Data management in a regulatory context

Within financial services industry, there is always regulatory change. In recent years this has mostly been driven by the financial crash of 2008.

Whilst data management has been addressed as part of existing regulation (e.g. BCBS239) this has generally been treated as an afterthought for specific risk assets, without addressing the more systemic impacts of poorly managed data.

Following the digital revolution, brought in part due to Covid, and also of some of the data protection scandals outside of the Financial Services sector (e.g. Facebook), I would anticipate that there will be regulation soon to specifically address data management over and beyond its current treatment.

This brief paper doesn’t attempt to speculate on the scope of such future regulation, but rather sets out how data management is applicable within the current regulatory landscape.

What is data management?

• The activity of sourcing, storing, and using data securely, accurately, and cost-effectively. This is dependent on consistent, complete, and current definitions of data across the business.
• Focus is often on improving data quality, but also includes ways in which data it is effectively embedded in decisions/processes around it, as well as exploring opportunities to exploit the intrinsic value of data as an asset.
• Ensures competitive advantage through improved business decisions based on accurate, timely data. As the value of data increases so does the need for data management.
• Strong synergies with Data Governance (policy), IT (tools), Engineering (infrastructure) and Data Science (analytics and AI)

Scope of execution

Why is data management important in regulatory context?

General regulatory drivers: New regulatory systems will likely have an impact on data landscape such as changing the use of existing data, integrating data in a new way, or have specific reporting requirements beyond what is there already including:

.... all of which will likely degrade the accuracy of data and introduce new challenges with sourcing/availability.

Specific regulatory drivers: Many regulations (including GDPR, BCBS239, IFRS, MIFID) have recognised that systemic issues of poor data management were a factor of financial crises and so have called out specific data requirements in their regulation, including: 

Other complicating factors: Regulatory projects are often used as a springboard for systemic change. Examples are initiatives such as refactoring into cloud. Do not underestimate impact of data migration, or complexities of increasing scope: Be clear what the business needs are!

Data Management Controls

Data management is as much a control function as it is an execution function.

Hierarchy of BAU controls

These controls are supported by two complementary types of governance, top-down data governance which has the focus of setting direction and policy as well as bottom-up ("at the coal-face") data guilds which are the predominantly means of execution.

Additionally, during “project phases” further controls are necessary: project governance, budget and resourcing controls are likely to be more important in early phases, but should evolve into steady state BAU controls shown above as the project matures.

Data Management Framework

The above controls are supported by a continuous framework. In “Business as Usual” (BAU) data management is a never-ending process. Project are initiated as temporary activity to “get the ball rolling”, but after the project is over, the activity continues.

Data management lifecycle

These are some of the components needed supporting this, that any project will help set-up:

• Roles: Data owners, stewards, governance/enablement officers, analysts etc
• Organisation: Data councils, data guilds, processes, design authorities etc
• Touchpoints: Data engineering, Data science, Data architects, IT etc
• Tools: Dashboard, Monitoring tools, Data profiling (inc AI), Visualisation, ETL, Big data solutions, Cloud solutions, Metadata repositories, Lineage etc   

Data Management Considerations

What does a typical start of a data management project roadmap look like?

Every client requirement is different, but generally I have found these fall into the following pattern:

? Deryck Brailsford March 2021

Deryck Brailsford is a leading data practitioner and change consultant. He has over 25 years regulatory change experience and has consulted for many organisations including KPMG and Morgan Stanley.

If you need any help with data management please contact him on +44 7710 435227 or [email protected]