The Monetary Authority of Singapore (Authority) has published an information paper titled “Data Governance and Management Practices – Observations and Supervisory Expectations from Thematic Inspections”.
What Does the Paper Cover?
The paper focuses on data governance practices that address data quality risk. It incorporates a set of supervisory expectations, aimed at guiding financial institutions in enhancing their data management capabilities in accordance with the Basel Committee on Banking Supervision’s Principles for Effective Risk Data Aggregation and Risk Reporting (Basel Principles).
The paper contains observations from thematic inspections on data governance and management of systematically important banks in Singapore, specifically:
- Board and management oversight on data
- Data management organisation and policy
- Data quality management and controls
- Data issues identification and escalation
- Independent validation of data
Controls also need to be supported by well-organised IT infrastructure and data architecture.
Why Was the Paper Published?
The paper highlights the importance of data (described as a “strategic asset”) to the financial services industry. Data is used for, among other things, fraud surveillance, anti-money laundering, liquidity management, underwriting and investment management. The industry has also seen “exponential growth of data availability and advancement in data analytics capabilities”, with data being leveraged and deployed to increase operational efficiency and effectiveness in risk management.
To this end, data governance plays a vital role in ensuring that data relied upon for the above purposes is accurate, consistent and complete. Privacy and confidentiality breaches must also be mitigated against, to address the risk of data being misused.
What Expectations Are Set Forth in the Paper?
At a high level, financial institutions are expected to benchmark their data governance and management practices, including against international standards, taking into account their organisational structure, business model, scale of operations and risk profile. Where necessary, steps should be adopted to address gaps in a risk-appropriate manner.
The Authority has highlighted, under each of the relevant themes, its supervisory expectations and key observations from its inspection – as well as consequential improvement areas. The paper also offers some illustrations of good practices. These thematic inspections and corresponding observations are as follows:
Board and Management Oversight on Data
- A robust data governance framework should be adopted, with management committee oversight into risks.
- The board should be updated on data management issues, including the status of implementation of the Basel Principles.
- Data governance metrics should be included in management reports, broken down by business and support unit, rather than at an enterprise level.
Data Management Organisation and Policy
- There should be clear roles overseeing the implementation of data management and standards across the organisation, such as a data management charter.
- There should be rectifications of exceptions in metadata, data controls between different stakeholders, and appropriate data quality thresholds and control assessments.
Data Quality Management and Controls
- There should be scorecards to monitor and measure data quality and take corrective actions, as well as controls for end-user computing tools.
Data Quality Issues Identification and Escalation
- There should be escalation criteria and action plans to rectify poor data quality and underlying gaps.
- There should be consistent data lineage documentation with sufficient granularity and coverage.
Independent Validation of Data
- There should be an independent validation function, with organisational arrangements and mitigants to maintain its independence even if housed with other risk reporting functions.
- “Fire drills” should be carried out to test capabilities during a crisis.
Concluding Remarks
While the paper is not legally binding and does not apply to organisations outside of the financial sector, the observations and good practice examples are highly useful and relevant to any and all organisations processing data, including for the deployment of artificial intelligence, since “having a foundation of good quality data becomes even more critical” in machine learning.
Should you require any assistance or advice on designing and operationalising an effective data governance strategy, feel free to reach out to this author or your usual contact at the firm.