Insights from Jeff Kimsey & Michael O’Rourke, Nasdaq – It seems like a match made in heaven: Big Data and big financial institutions. After all, banks have always held a large amount of data about their clients, and continuing advances in data aggregation, storage and analysis mean that collected data provides immeasurable value and opportunity.
However, reaping the rewards yielded by Big Data requires hard work and ongoing adaptation. Financial institutions are facing bigger challenges than ever as they juggle increases in data volume, velocity and variety, all while managing risk and regulatory compliance.
So how can banks manage their portion of the 2.5 quintillion bytes of data created each day, and also seize the big opportunities that Big Data affords? Michael O’Rourke, Vice President of Global Information Services Technology at Nasdaq, believes the first step for any financial institutions is to evaluate its current data governance program to see if it aligns with the organisation’s goals, and is achieving all that it needs to in terms of compliance, risk mitigation and opportunity. O’Rourke’s advice is that you first need to be effective, and then you can become efficient.
“Data governance is a process, not a project, and it needs to be part of how your organization does business,” O’Rourke says. “To be successful you want to make it part of your DNA. And as you create new applications, create new products, follow your data governance policies right from the start.”
To analyse a data governance program, every financial institution needs to consider five key questions in order to confidently move forward in the world of Big Data:
1. Have we established a blueprint for the future of the organisation and do we understand what role data plays in that future?
While most institutions have a clear plan as to what they’d like to achieve in the future, knowing the role of data in that plan is fundamental to success. Jeff Kimsey, Vice President of Global Information Services for the Nasdaq Group, believes that without taking into account the role of data in the business roadmap, it will create unnecessary burdens in the future.
“If you are well positioned as an organisation, you are thinking about how your initiatives are going to affect data, and vice-versa, instead of data being an afterthought,” Kimsey says. “By taking data into account in the business roadmap , banks will be much better aligned in creating new products, or interweaving their legacy products and legacy systems into their long-range planning.”
Kimsey also points out that while a small fraction of banks are looking at unstructured data at this point, this type of data has a definite place in any conversation about the future. With the International Data Corporation estimating that unstructured data comprises 90 percent of all digital data, it is no surprise that utilising unstructured data needs to be a future consideration for banks.
2. Is there designated management focused on a practical and enforceable data governance policy?
With data playing such an integral role in the future of any organisation, the management of that data becomes vital. In a recent survey conducted by Forrester Research, organisations with a chief data officer (CDO) were 70 per cent more likely to reduce risk and better ensure compliance than an organisation without a CDO. O’Rourke attributes this statistic to the accountability that comes with having proper management and protocols in place.
“What we’re finding is that more and more companies are having a chief data officer and additional staff associated with that role, and it’s providing value,” O’Rourke says. “You want to have accountability in the organisation for implementing the program. If you don’t set up the right accountability, then the data governance program is not going to add value.”
Kimsey adds that a chief data officer, or someone in a similar position, can add an additional layer of data focus within the organisation.
“It’s about understanding the effects of any change to data throughout the organisation,” Kimsey says. “A chief data officer can be involved in high-level conversations across the organisation, but still have that focus on data. Without a CDO, data will most likely be an afterthought, which increases potential risk.”
However, a CDO is ineffective without a strong data governance policy in place. But, according to O’Rourke, setting the overall direction of your organisation’s data management and defining a data governance policy is not enough. He adds that regularly reviewing and updating that policy is paramount as data volume, velocity and variety grow.
“The key is making sure your data governance policy remains practical and enforceable,” O’Rourke says. “There have to be standards, checks and controls within the policy. If you don’t have those things, you might as well not have the policy.”
The struggle, of course, is to keep the policy simple while still implementing the necessary protocols.
“Obviously, the simpler your program, the easier it is to follow, and the more likely that people will follow it,” O’Rourke says. “You want to design your program from the top down, and then implement it from the bottom up.”
3. Do we understand the current regulations and how they relate to the data we have?
Before financial institutions can establish their compliance with current regulations, there needs to be a complete understanding of what those regulations entail. O’Rourke stresses the importance of knowing the 14 principles of the Basel Committee of Banking Supervision (BCBS) 239 regulations and understanding how those principles relate to the data used by organisations.
“There has been a lot of new regulation that has come down for systematically important institutions, and it is important they understand not only what is part of compliance, but whether or not they are currently compliant,” O’Rourke says.
O’Rourke refers to regulatory compliance as the “table stakes” of data governance, but acknowledges that in order to be compliant, you need to have some level of data quality. Kimsey agrees that the two go hand in hand, which is why an organisation’s regulatory changes need to be thorough, and cannot be done overnight.
“Like any big changes, it takes a long time to make regulatory changes,” Kimsey says, “to be sure that you’re capturing the right data and storing the right data, and that you retain it for the right amount of time.”
If there are regulatory changes to be made, Kimsey says those changes need to be a top priority. “For banks, the two biggest data concerns have to be regulatory concerns and systemic risk.”
4. Do we have systems in place to guarantee data quality, ensure proper entitlements and reduce risk?
A financial institution needs to have more than regulatory compliance in order to be effective. Quality data is a key factor in reducing risk, ultimately making a data governance policy truly effective. Yet, guaranteeing quality data is hard to achieve.
According to O’Rourke, when sourced from multiple discreet computer systems and business lines, the quality of data is often degraded by incompatible definitions, inconsistencies, and duplication.
“With poor data quality, the effectiveness of data governance and controls can be seriously compromised,” says O’Rourke. “Without proper data quality, it will be difficult to have proper entitlements, or to know that you have all the data necessary to mitigate risk.”
In addition, when it comes to data quality, Kimsey points out that organisations need to be accountable for the accuracy, integrity and entitlement usage of the data.
“One of the last things you want to do is make a product or create content and give access to everybody, and then two years down the road, have an audit from a content provider creating millions in risk,” Kimsey says. “You need a definitive understanding of entitlements and policies.”
But how should organisations tackle these issues? O’Rourke suggests implementing procedures to ensure quality data from the moment data is aggregated.
“You want to be proactive and immediately look for inconsistencies and duplications of data,” O’Rourke says. “When you have all these checks and balances in place as the data enters the system, then when you pull the data, you have assurance that the data is quality.” Assuring quality data is an important first step that ties into proper entitlements as well as risk reduction.
5. Are we prioritising the potential value while balancing the risk associated with data opportunities?
Once the hard work of establishing data governance plans, aligning management and implementing protocol changes is underway, banks can confidently put Big Data to work.
“The question is crucial: You have all this data and storage, but how do you actually use it?” Kimsey asks. “How do you use that data to help run your business? That’s an important question to ask.”
There is a lot to consider when looking at new ways to use data, says Kimsey. “Good data and good data use creates a path toward revenue,” he says. “Conversely, without the right data or usage of data, integrating these ideas becomes much more difficult.”
In Big Data, O’Rourke sees risk and opportunity as two sides of the same coin. “When you do your data aggregation and all that goes with it, leaders should be thinking about how they can make better decisions, reduce costs and increase sales and efficiency,” he says. “But you can’t make any of those decisions without weighing the opposite side of the coin, which is risk.” He emphasises that every time a new opportunity is assessed, it is critical that risk be considered.
According to O’Rourke, data governance needs to be an ongoing cycle. After establishing goals, ensure that your program is aligned with those goals, and that the policies are enforceable. Examine that information, do a gap assessment, assign responsibilities, communicate and then validate. Most importantly, continue to repeat and update that cycle.