Metadata management: a key enabler in becoming regulatory compliant
The relevance of applying proper metadata management and data lineage practices
Regulators are mandating financial institutions to provide insight into their Finance & Risk data aggregation process. Financial institutions are finding this requirement to be very challenging and time consuming. Metadata management is key in meeting this challenge and must be implemented throughout the entire organisation as a first critical step towards regulatory compliancy.
Today, in financial institutions, data manifests itself in many forms. Each data element has its own distinct use and purpose. However, the use and purpose of the various manifestations are often misunderstood by business and IT people alike. In a set of two articles, we focus on metadata and provide Deloitte’s perspective on how it can aid financial institutions in making the right decisions in becoming regulatory compliant. In the first article we will elaborate on the different types of data and their differences and why metadata is crucial for regulatory compliance (e.g. BCBS #239 and Solvency II). In a second article, we expand the framework for metadata management by providing concrete and practical metadata management best practices.
The international association of data management professionals (DAMA) defines metadata as 'information about the physical data, technical and business processes, data rules and constraints, and logical and physical structures of the data, as used by an organisation'1. In other words metadata is a description of the characteristics of the data (e.g. business and or technical) used within an organisation. Put differently, metadata is data about data.
Across any organisation, different types of metadata are produced by different departments. Business users create metadata from a business perspective. For example definitions of reporting metrics found in (regulatory) reports or descriptions of calculation and derivation rules. On the other hand, technical and operational metadata can be created by developers in the IT department when they create designs for databases including things like table and column definitions. A third form of metadata is created by capturing information on ownership of data or systems, this is known as governance metadata.
How is metadata different from master and reference data?
Metadata is often confused with master and reference data. Starting with master data; this is mostly referred to as customer or product data. It is the financial institution’s core data, for example data about actual clients, such as their name, address, contact details etc. Metadata on the other hand, tells us what information we are capturing about our clients. Metadata originates in the design process of systems and processes whereas master data is created by the systems and processes designed.
Reference data, simply put, is used to classify other data elements to provide us with lists to choose from when entering data into our systems. Continuing with the example of client data; gender, customer type, industry type and phone number type are all examples of reference data.
In short, master data gives us insight into our customers or products, reference data allows to classify and group our data while metadata gives us insight into the data we collect as an organisation. For this reason it makes sense that each of these forms of data are managed by separate stakeholders in different manners.
Metadata is key in providing insight in data flows as required by European supervisors
The regulatory authorities, especially in Europe, are continuously addressing the importance of insight into the institution’s risk data aggregation process. BCBS #239 and Solvency II regulations include principles (see figure 2) which require financial institutions to provide more insight into characteristics of their business data and technical aspects thereof. Currently, many financial institutions consider it challenging to properly control the Finance and Risk data aggregation process from source system to regulatory report, due to a lack of proper metadata management practices.
From our perspective, to enable proper metadata management practices, it’s crucial that metadata management is established around two building blocks:
- All data used in the risk aggregation process must be clearly and unambiguously defined using business language, i.e. business metadata;
- All data should be mapped along the risk data aggregation process from source system to report, i.e. so called data lineage
BCBS #239 principles 2 and 3 imply that banks should manage their metadata, stating that a financial institution should “establish integrated data taxonomies … which includes information on the characteristics of data (metadata)”. For insurers, Solvency II regulation stresses that institutions should be able to provide insight into data flows, processing and control. This insight would not be possible without establishment of the data lineage.
Managing your metadata is a prerequisite for providing insight into data flows and related controls in your organisation. It is vital that financial institutions embed metadata management practices in their way of working and the behaviour of its employees and that the metadata is updated as part of the organisation’s change process. This not only aids regulatory compliance but will provide financial institutions with a competitive advantage in many other areas.
In our next article we will elaborate a bit more on the aspect of data lineage and metadata in the context of regulatory change by providing some concrete best-practices to consider when implementing data lineage in your organisation.
This article was written in conjunction with Johann van Biljon, Thought leader Data Governance at Rabobank.
Would you like more information on metadata management and data lineage? Please contact Yuri Jolly via +31 (0)88 288 3886 or Daan van den Boogaard via +31 (0)88 288 3141.
1. The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK), 2011