. The Council is responsible for formulating policy regarding storage, modification and distribution of data across the organization; maintaining the integrity of the data and providing broad guidelines. The data governance council is also responsible for creating awareness that data can be an asset to the organization if it is maintained correctly.

Enterprise Risk data Governance

· Regulations· Internal Policy· Risk handling procedures

Successful Data Governance

Process

Confrom

Create Measure Clean

Datatype Mismatch Data Consistency

Referential IntergrityMissing Values

De - Duplication Special data

Data Pattern Check

Data Parsing

Data Enrichment Data Matching

Data Validation

Peop

le

Technology

Assessment & Control

Customised Rules

· Stake Holders· O�ce of Data

Governance· Data Stewards

·

·

·

·

·

·

Manage & Feedback

Review, approve,monitor policy

Collect, choose,review, approve,monitor standards

Align sets of policies and standards

Contribute to Business Rules

Contribute to Data Strategies

Identify stakeholders and establish decision rights

Enhance

Standards, Strategy & Data Quality Assurance

Monitor

Exception Handling

Origination System

Servicing System

Collateral Mgmt.

System

Loss & Recovery

System

Reference Data

General Ledger

External Sources

Sour

ce S

yste

m E

xtra

cts

Dat

a Q

ualit

y/ O

DS/

Stag

ing/

CDC

Risk Datamarts

Segment De�nition

PD, LGD, EAD

Op Risk Models

Model Validation/ Feedback

Factor Model Environment

Model Execution and Output

G/L ReconciliationRWA Calculator

Reporting Tool

ICAAP Reports

Management Reports

FFIEC 101 Reports

Data Governance

Risk

Dat

awar

ehou

se

Data Sources

ETL

ETL

Basel II Risk Environment RWA Calculation and Reporting

Enterprise Risk Data Governance in a Basel Environment

Infosys – White Paper | 5

There are a few main roles that should be established as part of the Data Governance Council.

Data Steward: This is a quality control role and is an executive of the data governance council who is entrusted to provide custodial care of data and is focused on improving data quality to the level required by the business.

The role of the steward focuses on the following:

• Business definitions and rules

• Identification of critical data elements

• Data quality monitoring, issue identification and resolution

• Identification of trusted sources of data

• Support in the simplification of the data environment

The data steward needs to set a specific and measurable goal for data quality and is responsible for guiding the effort. An important aspect here is culturally sensitivity, as there are many stake holders who are involved in framing the data governance policy and there will be considerable impact to lines of business within the organization. The data steward is also responsible for resolving any conflicts arising out of the new policies that are being established.

Data Champion: Is appointed by the data governance council and is responsible for exception management as far as data quality is concerned. The data champions work on risk data exceptions and analyze every exception due to the deviations from the expected risk data quality norms. The data champion also lays down the business rules in consultation with people from the risk management team.

Data Analyst: The data analyst provides a 360 degree view of risk data from different sources. The data analyst helps in the analysis of different feeds and sources for consumption of the risk related data with respect to Fit for Purpose. The risk data analyst, along with the data champion, is responsible for framing the matching logic used when standardizing the data from disparate sources.

The Council forms a core part of the overall Data Governance strategy of the firm. The Council will put in place various processes, workflows and solutions to deliver the Data Governance Vision.

When establishing the norms, data quality should be defined and monitored thoroughly on many dimensions such as completeness, conformity and consistency while maintaining data integrity throughout the life cycle of the business.

Data quality assessment and improvement requires established processes for data profiling, standardization, matching and monitoring. Data Profiling is the systematic analysis of data to gather actionable and measurable information about its quality. Information gathered from Data Profiling activities are used to assess the overall health of the data and determine the direction of data quality initiatives. Data standardization is the process of detecting and correcting erroneous data and data anomalies within and across systems. It also ensures that the data conforms to the data quality standards. The standardized data is then used for matching purposes across various systems. Data matching across the systems reduces duplication and is also a means to identify similar data across systems. Data monitoring is usually an automated process used to continuously evaluate and report on the condition of the enterprise data. Information obtained from data monitoring activities is used to evaluate the effectiveness of the current processes and identify areas of improvement.

Metadata is an often ignored piece of the Data Governance conundrum. The holistic approach to Data Governance should reserve policies and processes around creating, maintaining and using metadata. Metadata implies data about data; it bridges the business objective with the information. The data steward or the person(s) reporting to the data steward use metadata in the context of building and expanding an application to meet business demands.

PROCESS

From studying past failures, it is clear that the absence of a strong data governance policy coupled with faulty business processes lead to poor data quality. The Data Governance process starts with the creation, documentation and implementation of data governance policies and procedures which should ensure data consistency, data standardization, data reusability and data distribution within the organization. A formal governance council needs to be put in place to ensure the smooth implementation of these policies and procedures and provide a mechanism for communication of data related initiatives throughout the organization. The council will be a liaison between the business and the IT functions, which will review and monitor the data policy from time to time.

6 | Infosys – White Paper

Metadata management ensures that metadata is created and captured with all the necessary details at the point of data creation. Metadata should be stored in a repository that can be used by multiple applications and is not necessarily limited to a central physical repository. Even a logical association is sufficient to provide a link across physical repositories. Metadata captured at the source is helpful in maintaining the data lineage through the data warehouse till reporting. This way any change arising from the business requirements can be deployed with ease, irrespective of where the change occurs in the lineage, which leads to greater confidence in the minds of the end user and the business. Metadata is an invaluable tool when working with auditors and regulators to prove the capability and quality of the Risk Reporting platform.

It is imperative to establish processes that take into account all these workflows. Only when one measures the current state of affairs is it possible to go about fixing them. To this end, Data Governance processes should be clearly communicated and policies should be made a priority.

TECHNOLOGY

Technology is a great enabler for improving data quality and maintaining data governance in coordination with people and process. The right technology not only acts as a vehicle for people to deliver and monitor the processes, but is also an effective force multiplier. Leveraging technology in the right places, means the Data Governance process is made transparent and at the same time seamless. This is accomplished by providing the right work flow for maintaining data quality and integrity throughout the business life cycle.

The right technology allows correlation of data across many sources; matches them and identifies duplicates, primarily around standard types of client, product and account. It also provides a hub to integrate with other systems and turn data into information. Technology provides a yard stick for measuring the existing data quality and offers many ways for data type validation, corrections and ensures consistency across various systems. Data quality dashboards provide the data governance council a 360 degree view of the whole data management process and its effectiveness. The dashboards also help in bridging the gap between the business and IT functions by providing a graphical representation of the data quality scoreboard, trends in data quality and the improvement in processes over a period of time.

Technology also helps in discovering problems with the data and automating the data quality processes. It helps the business create standard rules for data validation, transformation and standardization; define the workflows; and monitor the data throughout the business life cycle.

The figure below is a sample snapshot of key criteria and demonstrates how dashboards can be leveraged to assess data quality.

While formulating a Data Governance vision and strategy, technology should not be far behind. Putting in place norms and criteria to enable people to leverage the best technology that is relevant is an important step. The technology choices should be influenced by data quality requirements, metadata functionality and existing technology in the data management space.

Fields % incompleteCity 0.80Contact Person First Name 0.03Country 0.00E-Mail Address 5.66Last Name 0.05

Fields % incompleteOriginal Account Name 0.36Postal Code 5.11Region / State 7.21Standard Account Name 0.36Street 1.27

Missing key customer information like Name, phone, email, address components etc

Orphan analysis,

incorrect values in �elds etc

Detailed report based

on match conditions

and survivor identi�cation

Enrichment parameters

Sample pattern analysis for postal codes

% non-standard cities and Account names

Total Number of duplicates

Total number of US Records

% of Duplicate Records

10143 1,60,749 6.30%

0.0010.0020.0030.00

% non -standard cities and account names

Address veri�cation

Address cleansing

Address parsing errors

USPS / ROW database

Data Quality Metrics

Completeness

Integrity

Consistency

Conformity

Duplicates

AddressCleansing

Infosys – White Paper | 7

About the AuthorsNagharajan Vaidyam Raghavendran is a Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. His responsibilities include solution architecture, design and technical assistance for Data warehousing, Business intelligence and Analytics projects.

Sudarsan Kumar is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has over 6 years of experience in designing and delivering complex, large scale Risk Reporting systems.

Partha Sarathi Padhi is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has experience in delivering Trade Surveillance and Enterprise Data Management solutions.

ConclusionData governance is not just about Regulatory Compliance. Setting up a clear Data Management philosophy and vision across the enterprise is imperative. People, Processes and Technology must be deployed to have the maximum effect on the data that is used for operational and management decision making.

Data governance must reach beyond complying with legislation. The intent of legislation is to exhibit control over any data that is used for regulatory reporting. A key aspect is to ensure that any standards regarding Fit for Purpose are applied throughout the enterprise. Data Governance is also analogous with maintaining and managing the storage and security of sensitive data.

All this should allow users and managers to focus on running the business, confident that the reports and numbers are accurate and reflect the true position of the organization.

Firms should look at this new operating environment as an opportunity to re-jig their data management capabilities and tackle more than regulatory requirements. It is possible to gain a competitive edge by using risk data that has been rigorously controlled and delivers a high degree of accuracy. This risk data that is used as the source for insights into customer behavior, or a 360 degree view of every dollar, is inherently more reliable and relevant for management decision making. Lastly, Data governance policies and processes should be aligned with the risk management philosophy and should be a corner stone of corporate governance.

© 2012 Infosys Limited, Bangalore, India. Infosys believes the information in this publication is accurate as of its publication date; such information is subject to change without notice. Infosys acknowledges the proprietary rights of the trademarks and product names of other companies mentioned in this document.

About Infosys

Many of the world's most successful organizations rely on Infosys to deliver measurable business value. Infosys provides business consulting, technology, engineering and outsourcing services to help clients in over 30 countries build tomorrow's enterprise.

For more information, contact askus@infosys.com www.infosys.com