The Knowledge Exchange / Risk Management / Digging out or digging deeper?

Digging out or digging deeper?

Three steps to consider when managing data for risk and regulation

David WallaceFinancial services firms have a lot of data – let’s just call it Big Data. The McKinsey Global Institute estimated that in 2009 US banks and capital markets firms together had more than 1 exabyte of stored data – is 1000 pedabytes. With that much data, it’s imperative for firms to have a unified data management system for reducing risk and maintaining regulatory compliance.

In a recent article, Dr. Howard Rubin called financial services the most data intensive sector of the economy and estimated that data-related costs account for more than 80 percent of the global financial services industry’s technology spend – more than $333 billion in 2011.  Even with all of the data, and all of the spending, however, firms still have big challenges, especially in the areas of risk management and regulatory compliance.  How to reduce these challenges? 

Here are three steps for you to consider:

First - Consider integrating the data related tools that you may be using today.  Moving from a bag of discrete tools to a unified data management platform (Best practices webinar sponsored by SAS and TDWI) dramatically improves your ability to deliver the degree of data integration and data quality needed to support risk management and compliance.

With an integrated platform, your business and IT users can perform metadata analysis, data profiling and monitoring, data enrichment and entity resolution – in other words, all of the functions that are needed to improve data quality and integration.

This also allows you to undertake master data management projects that transform disparate data sources into reliable, accurate and trusted master records. 

Second - To fortify your  enterprise risk management, consider a unified system built on an industry data model designed specifically for risk analytics and reporting, not transactions. 

These industry data models define instruments, positions and counterparties along with market data, risk factors and models needed to compute risk exposures, while supporting stress testing and scenario analysis. Once your risk data has been collected into a unified repository it is much easier to analyze market and credit risks, asset-liability management and liquidity risk. This lets you aggregate your risks across all of your portfolios, providing a complete picture of the risk to the firm.

The industry data model and repository becomes the single source of truth for enterprise risk management. Management can be confident while making decisions on capital allocation and risk tolerance based on accurate information and confident that the dashboards and reports used to inform bank regulators are equally accurate.

One global bank has implemented these techniques to perform regulatory and capital calculations and regulatory reporting at the group level, processing more than 100 million rows of data per month, along with a reporting repository of more than 5 billion rows.  The firm now has that single version of the truth across both risk and finance. A unified data model and repository will help your firm meet the challenges of Basel III identified by the Global Association of Risk Professionals.

For regulatory compliance, a Third and final step is to consider an integrated, enterprise-wide governance, risk and compliance (or GRC) system. This step will let you:

  • Continually feed in new regulations as they are published.
  • Create and assign action plans for attaining compliance.
  • Provide proactive alerts to ensure completion.
  • Provide a dashboard that visually depicts results.
  • Roll up the progress made at each organizational level to the executive committee and the board. 

A large European financial institution has implemented this approach to address regulatory compliance and Basel operational risk challenges. They now have a process-based information system that collects, manages, tracks and reports on operational loss events, key risk indicators, risk-assessment maps and control-assessment scores in a standardized way for each level of management.

The result has been improved data management and regulatory reporting. The institution also met a tight regulatory deadline. A GRC system will also be valuable for firms that must meet the requirements of the Dodd-Frank Act, which is expected to drive new operating models for capital markets firms and is transforming the derivatives market.  An enterprise GRC solution will help your firm track and remain compliant with all of the 250 new regulations stemming from 11 different regulatory bodies.

In summary, a unified data management platform, combined with an industry data model designed for risk analytics and reporting, topped with a unified enterprise risk management system and an enterprise GRC system are the key ingredients for better risk management, improved regulatory compliance and the capability to meet current and future regulatory compliance mandates, whatever they may be.

Tags: , , , ,
  • Facebook
  • Twitter
  • Digg
  • LinkedIn
  • email


  1. Posted February 19, 2012 at 11:14 am | Permalink

    Very good overview on the need for a GRC-focused integrated data platform. Could you please comment on how this would related to other business functions? e.g. analytics needed for marketing optimization. Would it be one integrated data platform for all areas? or separate based on business function (e.g. GRC datamart, marketing datamart…etc)?
    Thanks again.

    • David M. Wallace
      Posted February 20, 2012 at 9:51 pm | Permalink

      In practice, we see more separate data platforms based on business function as you listed (GRC, ERM, marketing, etc.). A unifed banking industry data model designed for analytical needs could serve as the repository for both risk analytics (as mentioned in the article) as well as customer analytics, but that would require the two functions in the firm to closely coordinate on their respective projects. This would be very difficult to do in large complex institutions (IMO).

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>