The emerging core competency of data governance
A good data governance framework requires a wide audit and strategic approach to avoid regulatory risk, and in order to use data as an asset.
Written by a human
Data is the lifeblood of financial services firms. It underpins everything from pricing, order and trade management, risk management and regulatory reporting to financial and corporate systems. Data is being created and utilized, flowing in, through and out of firms continuously.
The amount of data being handled, manipulated and acted on by firms has grown exponentially in recent years. Rapid changes in the uses, and users, of data have increased the already high degree of complexity and inconsistency. That increasing complexity and inconsistency increases the risks of non-compliance, inaccurate information on which to base business decisions or to feed into artificial intelligence models, market misconduct and financial instability.
To combat the increasing risks firms, need to develop a core competency in data governance to seek to ensure secure, accurate, timely, complete and consistent datasets.
| “We have observed that poor data are a root cause in a number of risks requiring remediation within firms. Firms need to continue to improve their ability to aggregate data to ensure that they have the information necessary to support holistic risk management, robust board decision making, and accurate regulatory calculations. Moreover, continued technological developments including increased use of artificial intelligence places heightened importance on the quality and accuracy of the data underpinning these tools.” Extract from Dear CEO letter on supervisory priorities for 2025, Bank of England, January 2025 |
What is data governance?
Data governance is a firm’s approach to the management of its data collection, processing, accuracy, retrieval, consistency and security. It encompasses who has responsibility for data management throughout the data lifecycle and what processes, policies, standards, methodologies and metrics are used for ensuring effective data management and the security protocols used to keep data confidential. It also covers what data a firm has, on what basis and where (and how) it is stored.
An additional benefit of robust data governance is that enables a firm to treat its data as an asset rather than just something it is a custodian for.
The need for a data governance framework
A data governance framework is not a one-size-fits-all and can come in many forms but it must cover the whole data lifecycle – creation, use, communication, (unmodified, original format) retention, retrieval and destruction. This requires a detailed understanding of what data the firm needs to operate, what data it currently has stored in its systems and files, how data is processed, the basis on which certain data is collected and used, and where the data is stored.
An important first step in building a tailored approach to data governance is a comprehensive, firm (and outsourced arrangements) wide audit of what data is held where and why. There are multiple layers of rules and requirements on data governance, protection and management which is a challenge in and of itself but added to the issue is the fact that many firms are still dealing with historic data on legacy, often patchwork systems.
Once firms have a clear and complete picture of their data, they can they build out their strategic framework and approach to data governance.
Strategic approach
There are a number of elements for firms to consider, including whether to move to a centralized approach (say, with a move to the cloud) to enterprise data architecture or whether a more hybrid approach would be preferable. Firms also need to build a data governance strategy that can deal with inconsistencies in external data sources including other firms, vendors and regulators.
There are myriad potential benefits to data standardization and centralization but one which should be considered explicitly is the potential to reduce senior individuals’ personal regulatory risk
Other elements to consider include:
- Business continuity and operational risk where a dependence on critical data sources can lead to significant loss of capability should those sources be interrupted or corrupted.
- Security and confidentiality risk where ineffective data protection controls can result in inadvertent disclosure or unauthorized access to data, either internally or externally.
- Commercial trading risk where both humans and machines rely on accurate data to achieve optimal outcomes in trading, investing and risk management.
- Aggregate exposure risk which occurs when data pertaining to risk positions in different parts of a firm, or running through different systems, cannot be aggregated into a consistent centralized picture of risk exposure in a timely way. This can give rise to significant and unanticipated firm-wide exposures.
- Regulatory enforcement risk – regulators are increasingly taking punitive action against firms which consistently fail to meet their reporting obligations in an accurate and timely manner. Firms that can’t map their data to the requirements of different reporting obligations may face financial, reputational and regulatory consequences. The same goes for senior individuals at firms which have failed to manage their data.
Data is the new oil
With a robust approach to data governance, firms will be able to unlock the inherent value in the data held as well as reduce regulatory risk. There is huge potential to not only gain invaluable business and customer insights but also to rationalize and consolidate how data is held and managed.
For some firms it is likely that potentially significant investment in data governance will be required but the likely benefits should make it a worthwhile use of resources. The Bank of England is not alone in highlighting the need for firms to improve their data governance. Indeed, given regulator’s supervisory priorities and the continuing focus of policymakers, firms should actively consider putting data governance on the board room table. Ideally the board itself should sponsor any data audit required, resource any remedial action and then receive regular updates on compliance with the firm-specific strategic approach to data governance.
