Loading...
You are here:  Home  >  Data Blogs | Information From Enterprise Leaders  >  Current Article

Risks and Reward in Data Governance

By   /  June 5, 2017  /  No Comments

Click to learn more about author Ian Rowlands.

I was in some absorbing conversations at the FIMA Conference in Boston last week. There was much concern about the cost of Data Management for compliance.

There’s an alphabet soup of regulations – AIFMD, BCSB239, CCAR, CCEL, Dodd-Frank, … MIFID II, … Solvency II … Some have unique data gathering and reporting requirements, some overlap. The cost of compliance increases year by year. Data Governance gets more complicated as the regulation of data and data-related activities expands.

The problem gets worse as regulators become more sophisticated, wanting to understand the data environment more deeply and even comparing results across compliance programs. The cost is two-fold (at least). There’s the cost of governance and compliance, and there’s the opportunity cost of activities not undertaken because compliance activities have consumed the resources.

One view, which perhaps reflects current received wisdom, is that compliance is compulsory – so that you can manage the efficiency of the program, but you have to get the job done.

One suggested response was a risk-based approach to compliance cost management. Set a budget for compliance, and use that to govern activities. A related idea was the notion of greasing the squeaky wheel – focus compliance efforts on the regulator making the most noise. It’s a thought with a lot going for it but with some “gotchas.” There are five primary considerations: cost of penalties, damage to reputation (which can affect stock price), loss of revenue, cost of remediation, and possible cost of conforming to consent agreements. If you can quantify the risks, and have a good idea of the probability of regulators detecting a compliance breach, then you can put a value on the risk.

The other reaction was associated with some discussion of the evolving role of the CDO. The idea was that third generation of CDO’s is arriving. I think I buy that idea. Generation 1 were “defenders” — regulating the data estate for compliance. Generation 2 are the “supporters” managing the data estate to support the business largely “as is”. Generation 3 are the “transformers” exploiting the data estate to create the digital business.

How do the two themes connect? It’s about attitudes. Generation 1 CDOs tend to the “Compliance is compulsory” point of view. Generation 2 CDOs seem more interested in the “risk-base” approach, or at least doing just enough to skate by. Generation 3 CDO’s are different though. Managing the data estate for compliance is not the focus. Knowing what data is available, how it moves and how it changes is the foundational data intelligence underpinning transformation.

Compliance is almost a by-product. The way data supports business processes should imply compliance organically and build value for the business (yes, I am an optimist). They are looking for new ways to make the magic happen. One promising approach might be the combination of policy management and machine learning to detect and resolve problematic data events.

One thing is common to all the approaches to compliance. None of them work without a mastery of Data Intelligence – knowledge of the data inventory and its connection to business policies and processes, the way data moves and is transformed, the way data items are connected, and all the other information that allows the best use of data. It always comes back to that.

About the author

Ian Rowlands is ASG’s Product Marketing Manager (Data Intelligence). He heads product marketing for Metadata Management and is also tasked with providing content across ASG’s entire portfolio. Ian has also served as Vice President of ASG’s metadata product management and development teams. Before ASG, Ian served as Director of Indirect Channels for Viasoft, a leading Enterprise Application Management vendor that was later acquired by ASG and managed relationships with distributor partners outside North America. He has worked extensively in metadata management and IT systems and financial management, and presented at conferences world-wide, including DAMA and CMG.

You might also like...

Is Data Governance Solely About Controls on Data?

Read More →