White Paper Gaining competitive advantage through Risk Data Governance - Nagharajan Vaidyam Raghavendran, Sudarsan Kumar, Partha Sarathi Padhi www.infosys.com
Introduction As a response to the banking fiascos that mushroomed across the globe, a slew of regulations that aim towards a global recovery have been brought about. Key amongst these is the latest update to the BASEL rules. It is set to bring about a sea change for the financial services industry by redefining focus areas. There is even more stress on achieving higher levels of transparency and increasing the quality of assets. This provides an opportunity for the financial services industry to reinvent itself by reducing the redundancies that exist across different lines of business. The recurring challenge has been around consolidating data silos which originate from disparate systems. To achieve complete transparency and accuracy in regulatory risk reporting, it is evident that the quality and integrity of the data are going to be fundamental building blocks. These are necessary investments towards gaining a bird s eye view of the process efficiency as well as the imminent risks facing the firm. In this paper, we examine the need for a comprehensive Data Governance Solution; establish strategic measures towards building it and highlight how it creates a competitive edge for the firm. Why Data Governance? It is said that not all bytes are born equal. Nowhere is this more evident than in a risk information system. An often overlooked aspect when building a risk information system is the quality of the source data. For regulatory compliance with BASEL norms, the data needs to be procured from a large number of disparate sources which are usually spread across different time zones. The data pertaining to different lines of business reside in silos as the firm operates on different platforms. These varying and often redundant platforms were built to support diverse products and cater to unique requirements across regions and customers. This silo approach, gave rise to business data marts having multiple versions of the same data across the firm. The lack of consistency amongst these data marts implied massive time and cost requirements for reconciliation. Data needs to be treated as a strategic asset and needs to be governed throughout its process cycle and end-usage. A strategic initiative towards this goal would be to bring people across the enterprise together thereby creating a consistent and holistic view of the company s data. This would ensure that an accurate statement of the firm s risk position is available for regulatory reporting and decision making. The figure below illustrates the deficiencies present in risk information across most firms where the source data is in silos. The deficiencies will be examined across the dimensions of People, Process and Technology. Manual Check Error Limited or no data Stewardship Insufficient Business awareness People Process Incorrect Design Incomplete and poor data standards Process failure Causes of Poor Data quality Technology Disparate sources ETL Integration errors Outdated technology 2 Infosys White Paper
Challenges with the Existing Systems The financial services industry has evolved over the years and is now a complex system with data being transmitted continuously across multiple entities world-wide. At the bare minimum, there are applications spanning front-office, middle-office and back-office platforms with data being transferred back and forth, not to mention the myriad external sources of data. In this scenario, it is easy to see why numerous, disparate versions of the same data are present across the organization. The lack of consistency amongst the data marts and many applications is a core issue that needs to be highlighted and addressed. Overall, the present data architecture can be viewed as a set of multiple and inconsistent data marts, causing difficulties in the integration of data, which in turn presents limitations in the data validation process. In the table below, we look at the business impact stemming from these challenges. Issue Description Impact All or nothing processing Some data errors have a disproportionate impact. i.e. they unnecessarily stop the system, rather than set aside an error record and process the good records. Increased business system downtime leading to higher overhead costs for providing continuous support. Multiple point-to-point interfaces, resulting in storage and transmission issues The same data is sent multiple times to multiple systems in multiple formats. This results in the same data being stored in multiple repositories. Increased impact of changes, complexity, overhead in knowledge transfer and support, high cost of storage and back up. Multiple points of transformation for similar logic Similar logic/calculations are applied at multiple sites across systems. Data inconsistency, lack of data ownership over business functionality, lack of control over the data manipulation and increased overhead costs. Inconsistency in Data Mapping No common format for data intake. Confusion and complexity, high dependency on SMEs and additional/complex processing to bring about conformity. Tightly Coupled systems Some systems receiving data have explicit dependencies on systems at the other end. The effort and risk associated with change is magnified. Mergers and Acquisitions Assimilation of data across merging entities brings about unique challenges in terms of platform incompatibility, data dictionary mismatch, sunset of legacy applications, lack of formal data governance policies and many more. The immediate impact is often on Legal Day 1 reporting which is manual, intensive and might not be accurate. Increased costs due to multiple systems across the entities. Incorrectly assimilated data and systems can lead to top line and bottom line impacts. An Approach to Enterprise Risk Data Governance Data Governance goes hand in hand with setting up the Data Management Infrastructure and Platform. When rolling out the architecture and systems for managing and reporting the data, it is essential to have a strong Data Governance mechanism that will monitor and control the data itself. An Enterprise Risk Data Governance Solution has 3 main Pillars: People, Process and Technology. This approach leverages enterprise data and information as a key asset increasing the quality, consistency and confidence of decision making. The first figure below is a simple illustration of a Basel risk reporting platform. Data governance is expected to permeate every activity in this system and be prevalent across the life cycle of data. The second figure illustrates the People, Process and Technology approach to data governance. Infosys White Paper 3
Enterprise Risk Data Governance in a Basel Environment Data Sources Origination System Basel II Risk Environment RWA Calculation and Reporting Servicing System Risk Datamarts Collateral Mgmt. System Loss & Recovery System Reference Data External Sources ETL Data Quality/ ODS/Staging/CDC Source System Extracts ETL Risk Datawarehouse G/L Reconciliation Factor Model Environment Model Validation/ Feedback Segment Definition PD, LGD, EAD Op Risk Models RWA Calculator Reporting Tool FFIEC 101 Reports ICAAP Reports General Ledger Model Execution and Output Management Reports Data Governance Enterprise Risk data Governance Assessment & Control Stake Holders Office of Data Governance Data Stewards People Successful Data Governance Regulations Internal Policy Risk handling procedures Technology Process Manage & Feedback Review, approve, monitor policy Collect, choose, review, approve, monitor standards Align sets of policies and standards Contribute to Business Rules Contribute to Data Strategies Identify stakeholders and establish decision rights Enhance Monitor Confrom Standards, Strategy & Data Quality Assurance Create Measure Clean Customised Rules Datatype Mismatch Data Consistency De - Duplication Special data Data Parsing Missing Values Referential Intergrity Data Enrichment Data Matching Exception Handling Data Pattern Check Data Validation PEOPLE The role of people in data governance is one of the most important dimensions. Inculcating an enterprise wide sensitivity to Data Governance starts with building a Data Governance Council. The Council is responsible for formulating policy regarding storage, modification and distribution of data across the organization; maintaining the integrity of the data and providing broad guidelines. The data governance council is also responsible for creating awareness that data can be an asset to the organization if it is maintained correctly. 4 Infosys White Paper
There are a few main roles that should be established as part of the Data Governance Council. Data Steward: This is a quality control role and is an executive of the data governance council who is entrusted to provide custodial care of data and is focused on improving data quality to the level required by the business. The role of the steward focuses on the following: Business definitions and rules Identification of critical data elements Data quality monitoring, issue identification and resolution Identification of trusted sources of data Support in the simplification of the data environment The data steward needs to set a specific and measurable goal for data quality and is responsible for guiding the effort. An important aspect here is culturally sensitivity, as there are many stake holders who are involved in framing the data governance policy and there will be considerable impact to lines of business within the organization. The data steward is also responsible for resolving any conflicts arising out of the new policies that are being established. Data Champion: Is appointed by the data governance council and is responsible for exception management as far as data quality is concerned. The data champions work on risk data exceptions and analyze every exception due to the deviations from the expected risk data quality norms. The data champion also lays down the business rules in consultation with people from the risk management team. Data Analyst: The data analyst provides a 360 degree view of risk data from different sources. The data analyst helps in the analysis of different feeds and sources for consumption of the risk related data with respect to Fit for Purpose. The risk data analyst, along with the data champion, is responsible for framing the matching logic used when standardizing the data from disparate sources. The Council forms a core part of the overall Data Governance strategy of the firm. The Council will put in place various processes, workflows and solutions to deliver the Data Governance Vision. PROCESS From studying past failures, it is clear that the absence of a strong data governance policy coupled with faulty business processes lead to poor data quality. The Data Governance process starts with the creation, documentation and implementation of data governance policies and procedures which should ensure data consistency, data standardization, data reusability and data distribution within the organization. A formal governance council needs to be put in place to ensure the smooth implementation of these policies and procedures and provide a mechanism for communication of data related initiatives throughout the organization. The council will be a liaison between the business and the IT functions, which will review and monitor the data policy from time to time. When establishing the norms, data quality should be defined and monitored thoroughly on many dimensions such as completeness, conformity and consistency while maintaining data integrity throughout the life cycle of the business. Data quality assessment and improvement requires established processes for data profiling, standardization, matching and monitoring. Data Profiling is the systematic analysis of data to gather actionable and measurable information about its quality. Information gathered from Data Profiling activities are used to assess the overall health of the data and determine the direction of data quality initiatives. Data standardization is the process of detecting and correcting erroneous data and data anomalies within and across systems. It also ensures that the data conforms to the data quality standards. The standardized data is then used for matching purposes across various systems. Data matching across the systems reduces duplication and is also a means to identify similar data across systems. Data monitoring is usually an automated process used to continuously evaluate and report on the condition of the enterprise data. Information obtained from data monitoring activities is used to evaluate the effectiveness of the current processes and identify areas of improvement. Metadata is an often ignored piece of the Data Governance conundrum. The holistic approach to Data Governance should reserve policies and processes around creating, maintaining and using metadata. Metadata implies data about data; it bridges the business objective with the information. The data steward or the person(s) reporting to the data steward use metadata in the context of building and expanding an application to meet business demands. Infosys White Paper 5
Metadata management ensures that metadata is created and captured with all the necessary details at the point of data creation. Metadata should be stored in a repository that can be used by multiple applications and is not necessarily limited to a central physical repository. Even a logical association is sufficient to provide a link across physical repositories. Metadata captured at the source is helpful in maintaining the data lineage through the data warehouse till reporting. This way any change arising from the business requirements can be deployed with ease, irrespective of where the change occurs in the lineage, which leads to greater confidence in the minds of the end user and the business. Metadata is an invaluable tool when working with auditors and regulators to prove the capability and quality of the Risk Reporting platform. It is imperative to establish processes that take into account all these workflows. Only when one measures the current state of affairs is it possible to go about fixing them. To this end, Data Governance processes should be clearly communicated and policies should be made a priority. TECHNOLOGY Technology is a great enabler for improving data quality and maintaining data governance in coordination with people and process. The right technology not only acts as a vehicle for people to deliver and monitor the processes, but is also an effective force multiplier. Leveraging technology in the right places, means the Data Governance process is made transparent and at the same time seamless. This is accomplished by providing the right work flow for maintaining data quality and integrity throughout the business life cycle. The right technology allows correlation of data across many sources; matches them and identifies duplicates, primarily around standard types of client, product and account. It also provides a hub to integrate with other systems and turn data into information. Technology provides a yard stick for measuring the existing data quality and offers many ways for data type validation, corrections and ensures consistency across various systems. Data quality dashboards provide the data governance council a 360 degree view of the whole data management process and its effectiveness. The dashboards also help in bridging the gap between the business and IT functions by providing a graphical representation of the data quality scoreboard, trends in data quality and the improvement in processes over a period of time. Technology also helps in discovering problems with the data and automating the data quality processes. It helps the business create standard rules for data validation, transformation and standardization; define the workflows; and monitor the data throughout the business life cycle. The figure below is a sample snapshot of key criteria and demonstrates how dashboards can be leveraged to assess data quality. Missing key customer information like Name, phone, email, address components etc Fields % incomplete City 0.80 Contact Person First Name 0.03 Country 0.00 E-Mail Address 5.66 Last Name 0.05 Fields % incomplete Original Account Name 0.36 Postal Code 5.11 Region / State 7.21 Standard Account Name 0.36 Street 1.27 Orphan analysis, incorrect values in fields etc Detailed report based on match conditions and survivor identification Total Number Total number % of Duplicate of duplicates of US Records Records 10143 1,60,749 6.30% Integrity Duplicates Completeness Data Quality Metrics Address Cleansing Conformity Address verification Address cleansing Address parsing errors USPS / ROW database Consistency 30.00 20.00 10.00 0.00 % non -standard cities and account names Sample pattern analysis for postal codes % non-standard cities and Account names Enrichment parameters While formulating a Data Governance vision and strategy, technology should not be far behind. Putting in place norms and criteria to enable people to leverage the best technology that is relevant is an important step. The technology choices should be influenced by data quality requirements, metadata functionality and existing technology in the data management space. 6 Infosys White Paper
Conclusion Data governance is not just about Regulatory Compliance. Setting up a clear Data Management philosophy and vision across the enterprise is imperative. People, Processes and Technology must be deployed to have the maximum effect on the data that is used for operational and management decision making. Data governance must reach beyond complying with legislation. The intent of legislation is to exhibit control over any data that is used for regulatory reporting. A key aspect is to ensure that any standards regarding Fit for Purpose are applied throughout the enterprise. Data Governance is also analogous with maintaining and managing the storage and security of sensitive data. All this should allow users and managers to focus on running the business, confident that the reports and numbers are accurate and reflect the true position of the organization. Firms should look at this new operating environment as an opportunity to re-jig their data management capabilities and tackle more than regulatory requirements. It is possible to gain a competitive edge by using risk data that has been rigorously controlled and delivers a high degree of accuracy. This risk data that is used as the source for insights into customer behavior, or a 360 degree view of every dollar, is inherently more reliable and relevant for management decision making. Lastly, Data governance policies and processes should be aligned with the risk management philosophy and should be a corner stone of corporate governance. About the Authors Nagharajan Vaidyam Raghavendran is a Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. His responsibilities include solution architecture, design and technical assistance for Data warehousing, Business intelligence and Analytics projects. Sudarsan Kumar is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has over 6 years of experience in designing and delivering complex, large scale Risk Reporting systems. Partha Sarathi Padhi is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has experience in delivering Trade Surveillance and Enterprise Data Management solutions. Infosys White Paper 7
About Infosys Many of the world's most successful organizations rely on Infosys to deliver measurable business value. Infosys provides business consulting, technology, engineering and outsourcing services to help clients in over 30 countries build tomorrow's enterprise. For more information, contact askus@infosys.com www.infosys.com 2012 Infosys Limited, Bangalore, India. Infosys believes the information in this publication is accurate as of its publication date; such information is subject to change without notice. Infosys acknowledges the proprietary rights of the trademarks and product names of other companies mentioned in this document.