Gaining Competitive Advantage Through Risk Data Governance
-
Upload
infosys -
Category
Economy & Finance
-
view
500 -
download
1
Transcript of Gaining Competitive Advantage Through Risk Data Governance
www.infosys.com
Whi
te P
aper
Gaining competitive advantage through Risk Data Governance
- Nagharajan Vaidyam Raghavendran, Sudarsan Kumar, Partha Sarathi Padhi
2 | Infosys – White Paper
As a response to the banking fiascos that mushroomed across the globe, a slew of regulations that aim towards a global recovery have been brought about. Key amongst these is the latest update to the BASEL rules. It is set to bring about a sea change for the financial services industry by redefining focus areas. There is even more stress on achieving higher levels of transparency and increasing the quality of assets. This provides an opportunity for the financial services industry to reinvent itself by reducing the redundancies that exist across different lines of business. The recurring challenge has been around consolidating data silos which originate from disparate systems. To achieve complete transparency and accuracy in regulatory risk reporting, it is evident that the quality and integrity of the data are going to be fundamental building blocks. These are necessary investments towards gaining a bird’s eye view of the process efficiency as well as the imminent risks facing the firm.
In this paper, we examine the need for a comprehensive Data Governance Solution; establish strategic measures towards building it and highlight how it creates a competitive edge for the firm.
Introduction
Why Data Governance?It is said that not all bytes are born equal. Nowhere is this more evident than in a risk information system. An often overlooked aspect when building a risk information system is the quality of the source data.
For regulatory compliance with BASEL norms, the data needs to be procured from a large number of disparate sources which are usually spread across different time zones. The data pertaining to different lines of business reside in silos as the firm operates on different platforms. These varying and often redundant platforms were built to support diverse products and cater to unique requirements across regions and customers.
This silo approach, gave rise to business data marts having multiple versions of the same data across the firm. The lack of consistency amongst these data marts implied massive time and cost requirements for reconciliation.
Data needs to be treated as a strategic asset and needs to be governed throughout its process cycle and end-usage. A strategic initiative towards this goal would be to bring people across the enterprise together thereby creating a consistent and holistic view of the company’s data. This would ensure that an accurate statement of the firm’s risk position is available for regulatory reporting and decision making.
The figure below illustrates the deficiencies present in risk information across most firms where the source data is in silos. The deficiencies will be examined across the dimensions of People, Process and Technology.
Causes ofPoor Data quality
Technology
ProcessPeop
le
· Incorrect Design· Incomplete and
poor data standards· Process failure
· Manual Check Error· Limited or no data
Stewardship· Insu�cient Business
awareness
· Disparate sources· ETL Integration errors· Outdated technology
Infosys – White Paper | 3
Challenges with the Existing SystemsThe financial services industry has evolved over the years and is now a complex system with data being transmitted continuously across multiple entities world-wide. At the bare minimum, there are applications spanning front-office, middle-office and back-office platforms with data being transferred back and forth, not to mention the myriad external sources of data. In this scenario, it is easy to see why numerous, disparate versions of the same data are present across the organization. The lack of consistency amongst the data marts and many applications is a core issue that needs to be highlighted and addressed. Overall, the present data architecture can be viewed as a set of multiple and inconsistent data marts, causing difficulties in the integration of data, which in turn presents limitations in the data validation process.
In the table below, we look at the business impact stemming from these challenges.
Issue Description Impact
All or nothing processingSome data errors have a disproportionate impact. i.e. they unnecessarily stop the system, rather than set aside an error record and process the good records.
Increased business system downtime leading to higher overhead costs for providing continuous support.
Multiple point-to-point interfaces, resulting in storage and transmission issues
The same data is sent multiple times to multiple systems in multiple formats. This results in the same data being stored in multiple repositories.
Increased impact of changes, complexity, overhead in knowledge transfer and support, high cost of storage and back up.
Multiple points of transformation for similar logic
Similar logic/calculations are applied at multiple sites across systems.
Data inconsistency, lack of data ownership over business functionality, lack of control over the data manipulation and increased overhead costs.
Inconsistency in Data Mapping No common format for data intake.Confusion and complexity, high dependency on SMEs and additional/complex processing to bring about conformity.
Tightly Coupled systems Some systems receiving data have explicit dependencies on systems at the other end. The effort and risk associated with change is magnified.
Mergers and Acquisitions
Assimilation of data across merging entities brings about unique challenges in terms of platform incompatibility, data dictionary mismatch, sunset of legacy applications, lack of formal data governance policies and many more.
The immediate impact is often on Legal Day 1 reporting which is manual, intensive and might not be accurate.
Increased costs due to multiple systems across the entities. Incorrectly assimilated data and systems can lead to top line and bottom line impacts.
An Approach to Enterprise Risk Data GovernanceData Governance goes hand in hand with setting up the Data Management Infrastructure and Platform. When rolling out the architecture and systems for managing and reporting the data, it is essential to have a strong Data Governance mechanism that will monitor and control the data itself.
An Enterprise Risk Data Governance Solution has 3 main Pillars: “People, Process and Technology”. This approach leverages enterprise data and information as a key asset increasing the quality, consistency and confidence of decision making. The first figure below is a simple illustration of a Basel risk reporting platform. Data governance is expected to permeate every activity in this system and be prevalent across the life cycle of data. The second figure illustrates the People, Process and Technology approach to data governance.
4 | Infosys – White Paper
PEOPLE
The role of people in data governance is one of the most important dimensions. Inculcating an enterprise wide sensitivity to Data Governance starts with building a Data Governance Council. The Council is responsible for formulating policy regarding storage, modification and distribution of data across the organization; maintaining the integrity of the data and providing broad guidelines. The data governance council is also responsible for creating awareness that data can be an asset to the organization if it is maintained correctly.
Enterprise Risk data Governance
· Regulations· Internal Policy· Risk handling procedures
Successful Data Governance
Process
Confrom
Create Measure Clean
Datatype Mismatch Data Consistency
Referential IntergrityMissing Values
De - Duplication Special data
Data Pattern Check
Data Parsing
Data Enrichment Data Matching
Data Validation
Peop
le
Technology
Assessment & Control
Customised Rules
· Stake Holders· O�ce of Data
Governance· Data Stewards
·
·
·
·
·
·
Manage & Feedback
Review, approve,monitor policy
Collect, choose,review, approve,monitor standards
Align sets of policies and standards
Contribute to Business Rules
Contribute to Data Strategies
Identify stakeholders and establish decision rights
Enhance
Standards, Strategy & Data Quality Assurance
Monitor
Exception Handling
Origination System
Servicing System
Collateral Mgmt.
System
Loss & Recovery
System
Reference Data
General Ledger
External Sources
Sour
ce S
yste
m E
xtra
cts
Dat
a Q
ualit
y/ O
DS/
Stag
ing/
CDC
Risk Datamarts
Segment De�nition
PD, LGD, EAD
Op Risk Models
Model Validation/ Feedback
Factor Model Environment
Model Execution and Output
G/L ReconciliationRWA Calculator
Reporting Tool
ICAAP Reports
Management Reports
FFIEC 101 Reports
Data Governance
Risk
Dat
awar
ehou
se
Data Sources
ETL
ETL
Basel II Risk Environment RWA Calculation and Reporting
Enterprise Risk Data Governance in a Basel Environment
Infosys – White Paper | 5
There are a few main roles that should be established as part of the Data Governance Council.
Data Steward: This is a quality control role and is an executive of the data governance council who is entrusted to provide custodial care of data and is focused on improving data quality to the level required by the business.
The role of the steward focuses on the following:
• Business definitions and rules
• Identification of critical data elements
• Data quality monitoring, issue identification and resolution
• Identification of trusted sources of data
• Support in the simplification of the data environment
The data steward needs to set a specific and measurable goal for data quality and is responsible for guiding the effort. An important aspect here is culturally sensitivity, as there are many stake holders who are involved in framing the data governance policy and there will be considerable impact to lines of business within the organization. The data steward is also responsible for resolving any conflicts arising out of the new policies that are being established.
Data Champion: Is appointed by the data governance council and is responsible for exception management as far as data quality is concerned. The data champions work on risk data exceptions and analyze every exception due to the deviations from the expected risk data quality norms. The data champion also lays down the business rules in consultation with people from the risk management team.
Data Analyst: The data analyst provides a 360 degree view of risk data from different sources. The data analyst helps in the analysis of different feeds and sources for consumption of the risk related data with respect to Fit for Purpose. The risk data analyst, along with the data champion, is responsible for framing the matching logic used when standardizing the data from disparate sources.
The Council forms a core part of the overall Data Governance strategy of the firm. The Council will put in place various processes, workflows and solutions to deliver the Data Governance Vision.
When establishing the norms, data quality should be defined and monitored thoroughly on many dimensions such as completeness, conformity and consistency while maintaining data integrity throughout the life cycle of the business.
Data quality assessment and improvement requires established processes for data profiling, standardization, matching and monitoring. Data Profiling is the systematic analysis of data to gather actionable and measurable information about its quality. Information gathered from Data Profiling activities are used to assess the overall health of the data and determine the direction of data quality initiatives. Data standardization is the process of detecting and correcting erroneous data and data anomalies within and across systems. It also ensures that the data conforms to the data quality standards. The standardized data is then used for matching purposes across various systems. Data matching across the systems reduces duplication and is also a means to identify similar data across systems. Data monitoring is usually an automated process used to continuously evaluate and report on the condition of the enterprise data. Information obtained from data monitoring activities is used to evaluate the effectiveness of the current processes and identify areas of improvement.
Metadata is an often ignored piece of the Data Governance conundrum. The holistic approach to Data Governance should reserve policies and processes around creating, maintaining and using metadata. Metadata implies data about data; it bridges the business objective with the information. The data steward or the person(s) reporting to the data steward use metadata in the context of building and expanding an application to meet business demands.
PROCESS
From studying past failures, it is clear that the absence of a strong data governance policy coupled with faulty business processes lead to poor data quality. The Data Governance process starts with the creation, documentation and implementation of data governance policies and procedures which should ensure data consistency, data standardization, data reusability and data distribution within the organization. A formal governance council needs to be put in place to ensure the smooth implementation of these policies and procedures and provide a mechanism for communication of data related initiatives throughout the organization. The council will be a liaison between the business and the IT functions, which will review and monitor the data policy from time to time.
6 | Infosys – White Paper
Metadata management ensures that metadata is created and captured with all the necessary details at the point of data creation. Metadata should be stored in a repository that can be used by multiple applications and is not necessarily limited to a central physical repository. Even a logical association is sufficient to provide a link across physical repositories. Metadata captured at the source is helpful in maintaining the data lineage through the data warehouse till reporting. This way any change arising from the business requirements can be deployed with ease, irrespective of where the change occurs in the lineage, which leads to greater confidence in the minds of the end user and the business. Metadata is an invaluable tool when working with auditors and regulators to prove the capability and quality of the Risk Reporting platform.
It is imperative to establish processes that take into account all these workflows. Only when one measures the current state of affairs is it possible to go about fixing them. To this end, Data Governance processes should be clearly communicated and policies should be made a priority.
TECHNOLOGY
Technology is a great enabler for improving data quality and maintaining data governance in coordination with people and process. The right technology not only acts as a vehicle for people to deliver and monitor the processes, but is also an effective force multiplier. Leveraging technology in the right places, means the Data Governance process is made transparent and at the same time seamless. This is accomplished by providing the right work flow for maintaining data quality and integrity throughout the business life cycle.
The right technology allows correlation of data across many sources; matches them and identifies duplicates, primarily around standard types of client, product and account. It also provides a hub to integrate with other systems and turn data into information. Technology provides a yard stick for measuring the existing data quality and offers many ways for data type validation, corrections and ensures consistency across various systems. Data quality dashboards provide the data governance council a 360 degree view of the whole data management process and its effectiveness. The dashboards also help in bridging the gap between the business and IT functions by providing a graphical representation of the data quality scoreboard, trends in data quality and the improvement in processes over a period of time.
Technology also helps in discovering problems with the data and automating the data quality processes. It helps the business create standard rules for data validation, transformation and standardization; define the workflows; and monitor the data throughout the business life cycle.
The figure below is a sample snapshot of key criteria and demonstrates how dashboards can be leveraged to assess data quality.
While formulating a Data Governance vision and strategy, technology should not be far behind. Putting in place norms and criteria to enable people to leverage the best technology that is relevant is an important step. The technology choices should be influenced by data quality requirements, metadata functionality and existing technology in the data management space.
Fields % incompleteCity 0.80Contact Person First Name 0.03Country 0.00E-Mail Address 5.66Last Name 0.05
Fields % incompleteOriginal Account Name 0.36Postal Code 5.11Region / State 7.21Standard Account Name 0.36Street 1.27
Missing key customer information like Name, phone, email, address components etc
Orphan analysis,
incorrect values in �elds etc
Detailed report based
on match conditions
and survivor identi�cation
Enrichment parameters
Sample pattern analysis for postal codes
% non-standard cities and Account names
Total Number of duplicates
Total number of US Records
% of Duplicate Records
10143 1,60,749 6.30%
0.0010.0020.0030.00
% non -standard cities and account names
Address veri�cation
Address cleansing
Address parsing errors
USPS / ROW database
Data Quality Metrics
Completeness
Integrity
Consistency
Conformity
Duplicates
AddressCleansing
Infosys – White Paper | 7
About the AuthorsNagharajan Vaidyam Raghavendran is a Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. His responsibilities include solution architecture, design and technical assistance for Data warehousing, Business intelligence and Analytics projects.
Sudarsan Kumar is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has over 6 years of experience in designing and delivering complex, large scale Risk Reporting systems.
Partha Sarathi Padhi is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has experience in delivering Trade Surveillance and Enterprise Data Management solutions.
ConclusionData governance is not just about Regulatory Compliance. Setting up a clear Data Management philosophy and vision across the enterprise is imperative. People, Processes and Technology must be deployed to have the maximum effect on the data that is used for operational and management decision making.
Data governance must reach beyond complying with legislation. The intent of legislation is to exhibit control over any data that is used for regulatory reporting. A key aspect is to ensure that any standards regarding Fit for Purpose are applied throughout the enterprise. Data Governance is also analogous with maintaining and managing the storage and security of sensitive data.
All this should allow users and managers to focus on running the business, confident that the reports and numbers are accurate and reflect the true position of the organization.
Firms should look at this new operating environment as an opportunity to re-jig their data management capabilities and tackle more than regulatory requirements. It is possible to gain a competitive edge by using risk data that has been rigorously controlled and delivers a high degree of accuracy. This risk data that is used as the source for insights into customer behavior, or a 360 degree view of every dollar, is inherently more reliable and relevant for management decision making. Lastly, Data governance policies and processes should be aligned with the risk management philosophy and should be a corner stone of corporate governance.
© 2012 Infosys Limited, Bangalore, India. Infosys believes the information in this publication is accurate as of its publication date; such information is subject to change without notice. Infosys acknowledges the proprietary rights of the trademarks and product names of other companies mentioned in this document.
About Infosys
Many of the world's most successful organizations rely on Infosys to deliver measurable business value. Infosys provides business consulting, technology, engineering and outsourcing services to help clients in over 30 countries build tomorrow's enterprise.
For more information, contact [email protected] www.infosys.com