1. Data Governance starts with planning;
• Metadata Management
• Master Data Management
• Data Quality Management
• Data Privacy & Security
Enterprise Data Governance
for Financial Institutions

2. What is Data Governance?
Ref. http://searchdatamanagement.techtarget.com/definition/data-governance
Is what FIs tracks
in spreadsheets
today.
Uses MDM technology
to enhance FI data
quality and provide
metrics on data
governance programs.
Defines FI standards
for data and who
will be accountable.
Assigns a security
classification type to
all structured and
unstructured data
within the Financial
Institution (FI).

3. Benefits of Data Governance
• Adopting a Data Governance strategy can help Financial
Institutions protect sensitive information from attack or
misuse and also helps the organization use its data more
effectively.
• Good Data Governance practices and data security
classification help to protect against and limit the risks
of a data breach, data leakage or human misuse of data.
• By having a Data Governance program, organizations can
establish data storage lives and destroy old data to reduce
data storage and maintenance costs. Providing a small boost
in ROI of Data Warehousing & Business Intelligence Programs.

4. Basic
Immature policies
and procedures
Lack of training
and awareness
Limited technology
Standardized
Established policies
and procedures
Formal training
and awareness
Minimal technology
Rationalized
Process and
procedure
Improvement
Formal training and
compliance metrics
Reduced reliance on
manual controls
Dynamic
Process
transformation and
more integrated
compliance efforts
Formal training and
compliance metrics
Fully automated and
integrated controls
managed by IT
Data Governance Maturity Model
Resource & Technology
Investments
Time

5. Data Governance Strategic Objectives
•Produces information that is easily accessible, standardized,
and sourced from a single place.
•Produces information that can be used to make and support
operational and strategic business decisions.
•Ensures data is captured, mapped, stored, managed, retained
and archived in accordance to FFIEC compliance regulations.
INFORMATION DELIVERY
Information Management of
Enterprise Reporting Content
•Assists in dismantling business systems that are designed or
built with architectural dependencies on other applications.
•Consolidation of business application and reporting systems.
SIMPLIFY SYSTEMS
Deprecation of Ad-hoc Legacy
Business Systems
•Supports the deployment of new applications by
standardizing key business terms to enable data conversion
and configuration of application integration points.
ENABLING CAPABILITY
Enabling the Deployment of New
Business Applications
•Provide quality support services that add value to FI
reporting data stakeholders and business users.
•Maintains safety and soundness of all the data used and
shared by the Financial Institution.
ONGOING OPERATIONS
Maintaining business functions
that maximize daily operations

6. Metadata Management
Specifies the basic components of data into
information that can be re-used to improve
business operations and processes, including:
• Design & control of Data Dictionary
• Identifying Data Stewards & Data Owners
• Retrieval of data from databases
• Design of information processing systems
• Design of EDI-messages
• Maintenance of items in a metadata repository

7. Metadata Repository (MDR)
• A Metadata Repository is designed to capture
the “basic components” or the semantics of
data, independent of any application or subject
matter area.
• MDR’s can reduce the time and costs of
defining and approving the semantics of data
by re-using basic components that have
already been approved by our data stewards.

8. MDR Registration Model
2
6
3
4
1
5
7
1) Project submits a term to
MDR for registration
2) Project team notifies
Registrar submitted item is
ready for certification
3) The submitted item is
routed to Data Stewards
4) Data Stewards work with
the project teams to define
terms and definitions
5) Term is pending approval
6) Term is approved by the
EDM voting members
7) Term is certified for use in
the MDR registry and
updated in the FCBT WIKI.
A Registration Process Model can be viewed here.
MDR Registration Process

9. Classification of Metadata Attributes
Attribute Definition Occurrence Required Metadata
Term Name The MDM approved term name. One per data element Yes
Business Definition The MDM approved definition One per data element Yes
Valid Values Examples of data element, amount, date, selection list or
other
If applicable Yes, If applicable
Standardized
Formula
Calculation used to derive a data element metric or
amount
One per data element Yes, If applicable
Source Reference The system the data element originates from Can be multiple systems of origin Yes, used to determine
ownership
Data Owner The decision contact for data quality and data privacy Could be more than one per data
element
Yes
Data Steward Definition contact. Appointee of the business owner. Could be more than one per data
element
Yes
Submission Contact Appointee of the project team One per data element Yes
Creation Date Date a data element was submitted One per data element Yes
Last Change Date Shows when a data element was last updated One per data element Yes
The complete Metadata Classification Schema can be viewed here.

10. Master Data Management
Brings together the:
• Business Rules for Data Quality
• Procedures for Metadata Management
• IT Roles & Responsibilities
• Progress Tracking & Reporting
• Data Privacy Classifications for all the
data within the organization
• Auditable Time Stamps & User IDs

11. Benefits of MDM
Master Data Management (MDM) is a methodology
for researching and implementing controls and
business rules around your data.
The many benefits to implementing Master Data
Management include;
- Preventing critical errors in data quality
- Preventing data loss, breach and negligence
- Improve efficiency and availability of information
needed for business decision making

12. Challenges of Implementing MDM
• Lack of centralization
• Data misunderstandings
• Lack of defined metadata attributes
• Poor data quality rules and guidelines
• Other priorities
• Lack of training and awareness
• No clear definition of success

13. Master Data Management Maturity
No MDM
Metadata
Schema and
Mgmt. Plan
Stewardship
and Project
Team Mgmt.
Model
Centralized
Hub
Processing
of all
application
database
data
Business
Rules for
Data Quality
& Policy
Support
Data Privacy
& Security
Processing
Maturity
Time
INVEST

14. MDM Capabilities and Enablers
Key Business Capabilities
• Well defined, documented,
and enforced policies and
processes for governing
master data and data quality
• Cross-functional teams of
business stakeholders
• Well documented, regularly
reviewed and updated
operational procedures
Key Technology Enablers
• Established metadata
schema and metadata
repository
• Data or information
consistency, migration,
quality, and transformation
tools (ETL)
• IT enabled access controls,
process management, and
security solutions

15. Solutions for MDM Life Cycle
Strategy
• MDM
Roadmap
• Program
Development
• Readiness
Assessment
• Data Quality /
Stewardship
Programs
Planning
• Project
Planning
• Tool
Assessment
• Architecture
Design
• Success
Metrics &
Reporting
Implementation
• Requirements
Workshops
• MDM Design
• MDM Process
• Stewardship
Process
• Data Quality
Support
• Policies &
Procedures
• SLA
Management
• MDM Training
• Change
Management
MDM Maturity Accelerators
• MDM Methodology
• Project Plans
• Architecture Frameworks
• Best Practice Techniques
• Training Curriculum
• New Technology Tools

16. Data Quality Management
Data Quality Management is the process of
establishing roles & responsibilities and the
business rules that govern data by bringing
the Business and IT to work together.
Their task is two-fold:- to address the
problems that already exist and to prevent
the potential ones from occurring.
Ref. http://blogs.perficient.com/businessintelligence/tag/data-governance/

17. Data Quality and Data Governance:
The Basics
• Business Rules
– Enterprise Architecture
– Naming and Identification Principles
– Formulation of Data Definitions
– Data Definition Process
• (see Data Registration Model)
• Roles & Responsibilities
– Business & IT Subject Matter Experts (SMEs)

18. Business Rules
Naming and Identification Principles
Each administered item shall have a unique data identifier
within the metadata register. (ex: ID_KEY)
A naming convention shall cover all the following aspects;
a) the scope of the naming convention, e.g. established
industry name
b) the authority that establishes names
c) semantic rules governing the source and content of terms
used in a name
d) syntactic rules covering required term order

19. Business Rules
Formulation of Data Definitions
A data definition should:
a) be stated in the singular
b) state the concept as a descriptive phrase or sentence(s)
c) contain only commonly understood abbreviations
d) be expressed without embedding rationale, functional
usage, or procedural information
e) use the same terminology and consistent logical
structure for related definitions

20. Roles & Responsibilities
Data Governance Council –
comprises of an Information
Management Head and Data
Stewards from various units.
Information Management Head –
is the one who is accountable to
the Governance Council on all
aspects of data quality. This role
would typically be fulfilled by the
CIO.
Data Stewards - are the unit heads
who lay down the rules & policies
to be adhered to by rest of the
team. This role would usually be
fulfilled by a Program Manager.
Ref. http://blogs.perficient.com/businessintelligence/tag/data-governance/
Data Custodians – are responsible for
the safe storage & maintenance of data
within the technical environment.
DBA’s would normally be the data
custodians in a firm.
Business Analysts – are the ones who
convey the data quality requirements
to the data analysts.
Data Analysts – are those who would
reflect the requirements into the
model before handing it over to
the development team.
Internal Audit – reviews procedures to
determine how well we did.

21. Data Privacy & Security Management
Financial institutions should control and protect
access to paper, film and computer-based media
to avoid loss or damage. Institutions should;
• Establish and ensure compliance with policies
for handling and storing information,
• Ensure safe and secure disposal of sensitive
media, and
• Secure information in transit or transmission to
third parties.
http://ithandbook.ffiec.gov/it-booklets/information-security/security-controls-implementation/data-security.aspx
FFIEC Action Summary

22. Data Privacy and Security Threats

23. Data Privacy & Security Challenges
• Information Security
– Organizations need to worry about evolving criminal enterprises,
but they also need to worry about small storage media devices
that can easily be lost or stolen.
– The financial and reputational costs that data breaches can have
on an organization is significant.
• Information Privacy
– The sensitive information involved in data breaches, and the
potential for an increase in identity theft cases has consumers
thinking twice about their personal information being held by
organizations.
• A Complex Regulatory Landscape
– Stop security threats and protect consumers’ personal information
– Spread awareness of best practices and promote self-regulation
Ref.http://tfs.sharepoint.nterprise.net/sites/Enterprise%20Data%20Mgmt/Project%20Management/EDM%20Presentations/Data%20Governance%20Research%20Files/Guide_to_Data_Governance_Part4_A_Capability_Maturity_Model_whitepaper.pdf

24. Data Governance Privacy &
Compliance Framework
People
• Committed and engaged executive leadership
• Trained, aware and accountable employees
Process
• Structured, repeatable, and adaptable process
• Data Classification & Data Stewardship
Technology
• Secure infrastructure that protects information
• Auditing and Reporting of access controls

25. Data Governance, Risk Management,
and Policy Compliance
• Governance ensures that the business focuses on
core activities, clarifies who has the authority to
make decisions, and addresses how performance
will be evaluated.
• Risk Management is a systematic process for
identifying, analyzing, evaluating, remedying, and
monitoring risk.
• Compliance refers to actions that ensure behavior
that complies with established rules as well as the
provision of tools to verify that compliance.

26. Data Governance Policies
• Data Stewardship (authority) Policy
• Data Classification Policy
– Public Information
– Internal Use Only
– Restricted Data
– Confidential Data

27. Data Privacy Risk Management Process
Establish
goals
Identify
(model)
threats
Analyze
risks
Determine
treatment
Evaluate
compliance
Diagramming
Threat
Enumeration
1

28. Data loss/leak prevention solutions are designed to
detect potential data breach incidents in a timely
manner and prevent them by monitoring
data while in-use, in-motion and at-rest.
A data leakage incident is when,
sensitive data is disclosed to
unauthorized personnel by
malicious intent
or human
mistake.
DLP (Data Loss Prevention) Software
INTERNET
DLP Suite

29. DLP Technology Domains
• Safeguard against malware and intrusions
• Protect systems from evolving threats
Secure Information
•Protect sensitive data from unauthorized access or use
•Provide management controls for identity, access , and provisioning
Identity and Access Control
•Protect sensitive data in structured databases
•Protect sensitive data in unstructured documents, messages, and records
•Automate data classification
•Protect data in motion
Information Protection
•Monitor to verify integrity of systems and data
•Monitor to verify compliance with policies
Auditing and Reporting

30. Click logos to view References