What is data governance?
Data governance is the discipline of ensuring integrity in the sourcing and use of data in an organization. Our previous “101” piece, setting out key data management concepts and concerns, covered the elements needed to evaluate data quality. The basis of data quality assessment comes from the framework set up in the form of policies and processes. Therefore, understanding data governance is a foundation for running a financial services firm with the best and most relevant information.
In the financial services industry, the concept of data governance is a component of corporate governance. Globally, all financial markets have some form of corporate governance regulation for banks, investment firms and other market participants. Corporate governance rules typically serve to balance the rights and responsibilities of a company’s management and its stakeholders, and set procedures and policies for a company’s activities.
Within corporate governance regulation, data governance rules or guidelines address how firms should handle data to meet the goal of achieving good corporate governance. However, a data governance framework can also refer to what firms do on their own to manage their data with integrity.
Why do I need it?
When firms have their own data governance framework, they tend to address four elements of their data: availability, usability, integrity and security.
- Availability – Firms should ensure that data is stored, classified and maintained in a manner that keeps it accessible. Careful planning is necessary to avoid having to cleanse and structure data all over again for each application where that data is needed, thus hampering availability.
- Usability – Along with ensuring availability, firms should make sure the data they use is properly formatted for their purposes and for all necessary uses for that data throughout the enterprise. That applies to data they produce themselves as part of their operations, or data acquired from providers.
- Integrity – The integrity of data is perpetuated from it being obtained from a legitimate source and managed in appropriate ways that avoid contamination or corruption. Accuracy and quality are the commonly measured attributes that people associate with the outcomes of data integrity, but legal compliance also plays a key role, especially since the widespread adoption of data protection laws.. To retain data integrity throughout data processing, firms should track and document data lineage to make sure data sourcing, storing, processing and access controls meet internal standards and regulatory requirements.
- Security – As with integrity, security can mean the standard definition of managing access to data and protecting against unauthorized access. Firms must also know who is responsible for the security of data at different points in its creation and processing. Data stewards are often the named ‘owners’ of data sets. They influence and enforce the rules around access to the data and the conditions under which it can be shared. As with integrity, firms should assign responsibilities for data security and be aware of who owned that data at each point where it was generated and used.
As you can see, these traits go hand in hand and overlap in some respects. If you have good command of these aspects of data management, then your data governance guidelines should be easier to articulate and put into practice. To be sure, however, firms should also be aware of guidelines set forth by country regulators and global standards’ associations.
Data governance for regulation
Regarding security within data governance, the European Union’s General Data Protection Regulation (GDPR) and Markets in Financial Instruments Directive II (MiFID II) are applicable, as is US 31 USC 310, a regulation addressing data in the context of financial crimes.
On a broader scale, the US Dodd-Frank Act addresses record-keeping transparency. The US Comprehensive Capital Analysis and Review (CCAR) framework addresses data quality and management. In Europe, MiFID II addresses data collection processes, while Basel III contains data governance provisions within the context of risk management and capital adequacy concerns.
In China, the Banking and Insurance Regulatory Commission (CBIRC) issued guidelines in May 2018 that include provisions for financial firms, assigning responsibility for setting up data governance systems, data quality control and related incentive and accountability systems.
Although MiFID II, Basel III and the BCBS 239 rules addressing risk data aggregation come from Europe, they do influence compliance throughout Asia and globally. In addition, the International Financial Reporting Standard (IFRS) created by the International Accounting Standards Board (IASB) sets classification and accounting rules that can figure into data governance. Any firm forming their governance framework should be aware of these provisions.
So, with a good handle on data governance traits and rules, firms may also deploy enterprise data management (EDM) and master data management (MDM) systems as a means to carry out the provisions made in data governance. These systems scrub, enrich and curate data, to standardize how data is defined and produce metadata that helps implement data governance frameworks, with integrity, accountability and security.
With knowledge of the elements of data governance, both as part of a firm’s native efforts and its compliance requirements, management will be better equipped to do business in the markets and lower their operational and regulatory risk.