Data Management as a Business Enabler

What development have spurred this interest?

I think there are a lot of reasons for this dynamic. To begin with, we can see that data management is high up on the regulatory agenda at the moment, and especially for banks being supervised by ECB.

Our Data Management and Innovation team just recently reported back experiences and observed practices during an onsite ECB inspection where they supported the client. The foundation for the inspection is the principles and expectations that ECB has derived from the BCBS 239 publication. Without going into details about the regulation, there are lessons to be learned here. They range from what preparations an institution can make for such an exercise, both in terms of preparing data management artifacts, but also from an operational perspective.

What are your reflections and observations on how these supervisory activities are carried forward?

The design and execution of such supervisory activity can become intrusive, from promptly ensuring access for interviews with senior management to time restricted fire-drills where the institutions need to put their data management capabilities to practice and check in a credible response within set time limits. It is fairly common for banks to approach advisors in simulating AML related inspections to make sure they are prepared whenever they are subject to a supervisory activity. From this perspective we believe it is reasonable to have the same mindset in the context of data management.

ECB has pointed out structural weaknesses in this field at multiple occasions, so it comes as no surprise that “addressing deficiencies in risk data aggregation and reporting” is explicitly listed in their published list of priorities for the coming three years. As such, it would make sense to review the capabilities. Especially as this supervisory cycle coincides with many banks submitting applications for using the advanced methods for calculating capital requirements for credit risk. Data quality assessments of governance and operational capacity are already in scope for these institutions. It makes sense to extend these efforts with a wider risk coverage in mind.

So, how does this apply to the Nordic region?

While national supervisors in the Nordics may have a different approach to supervisory interaction, at least for now, it can be noted that for example the Danish FSA clearly communicated their expectations on banks as well. I think their report from 2024 was well written and where the analytical conclusions have merits. Smaller banks don’t have the same resources as the larger ones. Banks using the IRB approach tend to be better organized compared to banks using the standardized approach. But still, you need to have a structured approach to managing the data to be able to manage a bank correctly. What good is a report to the board if the conclusions in them may be impaired by poor data quality?

I think this is a very interesting perspective. It’s certainly a topic we will bring to the roundtable dialogues we have with clients. That is, if you as a CRO is presenting the outcome from a portfolio simulation or stress test, how can you strike a balance between offering numerical accuracy while also provide comfort to the board that even though data will never be perfect, the presented results can be used as part of the decision-making process.

What are the critical components for being successful in this area?

From the perspective of the importance of accurate data during decision making, it is hard to argue that their (the Danish FSA) approach to review capabilities and potentially apply capital add-ons as part of the Pillar 2 process is unwarranted. My colleague Björn Heir, managing the Data Management and Innovation team, always emphasize that good data management practice must start with senior management agreeing on a credible data strategy. This is important as the strategy also should include a supportive long-term funding model and mechanisms.

By experience, it is not uncommon to encounter situations where funding needs arise for resolving data quality issues, but where these are viewed as originating from the risk functions or business departments, rather than being the consequence of poorly designed framework, and therefore should be funded by their existing yearly budgets. I.e., what should have been resolved by design in a functional data management framework instead ends up as a severe constraint for the data consumers. Therefore ensuring that a robust funding model is incorporated into the strategy is arguably the most important component to become successful.  

With the capital add-ons imposed by the Danish FSA I think that the business architects and data owners now have the arguments in place to convince management about the return on investment from activities related to this area. If phrasings such as “data is the new oil” or “our largest asset is data” is to have meaning, surely management and the board would have an interest in managing it accordingly.

Finally, related to what I already mentioned, there is a common view that ECB standards and practices tend to influence or outright be integrated into national supervisory strategies. So even though ECB only supervise the largest banks in the euro-zone, it makes sense to already now prepare for a more focused approach for smaller banks in Sweden as well. Even though BCBS239 does not directly apply to a mid-/small sized Swedish bank, it is also possible to map out the regulations that do apply, connect the dots and get a view of what is expected in this area. Yet again, strong data management practices should not be viewed as a “compliance item” but rather as a business enabler allowing a bank to price and manage risks and ultimately safeguard long-term value creation to shareholders by appropriate decision-making using data that can be trusted.