This post summarizes a series of roundtable discussions that four of our senior consultants held with regard to data management. The roundtables were focused on how integral data management is to various initiatives within financial services. We’ve organized a number of useful insights below. You can also tune into the original podcasts by clicking on each section heading.
We feature different panelists who focus on different areas in the space:
· Zoe Keen speaking with a Consumer Duty lens
· Emily Wright on surveillance
· Rupi Johal-Christophers helped us look at data issues from a financial crime perspective
· Katharine Leaman provided her insights on how some clients are solving problems in the space, as well as providing a regulatory spin (given her time working at the UK regulator)
· Data Stewardship: Financial institutions are appointing data stewards to identify and assign ownership of data sources within the organization.
· Multiple Data Owners: Data ownership is often shared across multiple individuals and teams, depending on the nature and use of the data. This can introduce inconsistencies.
· Compliance vs. Commercial Drivers: Data collection should be driven by commercial needs and insights, not just regulatory compliance obligations or concerns.
· Variety of Data Sources: Financial services collect data from a wide range of sources, including:
o Structured data from trading platforms.
o Unstructured data from communications channels like email, chat, andvoice recordings.
o Customer data, including special category or sensitive data.
· Data Collection Challenges:
o Data accuracy and completeness can be a challenge due to the variety of sources, formats and owners.
o New data sources are constantly emerging, requiring ongoing updates to collection processes.
o Regulatory requirements can vary across jurisdictions, adding complexity to data collection, transmission and storage.
Data cleansing is crucial for accurate analysis and insights. Challenges include:
· Maintaining a single customer view (e.g., due to multiple accounts or name variations)
· Balancing cleansing efforts with ongoing operations
· Keeping static data up-to-date and centralized
Solutions and best practices:
· Data drilling to support analysis
· Data cleansing to detect anomalies, e.g., numerical characters in names
o Incorporating data cleansing into transformation projects from the start
o Viewing data cleansing as an ongoing process, not a one-time task
· Leveraging customer interactions to update information
· Partnering with data owners to ensure quality and consistency
· Cloud storage is widely used, but concentration risk is a concern. Financial institutions should consider using multiple cloud providers to mitigate this risk.
· Regulators and auditors need access to records. Financial institutions must ensure that their contracts with cloud providers allow for this access.
· Data should be regularly reviewed and sensitive data should be deleted in a timely manner. This includes data from third-party providers.
· Vulnerable customer data requires special attention. This data should be encrypted and stored separately from other data.
· Financial institutions should clearly explain how they will use customer data and obtain consent for its use, when required.
· Behavioural biometrics are being used to detect fraud. This includes data such as how a customer swipes their device or the pressure they apply to the screen.
· Financial institutions are using voice technology to detect stress in customers' voices. This can be used to identify potential fraud victims.
· There is a delicate balance between protecting customers and disclosing too much information about fraud detection methods. Financial institutions need to be careful not to give away too much information to fraudsters.
· MI should be concise and actionable. Overly long and static reports are often ineffective.
· MI should be timely and relevant. It should inform current decisions, not just reflect past performance.
· Real-time reporting is becoming increasingly important. This is especially true in areas such as fraud detection and customer service.
· MI should be designed with specific outcomes in mind. It should not just track progress, but also help to achieve desired outcomes, especially in light of the Consumer Duty.
· MI should be predictive. It should help organizations anticipate future trends and challenges.
· Challenges of staying compliant:
o The volume of regulatory change is overwhelming. It is difficult for firms to keep track of all the new regulations that are constantly being introduced.
o In some small firms, Compliance is often performed by one person who sits across multiple functions. For such firms that do not have dedicated compliance staff, this makes it difficult to keep up with all regulatory requirements.
o Compliance is global. Firms need to comply with regulations from multiple jurisdictions.
· Embrace new technologies:
o New technologies can help firms to improve their compliance and reporting processes.
o Firms should not be afraid to experiment with new technologies.
o The FCA is opening a sandbox for firms seeking to leverage distributed ledger technologies. This will allow firms to experiment with these technologies in a safer environment.
· Integrated surveillance is crucial but challenging. It's essential to combine structured and unstructured data to effectively identify risks. However, current systems and tools aren't fully capable of doing this seamlessly, often relying heavily on manual human effort.
· Detecting risk is about more than just finding risk events. It also involves demonstrating to management how risks are being systematically searched for and how risk appetite is being applied.
· Regulators expect institutions to have the ability to prevent risks, not just detect them. This means having surveillance systems in place that can accurately prevent and detect risk events, even if they're synthetically generated.
o Surveillance and controls are important, but they should be seen as a preventative measure, not just a detective one. The goal is to identify and address potential problems early on – before they cause serious harm.
· Data silos and separate surveillance teams can hinder risk detection. When different teams work on separate datasets without collaboration, it can make it harder to identify risks that span across multiple data types.
· AI has the potential to improve risk surveillance, but it's still in its early stages. AI-powered tools, particularly those using large language models, are being explored to better interpret unstructured data and find links between structured and unstructured data. However, more development is needed before they can fully replace manual processes.
· Regulators are increasingly focusing on culture and conduct within institutions. This includes examining how employees' behavior aligns with the desired culture and conduct, as well as how diversity and inclusion are being promoted.
· Culture and conduct are crucial in the financial industry, but they're hard to define and measure. They encompass more than just compliance with regulations – they're about the way people behave and make decisions within an organization.
· Both top-down and bottom-up approaches are needed to create a positive culture. Tone from the top matters, but everyone in the organization needs to feel empowered to speak up and do the right thing.
Conclusion
As this is just a sample of some of the key insights from the series of roundtable discussions on data management in financial services, we invite you to have a listen to the individual podcasts (linked in the headings). Enjoy!
Please reach out and let’s discuss how Leaman Crellin can run a data management health check to uncover any relevant blind spots and help keep your firm compliant.
