This paper examines the need for a comprehensive data governance solution and highlights how it creates a competitive edge for the financial institution.

1. White Paper
Gaining competitive advantage through
Risk Data Governance
- Nagharajan Vaidyam Raghavendran, Sudarsan Kumar, Partha Sarathi Padhi
www.infosys.com

2. As a response to the banking fiascos that mushroomed across the globe, a slew
Introduction of regulations that aim towards a global recovery have been brought about. Key
amongst these is the latest update to the BASEL rules. It is set to bring about a sea
change for the financial services industry by redefining focus areas. There is even
more stress on achieving higher levels of transparency and increasing the quality
of assets. This provides an opportunity for the financial services industry to reinvent
itself by reducing the redundancies that exist across different lines of business. The
recurring challenge has been around consolidating data silos which originate from
disparate systems. To achieve complete transparency and accuracy in regulatory
risk reporting, it is evident that the quality and integrity of the data are going to be
fundamental building blocks. These are necessary investments towards gaining a
bird’s eye view of the process efficiency as well as the imminent risks facing the firm.
In this paper, we examine the need for a comprehensive Data Governance Solution;
establish strategic measures towards building it and highlight how it creates a
competitive edge for the firm.
Why Data Governance?
It is said that not all bytes are born equal. Nowhere is this more evident than in a risk information system. An often overlooked aspect when
building a risk information system is the quality of the source data.
For regulatory compliance with BASEL norms, the data needs to be procured from a large number of disparate sources which are usually spread
across different time zones. The data pertaining to different lines of business reside in silos as the firm operates on different platforms. These
varying and often redundant platforms were built to support diverse products and cater to unique requirements across regions and customers.
This silo approach, gave rise to business data marts having multiple versions of the same data across the firm. The lack of consistency amongst
these data marts implied massive time and cost requirements for reconciliation.
Data needs to be treated as a strategic asset and needs to be governed throughout its process cycle and end-usage. A strategic initiative
towards this goal would be to bring people across the enterprise together thereby creating a consistent and holistic view of the company’s
data. This would ensure that an accurate statement of the firm’s risk position is available for regulatory reporting and decision making.
The figure below illustrates the deficiencies present in risk information across most firms where the source data is in silos. The deficiencies
will be examined across the dimensions of People, Process and Technology.
· Manual Check Error · Incorrect Design
· Limited or no data · Incomplete and
Stewardship poor data standards
ple
Pro
· Insufficient Business · Process failure
o
ce
Pe
awareness
ss
Causes of
Poor Data quality
Technology
· Disparate sources
· ETL Integration errors
· Outdated technology
2 | Infosys – White Paper

3. Challenges with the Existing Systems
The financial services industry has evolved over the years and is now a complex system with data being transmitted continuously across
multiple entities world-wide. At the bare minimum, there are applications spanning front-office, middle-office and back-office platforms with
data being transferred back and forth, not to mention the myriad external sources of data. In this scenario, it is easy to see why numerous,
disparate versions of the same data are present across the organization. The lack of consistency amongst the data marts and many applications
is a core issue that needs to be highlighted and addressed. Overall, the present data architecture can be viewed as a set of multiple and
inconsistent data marts, causing difficulties in the integration of data, which in turn presents limitations in the data validation process.
In the table below, we look at the business impact stemming from these challenges.
Issue Description Impact
Some data errors have a disproportionate impact. i.e.
Increased business system downtime leading to higher
All or nothing processing they unnecessarily stop the system, rather than set
overhead costs for providing continuous support.
aside an error record and process the good records.
Multiple point-to-point The same data is sent multiple times to multiple Increased impact of changes, complexity, overhead in
interfaces, resulting in storage systems in multiple formats. This results in the same knowledge transfer and support, high cost of storage
and transmission issues data being stored in multiple repositories. and back up.
Data inconsistency, lack of data ownership over
Multiple points of transformation Similar logic/calculations are applied at multiple sites
business functionality, lack of control over the data
for similar logic across systems.
manipulation and increased overhead costs.
Confusion and complexity, high dependency on SMEs
Inconsistency in Data Mapping No common format for data intake. and additional/complex processing to bring about
conformity.
Some systems receiving data have explicit
Tightly Coupled systems The effort and risk associated with change is magnified.
dependencies on systems at the other end.
The immediate impact is often on Legal Day 1
Assimilation of data across merging entities brings reporting which is manual, intensive and might not be
about unique challenges in terms of platform accurate.
Mergers and Acquisitions incompatibility, data dictionary mismatch, sunset of
legacy applications, lack of formal data governance Increased costs due to multiple systems across the
policies and many more. entities. Incorrectly assimilated data and systems can
lead to top line and bottom line impacts.
An Approach to Enterprise Risk Data Governance
Data Governance goes hand in hand with setting up the Data Management Infrastructure and Platform. When rolling out the architecture
and systems for managing and reporting the data, it is essential to have a strong Data Governance mechanism that will monitor and control
the data itself.
An Enterprise Risk Data Governance Solution has 3 main Pillars: “People, Process and Technology”. This approach leverages enterprise data
and information as a key asset increasing the quality, consistency and confidence of decision making. The first figure below is a simple
illustration of a Basel risk reporting platform. Data governance is expected to permeate every activity in this system and be prevalent across
the life cycle of data. The second figure illustrates the People, Process and Technology approach to data governance.
Infosys – White Paper | 3

4. Enterprise Risk Data Governance in a Basel Environment
Data Sources
Origination
System Basel II Risk Environment RWA Calculation and Reporting
Servicing Risk Datamarts
System
G/L Reconciliation
Collateral RWA Calculator
Data Quality/ ODS/Staging/CDC
Mgmt.
System
Source System Extracts
Factor Model Environment
Risk Datawarehouse
Loss & Reporting Tool
Recovery Segment
ETL
ETL
System Definition
PD, LGD,
Reference EAD FFIEC 101
Data Reports
Op Risk
Models
External ICAAP
Sources Reports
Model Validation/ Feedback
Management
Reports
General Model Execution and Output
Ledger
Data Governance
e Risk data Gover
erpris na
nt nc
E
e
·
Manage & Feedback
Assessment & Control · Review, approve,
· Stake Holders monitor policy
· Office of Data Collect, choose,
Governance · review, approve,
monitor standards
· Data Stewards
Pro
ple
· Align sets of policies
Successful Data
ce
and standards
o
Pe
ss
Governance · Contribute to
Business Rules
· Regulations · Contribute to Data
· Internal Policy Strategies
· Risk handling procedures Identify stakeholders
and establish
decision rights
Technology
Enhance Monitor Confrom
Standards, Strategy & Data Quality Assurance
Create Measure Clean
Customised Rules
Datatype Mismatch Data Consistency De - Duplication Special data Data Parsing
Missing Values Referential Intergrity Data Enrichment Data Matching
Exception Handling Data Pattern Check Data Validation
The role of people in data governance is one of the most important dimensions. Inculcating
an enterprise wide sensitivity to Data Governance starts with building a Data Governance
Council. The Council is responsible for formulating policy regarding storage, modification and
PEOPLE
distribution of data across the organization; maintaining the integrity of the data and providing
broad guidelines. The data governance council is also responsible for creating awareness that
data can be an asset to the organization if it is maintained correctly.
4 | Infosys – White Paper

5. There are a few main roles that should be established as part of the Data Governance Council.
Data Steward: This is a quality control role and is an executive of the data governance council who is entrusted to provide custodial care of
data and is focused on improving data quality to the level required by the business.
The role of the steward focuses on the following:
• Business definitions and rules
• Identification of critical data elements
• Data quality monitoring, issue identification and resolution
• Identification of trusted sources of data
• Support in the simplification of the data environment
The data steward needs to set a specific and measurable goal for data quality and is responsible for guiding the effort. An important aspect
here is culturally sensitivity, as there are many stake holders who are involved in framing the data governance policy and there will be
considerable impact to lines of business within the organization. The data steward is also responsible for resolving any conflicts arising out
of the new policies that are being established.
Data Champion: Is appointed by the data governance council and is responsible for exception management as far as data quality is concerned.
The data champions work on risk data exceptions and analyze every exception due to the deviations from the expected risk data quality
norms. The data champion also lays down the business rules in consultation with people from the risk management team.
Data Analyst: The data analyst provides a 360 degree view of risk data from different sources. The data analyst helps in the analysis of different
feeds and sources for consumption of the risk related data with respect to Fit for Purpose. The risk data analyst, along with the data champion,
is responsible for framing the matching logic used when standardizing the data from disparate sources.
The Council forms a core part of the overall Data Governance strategy of the firm. The Council will put in place various processes, workflows
and solutions to deliver the Data Governance Vision.
From studying past failures, it is clear that the absence of a strong data governance policy
coupled with faulty business processes lead to poor data quality. The Data Governance process
starts with the creation, documentation and implementation of data governance policies
and procedures which should ensure data consistency, data standardization, data reusability
PROCESS and data distribution within the organization. A formal governance council needs to be put
in place to ensure the smooth implementation of these policies and procedures and provide
a mechanism for communication of data related initiatives throughout the organization. The
council will be a liaison between the business and the IT functions, which will review and
monitor the data policy from time to time.
When establishing the norms, data quality should be defined and monitored thoroughly on many dimensions such as completeness,
conformity and consistency while maintaining data integrity throughout the life cycle of the business.
Data quality assessment and improvement requires established processes for data profiling, standardization, matching and monitoring.
Data Profiling is the systematic analysis of data to gather actionable and measurable information about its quality. Information gathered
from Data Profiling activities are used to assess the overall health of the data and determine the direction of data quality initiatives. Data
standardization is the process of detecting and correcting erroneous data and data anomalies within and across systems. It also ensures
that the data conforms to the data quality standards. The standardized data is then used for matching purposes across various systems.
Data matching across the systems reduces duplication and is also a means to identify similar data across systems. Data monitoring is usually
an automated process used to continuously evaluate and report on the condition of the enterprise data. Information obtained from data
monitoring activities is used to evaluate the effectiveness of the current processes and identify areas of improvement.
Metadata is an often ignored piece of the Data Governance conundrum. The holistic approach to Data Governance should reserve policies
and processes around creating, maintaining and using metadata. Metadata implies data about data; it bridges the business objective with
the information. The data steward or the person(s) reporting to the data steward use metadata in the context of building and expanding an
application to meet business demands.
Infosys – White Paper | 5

6. Metadata management ensures that metadata is created and captured with all the necessary details at the point of data creation. Metadata
should be stored in a repository that can be used by multiple applications and is not necessarily limited to a central physical repository. Even
a logical association is sufficient to provide a link across physical repositories. Metadata captured at the source is helpful in maintaining the
data lineage through the data warehouse till reporting. This way any change arising from the business requirements can be deployed with
ease, irrespective of where the change occurs in the lineage, which leads to greater confidence in the minds of the end user and the business.
Metadata is an invaluable tool when working with auditors and regulators to prove the capability and quality of the Risk Reporting platform.
It is imperative to establish processes that take into account all these workflows. Only when one measures the current state of affairs is it possible
to go about fixing them. To this end, Data Governance processes should be clearly communicated and policies should be made a priority.
Technology is a great enabler for improving data quality and maintaining data governance
in coordination with people and process. The right technology not only acts as a vehicle for
people to deliver and monitor the processes, but is also an effective force multiplier. Leveraging
TECHNOLOGY
technology in the right places, means the Data Governance process is made transparent and at
the same time seamless. This is accomplished by providing the right work flow for maintaining
data quality and integrity throughout the business life cycle.
The right technology allows correlation of data across many sources; matches them and identifies duplicates, primarily around standard types
of client, product and account. It also provides a hub to integrate with other systems and turn data into information. Technology provides a
yard stick for measuring the existing data quality and offers many ways for data type validation, corrections and ensures consistency across
various systems. Data quality dashboards provide the data governance council a 360 degree view of the whole data management process and
its effectiveness. The dashboards also help in bridging the gap between the business and IT functions by providing a graphical representation
of the data quality scoreboard, trends in data quality and the improvement in processes over a period of time.
Technology also helps in discovering problems with the data and automating the data quality processes. It helps the business create standard
rules for data validation, transformation and standardization; define the workflows; and monitor the data throughout the business life cycle.
The figure below is a sample snapshot of key criteria and demonstrates how dashboards can be leveraged to assess data quality.
Missing key customer information like Name, phone, email, address components etc
Fields % incomplete Fields % incomplete
City 0.80 Original Account Name 0.36
Contact Person First Name 0.03 Postal Code 5.11
Country 0.00 Region / State 7.21
E-Mail Address 5.66 Standard Account Name 0.36
Last Name 0.05 Street 1.27
Orphan Sample
analysis, pattern
incorrect Completeness analysis
values in for postal
Con
ity
fields etc codes
for
egr
mit
Data
Int
y
Quality
Total Number Total number % of Duplicate
Metrics
ncy
of duplicates of US Records Records
Dup
% non -standard cities and
Detailed 10143 1,60,749 6.30%
%
iste
account names
lica
s
report based non-standard
Con
tes
30.00
20.00
on match Address 10.00 cities and
conditions Cleansing 0.00
Account
and survivor names
identification
Address verification
Address cleansing
Address parsing errors
USPS / ROW database
Enrichment parameters
While formulating a Data Governance vision and strategy, technology should not be far behind. Putting in place norms and criteria to enable
people to leverage the best technology that is relevant is an important step. The technology choices should be influenced by data quality
requirements, metadata functionality and existing technology in the data management space.
6 | Infosys – White Paper

7. Conclusion
Data governance is not just about Regulatory Compliance. Setting up a clear Data
Management philosophy and vision across the enterprise is imperative. People, Processes
and Technology must be deployed to have the maximum effect on the data that is used
for operational and management decision making.
Data governance must reach beyond complying with legislation. The intent of legislation
is to exhibit control over any data that is used for regulatory reporting. A key aspect is to
ensure that any standards regarding Fit for Purpose are applied throughout the enterprise.
Data Governance is also analogous with maintaining and managing the storage and
security of sensitive data.
All this should allow users and managers to focus on running the business, confident that
the reports and numbers are accurate and reflect the true position of the organization.
Firms should look at this new operating environment as an opportunity to re-jig their data
management capabilities and tackle more than regulatory requirements. It is possible
to gain a competitive edge by using risk data that has been rigorously controlled and
delivers a high degree of accuracy. This risk data that is used as the source for insights
into customer behavior, or a 360 degree view of every dollar, is inherently more reliable
and relevant for management decision making. Lastly, Data governance policies and
processes should be aligned with the risk management philosophy and should be a
corner stone of corporate governance.
About the Authors
Nagharajan Vaidyam Raghavendran is a Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. His
responsibilities include solution architecture, design and technical assistance for Data warehousing, Business intelligence and Analytics projects.
Sudarsan Kumar is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has over 6
years of experience in designing and delivering complex, large scale Risk Reporting systems.
Partha Sarathi Padhi is a Senior Consultant with the Risk and Compliance Practice of the Financial Services and Insurance Vertical. He has
experience in delivering Trade Surveillance and Enterprise Data Management solutions.
Infosys – White Paper | 7

8. About Infosys
Many of the world's most successful organizations rely on Infosys to
deliver measurable business value. Infosys provides business consulting,
technology, engineering and outsourcing services to help clients in over
30 countries build tomorrow's enterprise.
For more information, contact askus@infosys.com www.infosys.com
© 2012 Infosys Limited, Bangalore, India. Infosys believes the information in this publication is accurate as of its publication date; such information is subject to change without notice. Infosys acknowledges
the proprietary rights of the trademarks and product names of other companies mentioned in this document.