Data Governance: A Regulatory and Business Imperative

By Timothy R. Burniston

Data is a valuable, strategic asset for financial institutions. It not only helps your organization meet compliance requirements, but it can help you gain deep insight into customer behavior and make critical business decisions. And as effective data management becomes an increasingly important competitive differentiator in the financial services industry, those whose jobs revolve around data would be well served in working toward becoming true stewards of their organization’s data resources,

Compliance officers as ‘data stewards’

The controls you place around your data must be tight and comprehensive. Obviously, data needs to be collected and reported correctly. And you need to take ownership of it, be able to provide it as needed to the rest of the organization at a moment’s notice, and be confident in its validity when you do. Critically important are data accuracy, data integrity, and data governance in carrying out the responsibilities of a compliance officer, a fair lending officer or a CRA officer.

For many years, the roles of compliance departments and the chief compliance officer reflected narrow expectations. Compliance was asked to ensure regulatory requirements, including data collection and reporting requirements, were met. Compliance collected data, ensured it was clean and accurate and met regulatory edit checks and reported it to regulators.

That hasn’t gone away, but now compliance is being asked to take on additional responsibilities for data governance. A quick scan of online sources, as well as the highly-regarded Data Governance Institute, defines data governance as a discipline for assessing, managing, using, improving, monitoring, maintaining and protecting organizational information. It is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon rules that describe who can take what actions with what information, and when, under what circumstances, using what methods. In day-to-day practical terms, data governance encompasses:

• The control of data entry.
• Testing data files against source materials to promote accuracy.
• Control over the processes and methods used by one’s data stewards and data custodians to handle data.
• Ensuring that important data assets are formally managed throughout the enterprise.
• Ensuring that your institution’s data is reliable and verifiable.
• Using technology to aid all of the processes that promote data accuracy and integrity.

Data governance is a core element of risk management. And perhaps more importantly to CEOs and CFOs, these activities can facilitate safe, profitable growth through more informed and supportable decision making. That makes the role of compliance professionals—with immense responsibilities for data governance—arguably more important than ever before.

Consider the many circumstances in which you are stewards for your organization’s information and data. For example, you are responsible for accurate reporting of HMDA and CRA data, which are scrutinized by examiners, law enforcement authorities and advocacy groups. Slip-ups can result in fines, costly remediation or supervisory restrictions on new activities or acquisitions.

More troubling is the basic fact that incomplete or inaccurate data may provide your organization’s management team with false readings on performance and compliance, with implications for decision making. Just think about the cost and supervisory implications from a HMDA resubmission. How can you perform CRA and fair lending reviews without accurate and reliable HMDA data or small business data? How can you accurately measure your own performance? How can you set lending targets and identify gaps in market penetration?

The list goes on. Will the Consumer Financial Protection Bureau and Department of Justice or the public reach inaccurate conclusions about your performance based on flawed data—and to what end? Is your information about auto lending—the distribution of loans geographically or by borrower income—reliable? Do you have a complete picture of auto dealers’ exercise of pricing discretion, and whether they adhere to your policies with respect to mark ups? Will you be subject to loan put-backs because of some technical flaw in your documentation related to secondary market sales to Fannie Mae and Freddie Mac?

As a compliance officer, you are your organization’s data steward. And that job isn’t easy. But data is fundamentally changing the compliance officer’s role within the organization. Think about it: that same information you work so hard to gather and analyze is in increasingly high demand these days. And those demanding it want you to do more with it. The C-suite and board of directors want your analysis of the data.

They want your help in understanding what it means to the future financial health of the organization and what, if anything, the organization can and should do to protect its future interests. On top of this, your regulators, your customers, and consumer advocates relish an opportunity to see your data and analyze it themselves. They expect you to demonstrate that you are operating fairly and responsibly—and the burden of proof is substantial. That makes it essential to ensure your organization is committed to data governance so it can confidently use the data you have to improve your operations.

Impact of increasing regulation and regulator expectations

For good reason, many financial institutions historically have approached data governance from the perspective of meeting regulatory obligations. The most recent Wolters Kluwer Financial Services’ Regulatory and Risk Management Indicator survey found that 75 percent of the respondents were “significantly concerned with regulatory change management/proof to regulators.” Sixty-three percent were troubled by the CFPB’s proposed HMDA data fields and cited data collection, ensuring accuracy and reporting as top issues.

At the same time, regulators are asking for more and better data when it comes to more traditionally regulated areas like CRA and small business lending, and new ones like student lending and expanded HMDA data. They also want context. What do the data mean? Can you explain the “why” behind the numbers? And how can you use the data to figure out how to better serve your customers? The increased focus on CRA is a perfect example of that.
Consider all of this, and the question becomes: How can you afford not to govern your data more effectively?

Using data to help your organization comply—and grow

Data governance is the key not only to effective compliance management but also to risk and performance management. If you govern your data effectively, it will not only allow you to do your job in analyzing lending patterns and gaps in CRA performance. It will also help your business leaders do their jobs, helping them better understand customer behavior and identifying untapped markets.

Use your data to show them the possibilities as well as constraints. Be certain to help establish what can be done and how it can be accomplished, informed by the data and potential analysis at your fingertips. Use your data proactively. Use it to help address issues before they become problems, and constantly reassess how you can help your business drive growth and seize on opportunity.

Use data to better understand your organization, to give it the confidence and ability to make the best decisions possible. Be a steward of your data. Be a leader by demonstrating how it can be used positively for your business. By asking questions and digging deeper into the great potential that effective data governance practices afford, you will better understand how you can use your data to better help protect your organization, and also help it to grow and succeed.

Timothy R. Burniston is 
EVP at Wolters Kluwer Financial Services.