Posted: 09 Feb. 2022 10 min. read

Seven steps to future fit superannuation data

In this second article in our series exploring innovation in risk and regulatory data and technology, we explore ‘Seven steps to future fit superannuation data’.

At a recent industry round table meeting with a number of Australian superannuation fund trustee CEOs, APRA and ASIC expressed interested in the steps trustees are taking to strengthen data governance, including those over third party arrangements, and to ensure appropriate risk management over data reported in regulatory submissions and public disclosures.

In a continuation of our series of insights on innovation in risk and regulatory data and technology, Deloitte explores how tried and tested steps from the broader financial services industry can be applied to superannuation funds to build trust in their data and improve efficiency in the superannuation data eco-system.

The opportunity

The superannuation data landscape is continually evolving.  To support a well-functioning superannuation system, trustees understand that they must focus on and invest in data governance to better understand data challenges, to facilitate accurate and timely data (including from third party service providers), and to industrialise and professionalise internal reporting functions.

Regulators are expecting trustees to strengthen data governance to ensure appropriate data risk management and to increase both the accuracy and timeliness of regulatory reporting and public and member disclosures.

The challenges

Today’s complex superannuation data eco-system is often characterised by a short-term focus and complexity that is often the result of reliance on multiple third-party service providers. Trustees’ common data challenges include:

  • The ubiquity of manual data entry processes; these drive complexity and unclear roles and responsibilities across the data ecosystem, creating barriers to meeting the data quality expectations of stakeholders.
  • Clearly demonstrating to superannuation fund members the financial benefits of investment in data governance solutions.
  • Inefficient legacy systems; these create difficulties in meeting new reporting requirements in tight timeframes and often require manual work arounds required to address increasingly granular data requirements.
  • The sources of data risk being poorly understood, prioritised and managed.

Seven steps to future-fit superannuation data

As pressures mount, trustees need to actively demonstrate how they can manage fund data efficiently and effectively. By taking the seven key actions below, trustees can establish future-fit data foundations that build on APRA’s CPG 235 Managing Data Risk.

Key action

How to make it work

1. Know your data

Identify, agree and define critical data needs for today and into the future using the lenses of member service, investments, fund operations and external reporting.

2. Understand the end-to-end data supply chain

Understand and validate the data supply chain, including across third parties, to identify key data risks such as sourcing, aggregation, transformation and calculations across business and technology processes.

3. Design data controls that address data risk

Design and implement data controls that address the key data risks across the data supply chain, leveraging automation and emerging technologies when it makes sense to do so.

4. Embed clear accountabilities for data management and expectations around quality

Clearly document ‘fit for purpose’ data quality expectations and embed data management accountabilities, including within service levels with third party providers.

5. Implement effective data oversight and monitoring processes

Measure and monitor the leading and lagging indicators of data risk and drive actions:

  • Examples of leading indicator examples are the numbers of manual processes and data sources.
  • Examples of lagging indicators examples are data quality and data incidents.

6. Invest in data architecture that supports operational efficiency and risk reduction

Design and implement a data and technology architecture that enables data availability and quality expectations to be realised in line with business objectives.

7. Prioritise data risk in the fund’s Risk Management Framework (RMF)

Elevate data risk as a key operational risk that needs to be managed in line with the expectations of the fund’s Risk Management Framework.

To better understand your fund’s data governance maturity, trustees should be asking these three questions:

  • What are the strategic implications and investment considerations across the business to be able to respond to the increasing breadth and depth of regulatory collections effectively and efficiently?
  • What capabilities would be required to achieve this, including those around transitioning from legacy systems, rationalising reporting systems, improving data quality and embedding end-to-end reporting processes?
  • Is your data risk management approach fit-for-purpose?  Does it place enough emphasis on the benefits of being in control of your data?

There are clear longer term operational efficiency and risk reduction benefits from investment in data risk management capabilities; however, the onus is on superannuation fund trustees to drive the agenda for this across the superannuation data ecosystem.  As governments and regulators look to make superannuation data sets more publicly available, transparent and portable, including through an ‘Open Finance’ regime, the time to get in control of your data is quickly running out.

More about our authors

Niall Stevenson

Niall Stevenson

Director, Risk advisory

Niall is a Director in Deloitte’s Regulatory and Risk insights team. Niall is an innovative and resourceful Data Risk Strategy, Governance and Assurance professional with over 15 years experience in solving the challenges business face in the management of information and using it as an enterprise asset. Niall is highly skilled in transforming the Information Management landscapes across businesses into scalable, Governed and manageable solutions, ensuring that the risk appetite meets obligations, community expectation and audit and compliance standards. This is also done with the mindset of privacy by design ensuring data is secure and appropriately used.

Melissa Gomes

Melissa Gomes

Director, Risk Advisory

Melissa has over 20 years’ experience in governance, risk, compliance and operations in financial services, specialising in superannuation. Melissa has held senior roles within the superannuation industry. She has strong experience working with trustees, specifically in respect of governance, compliance and risk management frameworks, and has led several superannuation-focused regulatory change programs, assisted operational change programs across both trustee businesses and superannuation operations, as well as multiple complex successor fund transfers of complex funds. Melissa provides subject matter expertise for superannuation fund internal audit and assurance reviews and has supported clients in the delivery of responses to APRA licensing conditions, covering risk management, insurance in superannuation, resourcing and outsourcing.

More about our authors

Chris Topple

Chris Topple

Principal, Risk Advisory

Chris is a Principal in the Deloitte Risk Advisory team with more than 15 years’ experience leading data-driven risk and regulatory strategy, enablement and assurance programs across financial services. Chris has worked with clients across Australia, New Zealand, Europe and the United Kingdom in a range of scenarios including large scale business transformation, risk and regulatory change, due diligence, mergers and separations. Chris is passionate about enabling business and customer outcomes as the result of the convergence of data, people and technology. His focus areas include data strategy, management and governance, risk data and analytics, digital risk, data regulation and risk and regulatory reporting.  

Simon Crisp

Simon Crisp

Partner, Risk Advisory

Simon is a Partner in Deloitte’s Data Risk and Compliance Analytics team and specialist data and automation leader. Simon has over 20 years’ experience both in operational and consulting data and analytics roles. Simon has an innovative style and is passionate about leveraging data insights and analytics to help businesses and risk functions to drive maximum from their data and to enable effective decision-making. Focus areas include; data and analytics strategy, digital risk, big data, robotic and cognitive process automation (RPA), cognitive engagement, CoE design and operating model development, information management, data governance and business intelligence.