Key topic: Data Management

THE Q_PERIOR DATA MANAGEMENT DESIGN FRAMEWORK

In these times of persistently low base rates, banks are confronted with the specific challenge of rethinking their entire business model as well as meeting current regulatory requirements. In view of this situation, data – and its management – is becoming the most important asset for banks. On the one hand, state-of-the-art data management enables banks to respond quickly and flexibly to market developments related to new technologies or competitors. On the other hand, it enables the specialist departments and IT to keep up with the increasing frequency and granularity of regulatory requirements.

The Q_PERIOR Data Management Design Framework offers an extensive overview of the topic of data management. It examines all aspects of sustainable data management, from data strategy to data culture. The tools and methods mapped out in the framework help you broach these sub-aspects in an efficient and structured manner.

A means of achieving corporate goals, data strategy is all activities which influence data management, data quality, the data model, data architecture, privacy and business aspects.

Minimum Requirements

  • ‘Management must ensure that the bank’s IT strategy provides a means of improving both data aggregation capacities and risk reporting procedures as well as a means of eliminating violations […].’ (BCBS 239, subs. 30)
  • ‘[…] support of these projects through the allocation of appropriate financial and staff resources falls under the remit of the management board.’ (BCBS 239, subs. 30)
  • ‘Large and complex institutes must also issue [strategic] statements in the interests of improving and expanding aggregation capacities for risk data.’ (MaRisk Consultation 02/2016, version of 2/18/16)

Conclusion

  • No explicit requirement for in-house data strategy
  • Creation of a separate data strategy advisable to underscore the importance of the topic.
  • Do not define data strategy as part of IT strategy
  • Responsibility lies with the executive board and the data management organization
Data governance describes the organizational and procedural framework conditions for data management and defines clear roles and responsibilities for data.

Minimum Requirements

  • ‘The tasks and responsibilities that restrict the responsibility for and quality of risk data and information to both business and IT functions should be clearly defined.’ (BCBS 239, subs. 34)
  • ‘The tasks of the […] responsible staff member include: Ensuring the correct entry of data, ensuring that data is up to date […].’ (BCBS 239, subs. 34)
  • ‘At each process stage, responsibilities should be defined and corresponding process-dependent checks instituted. Regular checks should take place to see whether institute-internal regulations, procedures, methods and processes are being adhered to by staff.’ (MaRisk Consultation 02/2016, version of 02/18/16)

Conclusion

  • Establish clear responsibilities for data and set up a central body for data management
  • Definition and implementation of processes for monitoring compliance with data management requirements
  • Define management board responsibility for data (Chief Data Officer role) and initiate culture change
Data quality can be assessed company-wide using various criteria and methods, and sustainable data quality management ensures and improves front-end in-house data quality.

Minimum Requirements

  • ‘Supervisory bodies have an expectation of banks to determine and monitor the accuracy of data; furthermore, appropriate escalation channels and sets of measures are required to counter poor data quality.’ (BCBS 239, subs. 40)
  • ‘Data quality and accuracy should be monitored on the basis of suitable criteria. The institute must formulate internal requirements for the accuracy and integrity of data for this (MaRisk Consultation 02/2016, version of 02/18/16)

Conclusion

  • Sustainable data quality management to ensure structured and comprehensible data quality reporting
  • Potential for continuous data quality improvement
  • Lower expenses in the long-term in data reconciliation, increased process efficiency and cost savings thanks to improved data quality
  • Increased reaction speed for data queries (internal & external) thanks to the higher data quality on a permanent basis
Defining uniform processes for effective, audit-proof changes to IT systems and data repositories. Structured, traceable data management processes support all forms of reporting.

Minimum Requirements

  • ‘The overall risk management concept should include service agreements for outsourced and internal processes of data processing, company principles on data confidentiality, integrity and availability as well as risk management principles. ‘ (BCBS 239, subs. 27)
  • ‘Supervisory bodies have an expectation of banks to document and explain all processes of risk data aggregation, regardless of whether these are automated or manual processes.’ (BCBS 239, subs. 39)
  • ‘The data aggregation capacities of a bank should be flexible and adaptable so that ad-hoc requests can be processed and emerging risks assessed.’ (BCBS 239, sub. 48)
  • ‘Data aggregation capacities must be sufficiently flexible and powerful to be able to disclose and analyze ad-hoc information by various categories.’ (MaRisk Consultation 02/2016, version of 2/18/16)

Conclusion

  • Bank-wide set-up of structured data requirement processes means future viability
  • High degree of standardization for efficiency and flexibility in all processes
  • Simplified data management processes form the basis for digital transformation
A key part of the data architecture is a clear and detailed data budget, specifically dataflows and key figure trees for sustainable data management and flexibility for future changes.

Minimum Requirements

  • ‘A bank must create integrated data taxonomies including a group-wide data architecture which includes details of the characteristics of (meta)data […].’ (BCBS 239, subs. 33)
  • ‘A comprehensive set of harmonized, analytical credit data should reduce the reporting burden considerably over the course of time thanks to the increased continuity of reporting obligations. […] The harmonized dataset on loans will also deliver more detailed information, […]‘ (Regulation (EU) 2016/867, subs. 5)
  • ‘The data structure and data hierarchy must ensure that data can be clearly identified, collated and analyzed and readily available. […] ‘(MaRisk Consultation 02/2016, version of February 18th 2016)

Conclusion

  • Traceable documentation of dataflows (specialist and technical data lineage) to support process optimization.
  • Increased transparency and easier retrievability of necessary information
  • Cataloging of a content-based and technical description of data in a data dictionary, including documentation of the data responsibilities and quality requirements
  • Description of the target data architecture in the data strategy
  • Pooling of specialist and technical responsibility for data architecture
Diverse data regulations (at times contradictory) must be reconciled, e.g. extensive data and aggregation requirements (e.g. BCBS 239) clash with strict privacy rules (EU-DSGVO).

Minimum Requirements

  • ‘The authorizations set up must not come into conflict with the organizational allocation of staff. Specifically in the case of authorization assignments for role models it should be ensured that functional divisions are maintained and conflicts of interest avoided. […]’ (MaRisk Consultation 02/2016, version of 2/18/16)
  • ‘IT systems (hardware and software components) and the associated IT processes must guarantee the integrity, availability, authenticity and confidentiality of data. ‘ (MaRisk consultation 02/2016, version of February 18th 2016)
  • ‘The degree of granularity of contractual partner master data is the contractual partner. Each dataset is clearly identified by combining the following data attributes: a) reportable data ID and b) contractual partner ID. […]’ (Regulation (EU) 2016/867)

Conclusion

  • Review of the previous authorization concepts for each IT system and, where necessary, adjustment of these while taking into consideration responsibilities for certain data
  • Consideration of privacy requirements for the processing of internal and external data requests. Example: Regulation (EU) 2016/867 (AnaCredit) requires the borrower’s address details to be registered. Eligibility should be checked with regard to privacy
  • Increase in the range of responsibilities of the Chief Information Security Officer (CISO) and the reconciliation requirements with other bodies of the bank; the required expertise of a CISO go far beyond pure IT security questions
Changing data and data management requirements call for a rethink in bank management and among staff. Looking to the future, data looks set to become an essential asset in banking.

Minimum Requirements

  • ‘It is standard practice in the independent validation of risk data aggregation and reporting procedures that preferably staff with specialist knowledge in the sectors of IT, data processing and reporting are used.’ (BCBS 239, subs. 29)
  • ‘The relevant staff (business level and IT functions) must ensure, together with risk managers, that appropriate checks are in place throughout the entire data cycle and in all aspects of the technological infrastructure. […]’ (BCBS 239, subs. 34)
  • Regular checks should take place to see whether institute-internal regulations, procedures, methods and processes are being adhered to by staff.’ The checks should be carried out by a body independent of the operational business divisions. ‘ (MaRisk Consultation 02/2016, version of 2/18/16)

Conclusion

  • Increased relevance of data or information in the coming years; gradual increase in the significance of data quality and data management
  • Cost savings and process optimization through use of new technologies
  • Considerable change in the requirements for employees and their expertise; knowledge both in specialist, technical and data sector necessary
  • Early training and CPD for all those involved is essential

Q_PERIOR has all the specialist and technical expertise essential for the successful implementation of sustained data management – all pooled in one central team. We support you with tried and tested tools and methods which we have mapped in the framework amongst other places to help you reach your objectives quickly. Together we can develop a custom and, above all, feasible solution that meets all regulatory requirements – after all, ‘best-in-class’ isn’t always the right option.

Find out more about the issues surrounding IFRA!

MORE
MORE

WE ARE THERE FOR YOU!

With Q_PERIOR, you have a strong partner at your side.
We look forward to your challenge!

2017-10-16T16:58:07+00:00 14. September 2017|