Posted: 18 Nov. 2020 05 min. read

Understanding Data Risk

Regulator pressure is driving a more mature approach to data management

Since our previous blog on effective finance and risk data management  in 2019, there have been significant changes in the operating environment of the Australian banking industry no less for the increased stress COVID-19 has placed on the market and consumers alike.

Many Authorised Deposit-Taking Institutions (ADIs) have reached a baseline stage of data management capability as a result of a recent call to action by the regulators, with many organisations implementing a Chief Data Office and new policies and procedures to uplift their overarching governance processes. This has come in unison with a push by many ADIs to begin identifying and defining their Critical Data Elements (as required under BCBS 239) and their associated data lineage, which has proven to be a complex and time-consuming task.

The global pandemic in 2020 has also impacted business performance and heightened the need for accurate and timely liquidity, capital, and credit reporting. The journey towards a stronger data management capability is in motion and many organisations are ready to accelerate.

Current environment

ADIs have for some time faced an environment characterised by perpetually low interest rates and squeezed margins. There is a growing need for fit for purpose and timely data for decision making "in times of stress". The fallout from COVID-19 has exacerbated this, calling into question the resilience of their portfolios.

In this light, initiatives to decrease operating costs, improve the timeliness and accuracy of financial risk reporting and enhance financial resilience are critical to continued success. The increasing prominence of the financial crime regulator and the need for high quality data have also has forced additional investment in data governance and quality. In addition to these broader trends, we are seeing three key levers that are driving the data risk agenda.

With the Bank for International Settlements publishing its latest progress report on BCBS 239, Progress in adopting the Principles for effective risk data aggregation and risk reporting (2019), it is clear that there is still significant work to be done to achieve global compliance. The report found that no bank is fully compliant, and progress has been particularly slow with respect to Governance practices and Data Architecture and IT Infrastructure.

Through their policy priorities for 2020, the Australian Prudential Regulation Authority (APRA) has placed renewed focus on improving financial and operational resilience for ADIs and have committed to a new cross-industry data management standard which will aim to improve the quality of risk data aggregation and reporting. This has come after a request for ADIs to identify their top 100 Critical Data Elements which will require ADIs to baseline their data requirements and further mature their data requirements.

Customer expectations
The responsible and ethical use of data has captured the minds of consumers across the world. Recent landmark cases on data usage have brought higher customer expectations with the bar not being set by compliance with law but rather to broader ethical standards. This has coincided with a push to give back ownership and control of data to consumers through the Consumer Data Right which went live earlier this year.

Strategic imperatives
Emerging technologies such as Artificial Intelligence (AI) and cognitive automation are becoming less emerging and more imperative to sustaining a competitive advantage. Deloitte’s State of AI in the Enterprise 2020 found that AI is central to many adopters’ ability to drive value and that the trend is pushing towards ubiquity in adoption. In order to fully harness the benefits of these technologies, high quality and high-volume data is key.

Towards a more mature data management capability

Internal challenges
In addition to the pressures posed by the current operating environment, ADI’s face significant internal challenges to uplifting their data management capability. These include:

  • Legacy systems and processes: Inefficient data architectures and excessive reliance on manual intervention can significantly obstruct the transformation journey. This has been made clear through difficulties in expediting remediation efforts arising as an outcome of the Financial Services Royal Commission.
  • Data culture: A tendency to hoard data and ‘err on the side of caution’ has historically been the norm. However, cutting through this cultural barrier can allow organisations to make informed decisions on the appropriate classification and use of data, and open up new avenues for analysis.
  • Organisational fatigue: The sheer speed and scale of organisational change over the preceding years has meant that further operational and compliance obligations are facing resistance. ‘By design’ processes can help alleviate some of these pressures on employees.

Next steps in uplifting capability
In response to the above, ADIs must make informed decisions to effectively progress the maturity of their data management capabilities. There are still many opportunities to unlock the value of data whilst simultaneously managing regulatory and operational risk:

  • Make the most of technology: The efficiency and effectiveness of Data Platforms has improved significantly over the preceding five years. Selecting and implementing the right technology enablers can allow ADIs to automate data quality at scale, improve governance and control over access rights and uplift metadata management.
  • Stay on the front-foot with governance and compliance: A competitive advantage is not driven from meeting expectations, but from exceeding them and setting the standard. ADIs need to ensure they are anticipating future trends in governance, including what policies on the ethical use of data and AI should be, and driving appropriate accountability structures.
  • Tailoring a data strategy to an organisation’s unique needs: An organisation’s data strategy should align with its overall mission and goals. Setting realistic expectations and identifying opportunities to show value early on can set a strategy up for success and continued executive support.
  • Understanding the data landscape and acknowledging limitations: Taking a pragmatic approach is key to enhancing data management maturity. An understanding of ‘where we are’, ‘where we want to be’ and ‘where can we realistically get to’ should be the first step in strategy development. This will allow ADI’s to agree and prioritise initiatives, establish strategic solutions and position the organisation for success by seeing data as a strategic asset.

Opportunities from better data management
There are multiple benefits from continuing on the data management uplift journey: 

Emerging tech
Greater scale in the availability of high-quality data is central to an effective emerging technology strategy, and the notion of ‘garbage in, garbage out’ has never been more relevant.

Consumer trust
Meeting and exceeding the expectations of consumers by using and managing their information in a responsible way can help re-establish trust and improve loyalty. This will become only more important as further ethical questions are raised by the more prevalent use of emerging technology.

Operational risk management
A holistic data management capability can help decrease the likelihood of errors in decision-making as a result of poor data and can improve financial resilience by allowing for timelier and more accurate financial and risk reporting.

Comprehensive credit reporting
Better understanding of the customer with verifiable positive credit information will help lenders meet their responsible lending requirements and enable them to tailor offerings to customers with proven abilities to manage their credit obligations.

Meet our authors

Simon Crisp

Simon Crisp

Partner, Risk Advisory

Simon is a Partner in Deloitte’s Data Risk and Compliance Analytics team and specialist data and automation leader. Simon has over 20 years’ experience both in operational and consulting data and analytics roles. Simon has an innovative style and is passionate about leveraging data insights and analytics to help businesses and risk functions to drive maximum from their data and to enable effective decision-making. Focus areas include; data and analytics strategy, digital risk, big data, robotic and cognitive process automation (RPA), cognitive engagement, CoE design and operating model development, information management, data governance and business intelligence.

Melissa  Ferrer

Melissa  Ferrer

Partner, Consulting

Melissa is a partner in the Sydney Data practice in Deloitte Consulting with over 25 years’ experience in data and information management. She joined Deloitte in Jan 2014. Her role prior to that was Executive Manager, Data Services at CBA, where she worked from 2007 to 2013. Prior to CBA she worked in consulting roles in the US and Australia.

Sean Moore

Sean Moore

Partner, Risk Advisory

Sean has over 20 years’ experience within institutional and investment banking. At Deloitte, Sean is focused on providing his in-depth experience and expertise to financial institutions on Risk, Technology and Business Transformation. Previously, as a Managing Director at some of the largest global banks, he held key roles including Global Head of Operational Risk, APAC Head of Product Control, COO of European Equity Trading, Head of Finance for Continental Europe and COO Australia. His international career has seen him live and work in Australia, New York, London, Zurich, Frankfurt, Singapore and Hong Kong.