Financial crime prevention teams can take the lead in improving the understanding, usage and remediation of data across an FI by adopting the following approach:
1. Knowledge and understanding
Financial crime leaders must understand the importance of data to their systems, processes, controls and teams. This includes the quantifiable impact that financial crime data has on their teams’ effectiveness and efficiency, as well as the wider business benefits. They can then become advocates for positive change, rather than agitators.
Financial crime teams should be able to articulate the importance of tackling financial crime to other business functions, explaining that data issues will impact a bank’s ability to meet regulatory requirements and can drive up operational costs.
In addition, financial crime teams need to understand the objectives and activities of data owners with respect to their data, including the challenges faced by each area of the business. They should create a cross-organization understanding of customer and product data attributes, their usage and governance.
2. Assessment and consequence management
The status of data should be assessed using carefully designed rules, controls and criteria. These techniques may form the basis of ongoing data controls to identify changes in data usage or volume as part of business as usual (BAU).
Data issues should then be identified, assessed and investigated in order to understand:
- The impact of the data issues on financial crime controls and wider systems and processes, which may include activities that are blocked due to poor documentation or governance.
- The potential upstream source or cause of the issues, where possible.
This activity should include both data relevant to financial crime controls and data previously identified as important to the business to create a full benefits case and data collaboration plan.
An effective assessment must also include consequence management – the process by which the consequence of fixing or not fixing data issues is identified – and explicitly outline the cost of slow resolution. This will allow a full understanding of:
- The expected benefits of meeting future regulation by completing timely resolution (and associated expected costs of non-compliance).
- The costs caused by data and design issues, including duplicated efforts, process inefficiencies, potentially wasted future spending and blocked processes.
- The expected return on investment for successful resolution, offsetting the cost of resolution with the expected benefits of business growth.
Data issues may relate to the population of data attributes, as well as other control areas such as metadata documentation (e.g., data dictionaries), data lineage (the flow of data through systems), data access, data validation (e.g., data validation checks) or wider data management and governance principles. Given the many potential causes of data issues, including the exacerbation by poor design, a holistic assessment of systems, processes and controls can be beneficial.
Understanding the full impact of data issue resolution is particularly crucial at the current time. The long-term economic impact of COVID-19 will likely mean that only change initiatives with the most robust business cases will be considered viable.
3. Collaborative prioritization and business case
Identified data issues should be prioritized by considering impact complexity and whether the data is captured internally or through a third-party feed. Data issue prioritization should consider the availability of the data, the impact on operational costs and other systems, and the potential regulatory and business benefits from successful resolution.
Using appropriate governance structures and processes, financial crime teams should then initiate discussions with data owners – based on a common understanding of priorities, costs and benefits for all potential data initiatives – to agree organization-wide data collaboration priorities. Having the support of the wider business is more important now than ever in the face of the strain imposed by COVID-19. Such support will make it possible to address issues quickly and efficiently, maximizing benefits and minimizing costs across the business.
With priorities for issue resolution established, a full and thorough business case for change must be developed and agreed with the wider business stakeholders. This business case must:
- Bring to life the business benefits of intelligent, targeted remediation of prioritized critical data elements.
- Demonstrate the future savings by acting now.
- Fully articulating the collaborative case for pooling resources to deliver long-term strategic change.
Example: Business-led prioritization
Some banks use simple scoring models to prioritize data attribute remediation by offsetting the business value of the data fix (e.g., enhanced customer experience) against the difficulty of remediation (e.g., cost of new technology rollout) or compliance benefit. These models provide easy methods of prioritization that can be flexed based on other relevant factors such as regulatory pressures and operational costs. It is important to involve the correct internal stakeholder groups and apply appropriate governance.
4. Collaborative remediation
With an agreed prioritization of data issues and approved business case for change, financial crime teams can collaborate with data owners to undertake issue resolution and design enhancement, while also managing the consequences of these data issues across downstream systems.
The approach to issue resolution will vary significantly, depending on the size and makeup of the organization. Consideration should be given to the differing requirements for remediation based on the underlying issue. For example, the enhancement of metadata or the documentation of lineage are likely to require different processes from those needed to augment poor-quality customer data attributes.
Some FIs are making use of advanced technology to validate the accuracy of unstructured and structured data. For example, in some jurisdictions, government data sources can be used to reconcile the accuracy of a passport or driver license provided for Identity and Verification (ID&V) purposes.
The most efficient issue resolution processes tend to use workflow management systems coordinated by centralized dedicated Chief Data Officer (CDO) teams.
5. Innovate and thrive
Successful resolution of prioritized data issues will leave an organization optimally placed to innovate and gain a competitive advantage over market incumbents, as well as challenger and neo banks. It will enable the FI to:
- Establish an ongoing data strategy unencumbered by legacy data issues.
- Develop market leading financial crime controls and processes that can use the full breadth of data to the maximum degree.
- Remain ahead of regulatory change, with quick and efficient reflexes.
- Respond quickly to new demands in the market to gain early market share.
- Participate as leaders in cross-industry detection and prevention initiatives.
By achieving these goals, FIs can not only meet future regulatory demands with minimal costs and maximum effect, but also continue to adapt and thrive in a competitive landscape.
To support the organizations in addressing data challenges in a financial crime context, and through collaboration with the wider organization, we have consolidated the key steps outlined above into the diagram below: