There’s a lot of talk these days about “right-sizing” regulations, particularly for smaller financial institutions. The question of how to reduce regulatory burdens without increasing risk is a pressing one, certainly. But what about right-sizing your data governance program? Is it possible, in a complex regulatory environment, to reduce the complexity of your governance program without incurring undue risk?
I think it is. And when most banks are taking five to six years to align their practices with BCBS 239 principles, starting small with data governance could actually accelerate your path to compliance. That’s a pretty big deal.
Why start small? Data governance requires participation across the enterprise—and to be successful it also needs commitment from your executives. Starting small allows you to demonstrate that data governance is not simply a better way to meet stringent regulations (though that’s reason enough to implement a program) but also can help an organization more successfully pursue its business goals. As well, starting small allows you to build a repeatable process, train staff incrementally, and, ultimately, create a “right-sized” data governance program with a better chance of success.
Data governance, essentially, is about putting a program in place to help you understand what data needs to be governed, how it should be governed, and who’s responsible for governing it. Answering those questions for your institution’s data universe can feel overwhelming. So start small.
How small? Choose a single key report—the one your institution requests over and over, or the one that has grown exponentially over the past five years as new questions keep getting asked and apply these six tactics.
1. Identify roles and responsibilities
Determine who touches this report and why. Who creates it? Who approves it? Who uses it? What do they use it for and what makes it relevant for them? Who provides the data? Who owns those system? The processes? Doing so provides you with the broad strokes of a data governance operating model—a framework to help the producers and consumers of those reports collaborate more easily and securely.
2. Define your data domains
Identify the different data elements that your report uses, as well as the data types and data values associated with those elements. Assign domain owners to begin establishing a stewardship hierarchy. By establishing data domains, you will identify additional stakeholders who should be included in your operating model. When it comes to something like customer data, for example, you want to be sure that everyone who uses it has a seat at the governance table.
3. Establish data workflows
Think of this as a data supply chain. Now that you have a good understanding of the data informing the report, begin to prioritize that data. What’s important? Where does that data come from? How does it end up in this report?
4. Establish data controls
This is really the work of governance—establishing appropriate processes to assure the quality and integrity of your data. Define key controls, metrics, and data thresholds. Develop report processes around what data is used and how it is ingested. Establish a feedback mechanism to identify, prioritize, and resolve any data problems. At this point, you’ll see how critical roles and responsibilities are in establishing appropriate controls. Think about how data for operational reports typically has a lower threshold than data for regulatory reports. Having the right experts in the room who can define appropriate thresholds allows you to avoid a “one-size-fits-all” approach that often dooms governance programs.
5. Identify authoritative data sources
Now that you’ve established the purpose of the report and prioritized its key data elements and controls, you can more easily determine what data sources should be authoritative sources for the report going forward. Assess these sources against the controls you’ve established and create a roadmap for promoting adoption of these data sources enterprise-wide.
6. Establish policies and standards
Yes, you’ve been working on policies and standards since Step 1. But now that you’ve proven the value of data governance to your supporting stakeholders, it’s time to roll those policies and standards out more widely. The governance structure you prototyped around your first report will serve as the framework. Remember to clearly communicate roles and responsibilities and always align policies with your institution’s broader data management strategies.
I’ll be talking in depth about what you should be tackling first to meet BCBS 239 guidelines for infrastructure, risk reporting, and data governance at the Data Governance Financial Services Conference in Jersey City in early October. If you’re headed there yourself, feel free to reach out. You can message me via LinkedIn.
For more tips on establishing a data governance program at your institution, check out my previous blogs. We’ve tackled the cost of not having a governance program in place, explored why your business intelligence initiatives might not be working as you’d like them to, and examined the importance of “governing what matters.” Leave a comment!
During his 20+ years in consulting services, Simon helped financial services institutions design and implement data governance processes to support regulatory reporting.