As information demands grow, banks need improved data management. Both risk and finance will play a critical role.

Devil in the data: How banks can improve data management

www.pwc.com/fsi

Devil in the data: How banks can improve data management 1

The heart of the matter

Many banks continue to struggle to meet the informational demands of regulators and other stakeholders. Building better data management capabilities is key to meeting these demands. In our view, to be successful, banks should align their risk and finance functions while simultaneously making improvements in four key components of data management: data ownership and stewardship, data architecture, metadata management, and data delivery.

Regulators, investors, and internal business leaders all desire greater transparency into bank operations in order to better assess organizational financial health. Furthermore, regulators expect financial institutions to demonstrate appropriate levels of risk data aggregation,1 robust Comprehensive Capital Analysis and Review (CCAR) processes,2 strong liquidity monitoring measures,3 and a thorough and ongoing recovery and resolution planning process.4

………………………..…..… 1 BCBS, "Progress in adopting the principles for effective risk

data aggregation and risk reporting," January 2015, www.bis.org, accessed December 17, 2015.

2 Federal Reserve Board, “Federal Reserve releases results of Comprehensive Capital Analysis and Review (CCAR),” March 11, 2015, www.federalreserve.gov, accessed December 17, 2015.

3 Federal Register, "Liquidity Coverage Ratio: Liquidity Risk Measurement Standards; Final Rule," October 10, 2014, www.gpo.gov, accessed December 17, 2015.

4 Federal Reserve Board, “Consolidated Recovery Planning for Certain Large Domestic Bank Holding Companies (SR 14-8),” September 25, 2014, www.federalreserve.gov, accessed December 17, 2015.

In our view, many banks struggle to manage data with the rigor needed to satisfy these demands, and many banks fail to support stronger collaboration between the risk and finance functions. At least initially, this may have been defensible. While data is the backbone of both risk and finance, the two departments have historically consumed and outputted it very differently.

According to a recent study conducted by the Global Association of Risk Professionals and SAS, fewer than half of the managers surveyed said their financial institution’s expertise on data management was adequate or strong.5 For institutions that lack this expertise, they are being deprived of insights that we feel could help them optimize business decisions and, in many cases, can leave them open to additional regulatory examination. The risk and finance functions will play a critical role in resolving these shortcomings.

………………………..…..… 5 GARP and SAS Institute Survey Report, “Stress Testing: A

View from the Trenches,” June 2015.

Devil in the data: How banks can improve data management 2

In a related paper, “In focus: Blurring the lines between risk and finance to achieve clarity,” we examined how financial institutions can undertake a formal assessment of how the risk and finance functions should operate. In that paper, we explored the roles that the chief risk officer (CRO) and chief financial officer (CFO) have in coordinating efforts to reduce or eliminate redundancy across the two functions while improving quality.6 In this paper, we focus on how risk and finance can collaborate to improve data management. First we present what we have observed in the industry as it relates to the four components of data management: data ownership and stewardship, data architecture, metadata management, and data delivery. We then present our recommendations for how banks can improve their data management capabilities while more closely aligning their risk and finance functions.

………………………..…..… 6 PwC, “In focus: Blurring the lines between risk and finance to

achieve clarity,” December 2014, www.pwc.com/fsi.

In our view, banks that get data management right will be better positioned to make strategic business decisions based on solid data they can trust. They will also be able to more efficiently respond to regulator and other stakeholder requests for information.

Devil in the data: How banks can improve data management 3

An in-depth discussion

Our observations

The cultural and operational differences between risk and finance have proven difficult for many banks to overcome. On the operational front, many risk and finance teams lack the necessary infrastructure. They continue to maintain fragmented and siloed systems and to rely on short-term fixes put in place immediately after the financial crisis. These stopgap solutions, no longer fit for purpose, are increasing costs and lowering quality—as evidenced in data capture and reporting inconsistencies, manual workarounds, excessive time on error correction, and other findings from regulators.

In our experience, there are four key components of data management that encompass all disciplines related to managing data as a strategic asset:

Data ownership and stewardship

Data architecture

Metadata management

Data delivery

In the discussion below, we take a closer look at each component, including the challenges many banks face in these areas.

Data ownership and stewardship

Data ownership and stewardship refers to the policies and procedures regarding the accountability and responsibility of data. Although some banks have established policies and procedures that define the responsibilities for data owners and stewards, they haven’t been particularly successful in fulfilling these obligations and instituting lasting change in how data is governed.

To help manage roles and responsibilities, some institutions have chosen to appoint a chief data officer (CDO) to oversee the bank’s enterprise-wide data governance and its use of information as an asset. According to a recent survey conducted by Forrester Research, organizations with a CDO were 70% more likely to reduce risk and better ensure compliance than an organization without a CDO.7 Yet some banks that have a CDO continue to struggle in defining the scope and responsibilities of this new leader. For example, we’ve observed banks struggle to figure out where this individual should be slotted in the chain of command as well as to define how he or she should collaborate with risk, finance, and business unit leaders.

Data architecture

A bank’s data architecture is a collection of blueprints designed to standardize how data is collected, processed, stored, and consumed across the enterprise and aligned with the business strategy. In our experience, most banks work with a fragmented, sometimes archaic, systems architecture that creates massive gaps in the processes of storing, querying, retrieving, and utilizing data. The past decade has seen a trend to resolve these gaps, yet several banks still lag behind.

………………………..…..… 7 Forrester Research, “Top Performers Appoint Chief Data

Officers,” August 2015, www.forrester.com, accessed October 13, 2015.

Devil in the data: How banks can improve data management 4

A lack of alignment

While risk and finance data originate from the same sources, they store it differently, make unshared adjustments to it, and generally employ different techniques to manage it. This presents challenges in reconciling both data inputs and subsequent informational outputs across risk and finance. For example:

The finance function closes the books up to 10 days after the end of month, or 20 days after the end of the quarter, posting system-based adjustments to pre-existing information and completing analysis after the adjustments are posted. The risk function leverages information more immediately and runs it through complex spreadsheet and database models in which external variables can drive multiple calculations.

Finance runs profit-and-loss, balance sheet, and product- and customer-related information for financial, management, and regulatory reporting purposes. Risk leverages much of the same raw source data for those reports to drive risk-weighted asset calculations, liquidity thresholds, and market-stress scenarios—often without the chance to see adjustments that have been made by finance.

Metadata management

Metadata is data about data—data that tells us when, where, and how primary data was acquired, created, or revised; how it is formatted; where it is located; and who is responsible for it. Many banks have been working to create consistent business information models that standardize, format, and reference data. Although there has been success managing metadata for risk or finance individually, there is more work to do to make sure these two are aligned.

Data delivery

Data delivery refers to an institution’s ability to efficiently provide accurate information to the right users. Both the risk and finance functions are now being asked to provide more detailed reporting, more quickly than in the past. In cases in which reports include similar information, the two functions are being asked to reconcile their numbers, demonstrating that what has been provided by finance matches what has been provided by risk. The following examples are all heavily dependent on accurate reporting of daily financial product performance and capital information: daily liquidity reporting, CCAR reporting, market-risk reporting, and liquidity stress testing.

Devil in the data: How banks can improve data management 5

Our recommendations

By focusing on the four key components of data management, banks can improve their data management capabilities across the organization as well as among the risk and finance teams. Below we discuss specific recommended activities related to each component in more detail.

Figure 1: Activities to assist with improving the four components of data management.

Devil in the data: How banks can improve data management 6

Data ownership and stewardship—and senior leadership’s commitment to improving it—may be the most important of the four areas where work needs to be done. A good place to start: naming and empowering an influential CDO who can drive collaboration across the enterprise.

As we discuss in PwC’s “Great expectations: The evolution of the chief data officer,” a CDO’s responsibilities should include managing the organization’s data architecture, data analytics, and related technology.8 Our view is that regardless of whom the CDO reports to—the CFO, the CRO, the chief information officer or the chief operations officer—he or she must have broad authority to influence all key leaders. At the same time, those in the C-suite must recognize that the CDO will find it impossible to succeed without their full support. In fact, it is only with their commitment and buy-in from mid-management that banks can hope to achieve true change.

In addition to empowering the CDO, financial institutions should create a data governance council to oversee the execution of data policies and procedures, specifically with respect to daily data management, sourcing issue identification, break resolution analysis, and constant iteration with finance and risk managers. Ideally, this council should be led by the CDO and include both the CFO and the CRO.

………………………..…..… 8 PwC, “Great expectations: The evolution of the chief data

officer,” February 2015, www.pwc.com/fsi.

Through daily execution, regular management, and ongoing governance of data-centric policies, the CDO office can begin to bring together the risk and finance functions and create increased levels of alignment centered on one vision of data.

In developing data architecture, we recommend that banks identify data models, tools, and processes that will help users define and classify the bank’s products, customers, and other variables in a standard way across the organization. If they don’t already exist, they should be created. As part of this effort, banks also need to define key information sources—consolidating and standardizing where possible—and reduce data replication into downstream data stores.

Figure 2 shows a high-level view of the current-state data architecture at a typical bank as well as our proposed target-state model. The current state includes disparate data sources, unreconciled outputs, and differing adjustments—all of which can cause a host of issues for risk and finance reporting. To resolve these issues, we recommend that banks move toward the illustrated target-state architecture that leverages one golden source of data (“a single point of truth”), a ledger/subledger layer for finance, controlled adjustments, and reconciled reporting.

Devil in the data: How banks can improve data management 7

Figure 2: Moving to a data architecture where risk and finance leverage a golden source of data.

Devil in the data: How banks can improve data management 8

Good metadata management is critical to good auditing and reporting. We recommend that banks develop standards and systems to manage the source, quality, consistency, usability, security, and availability of information across the enterprise. To achieve a consistent business information model with corresponding standards, risk and finance should jointly work backwards from reporting requirements to evaluate the current state of metadata, including reference data sources, and the mapping/data changes necessary to achieve consistency.

Risk managers should develop an understanding of the needs of finance managers, and vice versa. For example, risk managers should understand accounting model hierarchies, and finance managers should understand the need for risk-weighted asset and Basel reports. Once the common standards are agreed upon, banks can source from one place and govern data across both risk and finance.

The success of a bank’s data architecture and metadata management efforts are reflected in the effectiveness and accuracy of its data delivery capabilities, both internally and externally. To improve their data delivery capabilities, banks should assess current state risk and finance reporting needs by asking and answering a number of basic questions, including:

How timely is our data?

What is the quality of our data?

Are we delivering the right data to the right people?

Are our data systems and processes sufficiently flexible and versatile to meet evolving data consumption needs?

Have we developed a self-service data delivery model that allows end-users to quickly and independently access information?

We also recommend that data managers partner with finance and risk teams to improve information reporting to help with monetizing customer data, enhancing transactions and operations, and improving risk and regulatory reporting.

In addition, IT plays a significant role in making the partnership between the finance and risk teams possible. As such, we recommend that risk and finance partner with IT from the beginning in order to achieve the requisite data delivery mechanisms, institute scalable tools, flag data issues for the CDO, agree on leading practices, and also put in place the appropriate service level agreements for day-to-day business needs.

Armed with an organized framework, banks can improve their overall data management. In the two case studies that follow, we’ll see how two global banks have been able to improve their data management capabilities by addressing the four key components of data management.

Devil in the data: How banks can improve data management 9

Case study

Clean sweep: Doing away with dirty data

In 2013, a global bank was trying to build a general ledger and contract data warehouse in order to improve its finance and risk operations, reporting, and overall data management. Despite the bank’s mature delivery model and a history of strong controls, the project hit a roadblock when the bank discovered that it was working with dirty data. In most cases, data was sourced from systems in which complete information was not available, did not conform to enterprise-wide standards, or required extensive intervention to be accurate enough and complete enough for risk, financial, and regulatory reporting.

To resolve these issues, the bank created an expanded and standardized chart of accounts. Once that was completed, the data warehouse took in contract-level data from all the bank’s disparate sources and made it available directly to risk and finance. The result? Standardized contract-level information stored and retrieved from a single core source of data shared by risk and finance.

The project already is paying dividends in three of the four key components of data management:

Data architecture: The bank now has a standardized data architecture and standardized processes to provide finance and risk with access to the same reliable source of data across the globe. Core components include a contract-level data warehouse, one chart of accounts, a consistent general ledger for summary reporting, and standardized tools for data reporting.

Metadata management: The bank now spends much less time tracking down information on local drives or individual desktops and can more easily drill down to source data to help satisfy questions from internal users or regulators. The bank also is more confident that the information it is sharing is accurate and complete.

Data delivery: The number of manual adjustments required to produce reports has been reduced by 25% to 50%, depending on the report. This translates into more time for risk and finance to perform data analysis. In addition, the bank has been able to make many standardized reports available to internal end-users on a self-service basis, confident that no manual adjustments need to be made.

The global bank will continue to face evolving business and regulatory mandates, but it now has the tools and the processes to better meet those challenges.

Devil in the data: How banks can improve data management 10

Case study

A new sheriff in town: CDO helps bank tackle its data challenges

A regional US bank found itself having trouble effectively implementing business initiatives and meeting the qualitative requirements of the Fed’s CCAR. To address these issues, the bank decided to replace its core banking platform. After that decision was made, however, several questions arose: Where to source data? How to migrate that data to the new platform? How to distribute data to downstream applications?

In search of solutions, the bank and its consultants brought together key executives from the bank’s risk, finance, operations, sales, and marketing functions. This cross-functional team concluded that the bank needed to appoint a CDO to take ownership of data at the enterprise level. In addition to detailing the roles and responsibilities of the future CDO, the team debated to whom the CDO should report—someone on the business side of the bank or the technology side? Despite strong feelings to the contrary on the part of the bank’s chief information officer, the team concluded that the CDO would report to the business side as it is the true internal customers of the data.

Executive leadership recognized that inserting a CDO into the bank’s organizational structure, along with new data policies, procedures, and systems would trigger pushback from people accustomed to legacy practices. To counter that pushback, the executive team not only gave the new CDO their overt backing, but also provided robust training programs to help the staff understand what data ownership and stewardship means, and what the roles, responsibilities, and goals of the CDO’s office would be. Leadership also staffed the CDO’s office with both new hires, who could bring a fresh perspective to the bank’s data challenges, and existing bank personnel, who may not have had formal stewardship responsibilities for data but were acknowledged experts in navigating the bank’s legacy data systems.

Once established, the CDO office team prioritized immediate issues, which included making changes to the bank’s operating model with respect to data. The team also collaborated with the bank’s internal audit staff to make sure data policies were aligned with applicable compliance testing standards.

As a result of these efforts, the bank already has begun to reap benefits in two key areas:

Data ownership and stewardship: The bank now has a dedicated CDO office that owns and is responsible for stewardship over the bank’s data—and for ensuring that it has the quality and reliability that business users and regulators demand.

Data architecture: The bank has installed a new core banking platform capable of delivering the clean, high-quality data required by banking regulators and also by the business. In fact, the bank has already met regulator’s expectations for defining its processes around data quality and management.

The introduction of the CDO into the bank’s executive hierarchy—backed by the endorsement of the C-suite—has proven key to resolving the bank’s data management challenges.

Devil in the data: How banks can improve data management 11

What this means for your business

In our view, for banks struggling to meet the informational demands of regulators and other stakeholders, building better data management capabilities is not optional. To reap the full benefits of any data management initiative, banks must more tightly align their risk and finance functions, which share an increasingly intertwined responsibility for meeting the informational needs of regulators and business leaders.

The CDO should operate with a broad authority that can be achieved only with the full support of the bank’s senior leadership. Indeed, it is that support—that commitment to empowering someone to drive the cultural and organizational changes necessary to overhaul a competency as broad as data management—that distinguishes the winners in this undertaking.

For all these challenges, the rewards are worth the effort. Banks that master the “devil in the data” can confidently and effectively demonstrate to regulators and external stakeholders their institution’s financial health and risk management competency. With risk and finance leveraging a golden source of data and a reduced number of over-the-top adjustments being made, reports issued by the risk and finance teams should have fewer discrepancies, and any remaining inconsistencies should be easily traceable and reconcilable.

Equally important, business leaders will be provided with accurate and timely information, including robust, forward-looking analytics that they need to make smart, risk-sensitive capital allocation, and other business decisions.

www.pwc.com/fsi

“Devil in the data: How banks can improve data management,” PwC, December 2015, www.pwc.com/fsi.

© 2015 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

For a deeper conversation, please contact:

Kurtis Babczenko

(646) 428-0158

kurtis.babczenko@pwc.com

https://www.linkedin.com/in/kurtis-babczenko-1403331

Dale Simonson

(312) 298-3653

dale.a.simonson@pwc.com

https://www.linkedin.com/in/dale-simonson-7575711

Tapan Nagori

(312) 298-3574

tapan.nagori@pwc.com

https://www.linkedin.com/in/tapan-nagori-98965b3

Carina Hira

(312) 298-3007

carina.v.hira@pwc.com

https://www.linkedin.com/in/carina-hira-9852883

We would like to acknowledge the contributions of the following to this publication: Adam Gilbert, Kevin Clarke, Arjun Katyal, and Mike Alix.

About us

PwC’s people come together with one purpose:

to build trust in society and solve important

problems.

PwC serves multinational financial institutions

across banking and capital markets, insurance,

asset management, hedge funds, private

equity, payments, and financial technology. As

a result, PwC has the extensive experience

needed to advise on the portfolio of business

issues that affect the industry, and we apply

that knowledge to our clients’ individual

circumstances. We help address business

issues from client impact to product design,

and from go-to-market strategy to human

capital, across all dimensions of the

organization.

PwC US helps organizations and individuals

create the value they’re looking for. We’re a

member of the PwC network of firms in 157

countries with more than 195,000 people who

are committed to delivering quality in

assurance, tax, and advisory services. Find out

more and tell us what matters to you by

visiting us at www.pwc.com/US.

Gain customized access to our insights by

downloading our thought leadership app:

PwC’s 365™ Advancing business thinking

every day.

Follow us on Twitter @PwC_US_FinSrvcs

A publication of PwC’s Financial Services Institute

Marie Carr Principal

Cathryn Marsh FSI Leader

Kristen Grigorescu Senior Manager

Gregory Filce Senior Manager

Ryan Alvanos Senior Manager