I was just having a casual conversation with one of my friends over the BCBS implementation in his Bank. We were in fact discussing on where Data Governance and Management in the industry is today. What interested me as a part of our conversation is a question
“How has a bank to stop itself from failing to meet its BCBS policy timeline”.
I can still remember the plush landscapes, where I learnt cycling. Though the path was not covered a well laid road, but with gravel. I often fell but used to get up with no major bruises. I know most of us learnt cycling the same way.
Today, most banks cannot afford to fail. This is where banks start preparing themselves much ahead of the regulatory deadlines be it GDPR or BCBS239. The Stress testing for Comprehensive Capital Analysis and Review (CCAR) in US, the Firm Data Submission
Framework (FDSF) in the UK and the European Banking Authority (EBA) stress tests across Europe have emphasized need to bridge gaps in Data Management and Governance along with the silos between operations, risk and finance functions. We can assume the BCBS
roadmaps are well designed to absorb risks and disruptors on their regulatory journey.
Financial institutions which by now have accounted for risks in Data Governance and Management are well prepared for the upcoming environmental changes, threats that reduce the commercial value of business. The scenario with most organizations is very similar
to saying “we are preparing for a heavy rain while a warning for a tsunami is issued but there isn’t enough time to control the impact,” or “we somehow think we are prepared but we must re-look at it from a risk perspective to be confident.”
My approach when there is minimal time to turn BCBS, a success -
It is suggested to understand the firm’s culture. Does the organization value data as a strategic asset in it’s daily operations and decision making? Is there a data aware culture richly evident? Some organizations clearly understand “Value of data” at the
top while few do so in the grass roots.
Analyzing the culture
There is a great deal of awareness to bring about wherever there is deficit in understanding. I often visit art museums when I travel on work. It takes time for me, just like you, to embrace a good vintage painting. But, Culture is not to be embraced, if
you are to transform it.
Engagement discussions need to be started with Program sponsors, Country, divisional management, program stakeholders, data owners and stewards. I use the knowledge, Interest, Influence, Impact, Attitude grids in tandem, to measure the progress of the awareness.
Let them absorb the benefits of capturing lineage, Data Quality and foremost Metadata as enablers in your talks. You will also get to understand if the organization is more favorable to enforcement or enablement.
What is the current state of data governance, management and risk functions? Have the data stewards, data owners been identified? Are they just assigned roles or have they been enabled and empowered? How often do they meet with the Process, local, global
operations SMEs. Is the gap between the divisions and stakeholders being bridged?
Driving Governance through BCBS
BCBS is an excellent enabler to drive Governance and stewardship. Make sure, the operating models if existent for Metadata and Data Quality, are analyzed for gaps in capabilities. It will be helpful to understand the value, gaps and risks associated with
I like to bike as most people are in the city spaces. But this does come with benefits of being fit and going green. But, if you are a daily commuter, there is a need for boosted bikes, to substantiate your need to reach a restaurant early, not to forego
your dosa (crepe) and morning coffee. This is what your model for BCBS needs now as I will be describing on boosting your progress with a change to the operating mode.
Are there technology capability gaps, in place that stop you from capturing, reviewing and actively managing Metadata and data quality rules?
Analyzing the capability Gaps
If I am not able analyze the gaps with pace with limited documentation available, I facilitate focus groups, questionnaires, surveys with relevant stakeholders to force score the capabilities in the organization. It is advisable to focus on people, process,
technology capabilities that would lead to achieving the outcomes of BCBS. It is also important that there are capabilities to showcase progress, assessment to auditors.
After a good capability analysis, the focus must me on capability gaps that are high to meet the needs of the BCBS program.
People capabilities – As I said, do not wait for the Data Governance to enforce BCBS policy or Data Stewards to formalize data ownership. If the program stakeholders are not able to document lineage or Metadata with limited availability of knowledge
workers, use awareness as a tool while also requesting a push from the executive leadership to empower the mid-level managers.
To boost your progress, hire some centralized skill, switch to an assisted service from a self-service to meet the timelines with good quality Metadata, Data Quality rules and Remediation. Data Governance is a journey; everyone needs to be engaged and even
better if you can achieve a crowd sourced operating model. The last instance, it took me a month to crowd source a metadata model, by taking every one along. But, it paid off.
If data governance program is in-flight, then I would assume accountabilities of data owners are yet to be communicated. Standardize SME roles in Technology and Operations while the same stakeholders can be enabled to move transiently to data ownership roles,
once the model is in play.
Technology Capabilities – Are the tools capable enough to enable the outcomes planned by the BCBS program? Metadata can be classified as Business Metadata, operational Metadata, Technology Metadata. Is the tool being used to capture Business Metadata
capable to store technical Metadata. Is this being produced in spreadsheets today? Have you thought about benefits enablement with having information and technology capabilities as enablers? How far-fetched is it to perform a vendor analysis and procure a
solution? Do the benefits outlie the Opportunity costs within timeline?
How much percentage of CDEs/data domains have been captured for Data quality dimensions and Metadata including lineage. The assessment plans should capture the progress of data elements captured, reviewed and published? This can be later leveraged in further
technology solutions by extracting the data and actively managing it, holistically.
Process Capabilities – Is there a process documented, and is it defined and repeatable for the BCBS program? Is there a Data Quality assessment, lineage and Metadata process that is being embraced by the BCBS program? Have a conversation with the
risk division while getting to understand the risk focus areas in each of these processes.
If a data quality rule captured is not holistic, it poses a strategic risk to program and operational risks to business/risk functions reporting metrics. The policy is enforced through the rules in processes while having guidelines embedded in procedures.
It is always advised not to bypass the process of having to elicit, review, promote and manage Metadata, Data Quality rules and lineage. It is suggestable to identify risks associated with each of the operational data management processes, while also understating
their impact and frequency of occurrence.
Have you identified data requirements for financial reporting, while also stating data sources with 45% accuracy as system of records? This is a program delivery risk for BCBS. Include risks associated with data, information and related resources in strategy,
business outcome, Evolution and product lifecycle roadmaps. Further, Project consulting/Program governance should ensure addressing these risks by integrating control activities in the right stage of a lifecycle.
These aspects should be an enabler to your organisation to meet the BCBS compliance timelines without having to forego Benefits enablement, resource optimisation and risk optimisation.