Data Governance and Compliance for Banks and Insurers Made Easy

In today’s world, data has become an essential part of our daily lives both professionally and personally. Many organisations are starting to realise the value of their data and the role it plays in the use of emerging technologies. However, most organisations are failing to acknowledge that the quality of their data has a large impact on their success and ability to derive value, writes Sean Bierman, Senior Manager, and James Pearson, Manager, of BDO’s FSD team.

In an era of a big data, becoming a data-lead organisation is crucial in maintaining your competitive advantage. Being data-lead enables your organisation to leverage data and make informed decisions based on hard data reducing reliance on assumptions. Organisations in turn need to recognise the importance of broader initiatives to govern their data.

A survey conducted by New Vantage Partners on 85 fortune 1000 companies revealed that while 62% of firms are investing over $50 million in big data and AI, only 39.3% are managing data as a business asset. Ultimately this mismanagement of data could render firms’ investments in big data and AI useless due to the common problem of garbage data, which results in garbage information out. A potential solution to this problem is the implementation of a comprehensive data governance framework, which outlines the processes and activities that should be put in place to help an enterprise manage its internal and external data flows.

Data governance enables the seamless integration of people, processes, and technology which is the first step in leveraging data as an asset. Implementing a sound data governance program that is customised to your organisation is advantageous, as it will promote data quality and allow for the availability, usability, integrity, and security of your data assets.

Although becoming a data-lead organisation is highly beneficial for enterprises and the streamlining of their business operations, the most common driver for the adoption of data governance is regulatory compliance. While certain regulations do list data governance as a requirement, most do not force organisations to adopt data governance practices. However, owing to the escalating volume and complexity of the data in most enterprises, regulatory compliance is generally only achievable through effective data governance. An example of this is IFRS 17, which is prompting organisations to rethink the way they utilise data and has an effective adoption date of January 2023.

The new IFRS standard for insurance contracts requires entities change their approach to financial reporting and has highlighted the need for organisations to fully understand their data through its entire lineage, from creation to deletion. However, IFRS 17 does not require organisations to implement frameworks centred on data governance or management. IFRS 17 compliance is an immense change for insurance companies as they are now forced to reassess their data administration, financial presentation and actuarial assumptions. The success of IFRS17 compliance is highly dependent on the quality, accuracy and integrity of the enterprise’s data. Therefore, although not required in IFRS17, data governance functions, standards and procedures are key to achieving compliance as they will ensure the timeliness, accuracy, integrity and completeness of an organisation’s data.

In contrast to IFRS17, the importance of data governance has been recognised in banking sector regulations. This can be seen in Basel’s Principles for Effective Risk Data Aggregation and Risk Reporting (BCBS 239). Interestingly, of the fourteen principles put forward in the BCBS 239 regulation, governance is the first and arguably most important. The importance of this principle can be seen when one examines the impact governance has on the remaining thirteen BCBS 239 principles. For example, a data governance framework contains elements such as controls and standards which can assist banks in achieving the BCBS 239 principles of adaptability, completeness, accuracy and integrity. Data submission and collection processes also form part of an effective data governance framework. The processes outlined in a data governance framework can provide banks with the guidance and processes required to meet the BCBS 239 principles of timeliness, frequency and distribution. Lastly, the BCBS 239 principles of review, home/host co-operation, remedial actions and supervisory measures are covered by the forums, roles and responsibilities, escalation path and domains that are outlined in a comprehensive data governance framework.

Despite data governance being a BCBS 239 enabler, there are still common issues that banks face when it comes to BCBS 239 implementation. First and foremost is a lack of clarity on how to meet the fourteen principles outlined in BCBS 239. The reason for this is that most regulations hold clear requirements and standards for compliance, whereas BCBS 239 only puts forward principles, which are open to different interpretations. As a result, banks may find it difficult to clearly define an approach to BCBS 239 compliance. Large complex environments and legacy systems is another common issue that South African banks are facing as legacy systems do not communicate with one another or are patched together creating inefficiencies and unstandardised data. As a result, the vast quantities of data that are produced in these complex environments can be difficult to manage and understand without the proper controls in place.

This makes following a principle-based approach extremely challenging, and banks should utilise a framework that encompasses all fourteen principles of BCBS 239. The use of an effective framework will provide South African banks with the structure they need to develop a roadmap to their desired state. The framework that is best suited for this role is a data governance framework, as it helps address all fourteen BCBS 239 principles and can be tailored to your environment.

Given our experience within the industry, we have learnt that not only is data governance the key to becoming a data-lead organisation, it also plays a vital role in regulatory compliance, whether required by regulations or not. Data governance provides organisations with the standards, procedures and controls that form the foundation for a compliance plan.

We at BDO have pooled together our knowledge and experience within this space and have created the required content and procedures to enable your organisation to effectively implement a comprehensive data governance strategy and framework. With this, we are able to assist you in the initial creation of your data governance framework, assess the impact of your organisation’s projects on your data governance framework, and review non-compliance to laws and regulations to ensure compliance. Allow us to simplify your data governance and regulation compliance journey through our experience and expertise.

Read more BDO Insights