Risk data aggregation is requiring banks to clean up their data architectures -- fast. With January 2016 as the target date, the Basel Committee for Banking Supervision has set an aggressive deadline for risk data aggregation (RDA).
The Basel paper BCBS 239 starts by putting the financial industry's IT and data management practices in the crosshairs. "One of the most significant lessons learned from the global financial crisis that began in 2007 was that banks' information technology (IT) and data architectures were inadequate to support the broad management of financial risks."
For financial services executives, this is certainly a call to action.
I recently sat down with John Bottega, founder of Data Management Advisory Services and former chief data officer at Bank of America, to discuss RDA and what it means for financial firms.
WS&T: BCBS 239 really focuses on data management and risk. Have you ever seen regulators put so much focus on data and risk management?
Bottega: I don't think that is new in terms of what the regulatory community has been focused on. What's new in this regulation is it is a regulation based on principle versus specific deliverables. What we have seen all along with capital adequacy and other types of regulation is usually a specific objective and a deliverable and a timeline.
The RDA, as you know, is based on 14 principles of best practice. There are no specific deliverables to it, but you have to translate that into deliverables within your firm. So the first six principles speak to the best practices of data management. And they speak to specific capabilities… around taxonomies, data dictionaries, and infrastructures that enable data to be found, [be] accessible, and harmonized.
Then there are the components of risk best practices, which are the next five or six principles. The last three principles are actually directed at the local regulators.
WS&T: Risk data aggregation or RDA is a new requirement for firms, with compliance expected by 2016. Why is RDA so important, and how does it differ from the way firms were approaching risk previously?
Bottega: We all got the wakeup call five years ago during the financial crisis. As good as we thought our infrastructures were, they weren't adequate to sustain a shock or contagion into the system. The financial industry has been very good at muscling through issues, as opposed to having infrastructures that are sustainable and that enable you to respond quickly. A lot of manual steps are still involved, and we still have infrastructures involving 30 years of what I will call bad practices… multiple infrastructures, sometimes the result of firms that have had multiple mergers. So this hinders the industry's ability to respond quickly.
[Do you aspire to the C-suite or some other spot in upper IT management? Then bulk up your credentials around today's most pressing IT movement, digital business, at the InformationWeek IT Leadership Summit.]
This regulation basically tells the Street that you have to clean up your infrastructure. You have to enable those capabilities that we referred to before as quick response, understand the complete provenance over data, [have] the ability to feed to critical risk functions so, hopefully [during] the next crisis, should it occur, the industry could respond more rapidly.
WS&T: It seems that RDA is pushing organizations to improve data management practices. As a longtime financial services data management guru, this is a good thing, isn't it?
Bottega: I refer to it as the data management manifesto. For data management professionals, this is something that we have been striving for in our firms to bring focus and attention to what really is management of one of the most critical assets of any firm, and that is your data.
Since the crisis, a lot of focus has been brought to that. But now you see the focus around data, not only from a defensive posture, such as regulation and risk management, but also the opportunities that data represents on the offensive side. The terms are… big data, predictive analytics, being able to understand your customers better and build better products. This realization is that data is at the center of innovation, while it's also at the center of control and risk management. Now we're finally seeing firms step up and say this is important, not only to just satisfy regulation, but it is important for the health of our own firms.
WS&T: As you have been saying, most importantly, will firms be able to use some of the risk information that is collected for RDA compliance in other areas of the business, such as identifying new market opportunities, finding new products, or simply finding a better way to do business?
Bottega: Absolutely. In fact, the business case is almost the same, but it was hard to sell the business case purely on the long-distance opportunity.
So the crisis comes, there is a clear and present danger, and we understand the issue. That is what mobilized the companies to build the [data] infrastructures. For example, we saw the danger that not understanding the systemic impact of a Lehman [Brothers] collapse had on the industry.
From a data perspective, I don't want to say it's simple, but it is pretty rudimentary. It's "Do you understand legal entities and how they're related, and can you aggregate that across the industry?" We didn't have that capability.
If you look at it now from a risk perspective, there is a benefit. But now let's take it to that other business opportunity. If I can understand my clients holistically within my firm, and I can understand their behaviors across all my business lines, now I have opportunities that are on the offensive side, such as improving my customer service, increasing my revenue, building new products. This is all based on a foundational infrastructure around data, harmonization of information, unique identification, and understanding.… I mentioned provenance.… That's understanding the value chain, or the supply chain of data, from the source to the consumer.
WS&T: January 2016 is not that far off. How is the industry doing? Will it hit the RDA deadline in January 2016?
Bottega: There are lots of conversations going on with both the home regulators as well as the BCBS committee. I think it is a good idea to keep that date where it is, because it gives you that bogey that you shoot for.
But what is being discussed across the industry is really what does belong in that deliverable, because, after all, BCBS 239 is a principle-based document. What should be delivered on that date? The industry is still working through that in terms of what is the specific deliverable. So when the regulator comes in to examine the firm and test the compliance to the regulation, have you satisfied it?
What I would like to see done, and I think this is the way the industry is moving, is demonstrate to the regulators that you have dedicated funds, resources, and people; that you have plans in place; and that you are going down that path. Because to unwind 30 years of infrastructure that we know is suspect, it is not going to get done in a year. There is going to be a long-tail maturity to this.
But come January 2016, you should be ready to stand up in front of your home regulator and [say what you have done]. "This is our plan, this is our structure, this is how we are building our data infrastructure and risk capabilities. We also have awareness to senior executives and to the board, and the education goes all the way down to the practitioners on the ground." If you can demonstrate that, I think the regulators will be very pleased with the way the industry is moving.Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio