Strong Data Management – An Absolute Necessity

“Five years after the financial crisis, firms’ progress toward consistent, timely, and accurate reporting of top counterparty exposures fails to meet both supervisory expectations and industry self-identified best practices. The area of greatest concern remains firms’ inability to consistently produce high-quality data.”¹

This quote from the Progress Report on Counterparty Data by the Senior Supervisors Group summarizes one of the causes of the financial crisis and the reason that the sizeable investments in improving risk management in the years preceding the crisis seem to have been in vain: There was – and still is – not enough good data about the risk to which a bank is exposed.

Effective risk management that is capable of identifying, assessing, and prioritizing risks is based on a sound infrastructure, powerful analytics, and reliable data. All three ingredients are interconnected and influence each other, as illustrated by Figure 1.

Figure 1. Three ingredients of effective risk management

Source: Moody's Analytics

• Infrastructure comprises not only technical aspects like IT equipment, but also technical organization and processes such as IT governance, roles, responsibilities, and internal policies.
• Analytics refers to the wide variety of quantitative modeling techniques that have developed over the past 20 years to better understand the drivers of risk and predict potential losses resulting from credit or market activities.
• Data includes not only granular information about risk exposure itself, but also the taxonomies that define and categorize that information and the data governance that maintains the accountability and quality of the data.

As the quote from the Senior Supervisors Group suggests, many banks use seriously flawed data, making meaningful risk management next to impossible. Weak data quality is an impediment not only for risk management, but also for the business of a bank in general. As other risk management experts have pointed out, “If the data quality is poor, the information will be poor and only luck can stop the decisions from being poor.”²

From important strategic decisions to mundane issues like standard regulatory reports, the story is the same. A business or business function (like risk management) that has to rely on weak data is ultimately set up for failure. A bank that uses good quality data has an opportunity to outpace its competitors.

There have been numerous attempts in the past two decades to define data quality along a series of dimensions, such as accuracy and consistency.³ Depending on the individual needs of an organization, that definition can vary.

Table 1 shows the typical criteria used by statistics providers like the Statistics and Regulatory Data Division of the Bank of England and Eurostat.⁴ Most of today’s banks fall short in at least one of these areas, giving rise to serious concerns for risk managers.

Table 1. Typical criteria used by statistics providers

Source: Moody's Analytics

Weak data is a common deficiency in almost all businesses. Still, some companies tolerate a certain level of bad data rather than try to manage or eliminate it, because the sources of poor data quality are myriad and addressing them one by one is a laborious, time-consuming, and expensive exercise.

Sooner or later, however, bad data begins to proliferate across systems, and discrepancies grow rapidly, which results in a number of issues:⁵

• Increased downtime for systems to reconcile data
• Diversion of resources from areas important for the business
• Slower deployment of new systems
• Inability to comply with industry and quality standards
• Frustrated employees whose activities are hampered by poor data
• A cumulative increase in costs

There have been several attempts to quantify the cost of bad data quality. The exact cost is difficult to calculate, but research by academics and reports by industry experts provide a number of revealing examples:⁶

• According to a 2010 Forbes survey, data-related problems cost companies more than $5 million annually. One-fifth of the companies surveyed estimated losses in excess of $20 million per year.⁷
• Gartner research shows that 40% of the anticipated value of all business initiatives is never achieved. Poor data quality in both the planning and execution phases of these initiatives is a primary cause.⁸
• Eighty-eight percent of all data integration projects either fail completely or significantly overrun their budgets.⁹
• Seventy-five percent of organizations have identified costs stemming from dirty data.¹⁰
• Thirty-three percent of organizations have delayed or canceled new IT systems because of poor data.¹¹
• Organizations typically overestimate the quality of their data and underestimate the cost of errors.¹²
• One telecommunications firm lost $8 million a month because data entry errors incorrectly coded accounts, preventing bills from being sent out.¹³
• One large bank discovered that 62% of its home equity loans were being calculated incorrectly, with the principal getting larger each month.¹⁴
• One regional bank could not calculate customer or product profitability because of missing and inaccurate cost data.¹⁵

These findings provide an idea of the extent to which weak data quality can add to a business’s costs. Given that these examples stem from research and industry reports that cover the first decade of the 21st century, one must ask why data quality management has not been addressed more seriously by those responsible.

Experts have repeatedly identified two main reasons for the weak data quality that plagues many banks – the lack of accountability and commitment by the organization’s senior management to address weak data, and the lack of effective technologies to monitor, manage, and correct inaccurate data when needed.

To address the lack of senior management involvement, the Basel Committee on Banking Supervision (BCBS) outlined a number of new responsibilities. Boards must now determine their risk reporting requirements and be aware of the limitations that prevent a comprehensive aggregation of risk data in the reports they receive.¹⁶ Senior management must also ensure that its strategic IT planning process includes both a way to improve risk data aggregation capability and the creation of an infrastructure that remedies any shortcomings against the principles defined by the BCBS.

These obligations will cover the entire value chain of a bank’s data, because the BCBS requires that senior management understand the problems that limit the comprehensive aggregation of risk data in terms of:

• Coverage – i.e., are all risks included?
• Technical aspects – i.e., how advanced is the level of automation, vs. manual processes?
• Legal aspects – i.e., are there any the limitations to sharing data?

To comply with these requirements, a bank will need to establish strong data governance covering policies, procedures, organization, and roles and responsibilities as part of its overall corporate governance structure.

By setting up stronger data governance structures, banks will address the first main data quality weakness and define the correct use of and accountability for that data. Data governance should also include the scope of a bank’s IT governance by considering data quality aspects and processes.

Because data changes constantly, continuously monitoring it to maintain quality will only become more and more important. Figure 2 outlines the process.¹⁷

Figure 2. Monitoring and maintaining data quality – step-by-step process

Source: Moody's Analytics

Once data is extracted from source systems, the next step – profiling – applies rules and error checks to assess the overall quality of the data. Profiling involves identifying, modifying or removing incorrect or corrupt data, with the goal of retaining just one unique instance of each datum. This step is also supported by the BCBS, which requests that banks “strive toward a single authoritative source for risk data per each type of risk.”¹⁸

Based on lessons learned, the set of rules and checks will evolve to avoid the repetition of previously identified data errors. Automating these processes will help maintain data quality and even enhance it by making the data more comprehensive.

To address the second reason – the lack of effective technologies – banks today have the opportunity to select from a wide range of tools and solutions that support processes to improve and maintain data quality. Most banks already have some components that could form the foundation of a data quality framework, which they could then enhance with new components as required.

The requirements for effective technologies hinge on speed, scalability, reliability, and adaptability. Speed and scalability speak to the ever-growing amounts of different types of data stored in multiple, siloed systems based on entities, lines of businesses, risk types, etc. After identifying which system contains the required data, an expert must extract, standardize, and consolidate it to assess its quality.

Despite the fact that many banks employ large numbers of employees to capture, review, and validate data (as well as find gaps), they still struggle with poor data quality in their core systems, as a result of input errors, unchecked changes, and the age of the data (particularly with information stored in legacy systems or compiled manually). Technology that reliably maintains data quality by automatically applying error checks and business rules and by supporting sound audit trails and lineage can only result in greater confidence in the data.

As the requirements for information – as well as the information itself – are constantly evolving, effective technology has to be adaptable. The technology should feature flexible processes to aggregate data in different ways and should be able to include new information or exclude outdated information. It should also reflect new developments within the organization as well as any external factors influencing the bank’s risk profile, such as changes in the regulatory framework.

Effective risk management relies on three key ingredients: sound infrastructure, powerful analytics, and reliable data. The latter especially has been neglected for too long by too many. Although regulators have repeatedly voiced their concerns, it took a financial crisis to implement much tighter rules. As a result, banks will have to invest heavily in their data management architecture in the coming years.

The two main reasons for weak data quality are a lack of senior management commitment and ineffective technology. To benefit from good data management, banks will need to establish strong data governance that sets rules and defines clear roles and responsibilities, while enhancing an existing data quality framework with technologies that offer speed, scalability, reliability, and adaptability.

Good data management will confer a competitive advantage to those banks that have it. The value banks can reap from setting up a better data management framework will be leaner, more efficient and less expensive processes that lead to faster and more reliable business decisions.