Chief data officers (CDOs) are a new breed of C-suite executive in banking, with many only appointed to their roles in the past year. CDOs are charged with setting the strategic direction for data. Creating the right organizational model for data governance will determine their ability to thrive. Here we look at some of the challenges they face in doing so and some of the methods and strategies that are being adopted.
The first challenge is identifying the right reporting structures and level of seniority for the role. The insertion of a new C-level executive into a bank’s senior ranks is a rare occurrence. It has been a long time since the chief information/technology officer came to the fore. Then it was the chief risk officer, who has assumed belated but increasing significance following risk failures before and after the 2008 financial crisis.
Where does the CDO fit into this jigsaw of power? While this will take time and tinkering to ensure success, the CDO will need to be given the right reporting lines, platform, and resources to succeed. Seniority within the organization is required to position the CDO effectively to set global direction and gain respect for data governance within the organization.
The second challenge is to create the right organization internally for the CDO to lead. The office of CDO should be appropriately staffed to provide the thought leadership to create the required frameworks, policies, tools, and training. Such an office is likely to include, as appropriate, lead officers for program management, policies, training, and change management and tools. The CDO will also need officers tasked with oversight of different units of the bank (these are sometimes named data stewards).
Additionally, global banks, in order to address requirements of different countries and regions, are beginning to appoint country-based CDOs to ensure that country-specific needs are understood and met. In the US, for example, data issues can have a material impact on a bank's ability to comply with many types of regulations, from CCAR (comprehensive capital analysis and review) to AML (anti-money laundering). Having in place a US CDO is critical, in order to ensure that such questions posed by regulators are answered.
The third challenge is designing an effective data governance strategy. Like anything else, one should not run before learning to walk. Any strategy should start with a self-assessment against data governance core competences, such as critical data analysis and glossaries, data lineage analysis, data quality analysis and remediation, and data attestation. The assessment should also incorporate analysis of important supporting capabilities, which may exist in the organization, but may not be specifically labeled as data governance, such as master data management, data profiling, and a common data model. A maturity model can then be used to calibrate where the organization is on the data governance journey map, which will address the identified gaps on a challenging but realistic timetable.
The fourth challenge is execution of strategy, which can best be achieved through a combination of existing and new structures. To ensure that data governance concepts and requirements are addressed systematically, the bank’s system development lifecycle (SDLC) methodology should be revised to take them into account. Practitioners need to then be trained rigorously in these new requirements and methods.
Next, the three lines of defense in place for other functions should be utilized for data governance’s purposes. This means identifying the first-line officers who will be responsible for implementing data governance, creating the appropriate second-line oversight and control function, and ensuring the third line, internal audit, has the right mandate and understanding to perform its function. Additionally, new organizational structures, at least for a time, may be needed to help change a bank's culture -- how managers and employees think about, manage, and treat its critical data.
Many banks are finding that "data stewardship communities" are a very useful construct for enabling these cultural changes. The data stewardship community also should develop, collect, and report metrics to measure progress in data governance. Once such metrics are established, the relative performance of the different communities can be assessed over time and the performance bar raised. Data stewardship communities include data stewards (managers responsible for educating and facilitating the key data governance tasks), data owners (executives with management accountability for data quality), data custodians (those with technical data skills), and data specialists (those with subject matter expertise).Perhaps most important, they can facilitate education in data governance, helping all employees to understand both the why and the how.
CEOs will provide resources and support to their CDOs and their programs for only so long before they will want to see a real return on their investments. Putting in place the strategies and organizational frameworks discussed here should help to meet that reality. A future article will discuss the types of return that CEOs want to see.Andrew Waxman writes on operational risk in capital markets and financial services. Andrew is a consultant in IBM's US financial risk services and compliance group. The views expressed her are those of his own. As an operational risk manager, Andrew has worked at some of the ... View Full Bio