Data Governance has received much attention in both the academic and practitioner communities over the past 15 years. Investments in data platforms like data lake or cloud warehouse for effective strategic and operational insights will truly materialise if the data in these platforms are actively managed and governed, shares Tejasvi Addagada, SVP, Chief Data Office, HDFC Bank with Shruti Jain of Elets News Network (ENN).
How significant is the role of data governance & management in today’s scenario for the BFSI sector?
Data is now considered an asset like IT (Information Technology) and human resources (People). Organisations must protect data through corporate governance frameworks as one of their most valuable assets. Along similar lines, Data Governance has received much attention in both the academic and practitioner communities over the past 15 years. In the past decade, the interest in data management has increased multi-fold with the evolution of business models that are driven by data along with the evolution of the modern data stack and cloud capabilities. This has in fact resulted in a need for improved data literacy around the globe.
Investments in data platforms like a data lake or cloud warehouse for effective strategic and operational insights will materialise if the data in these platforms is actively managed and governed. Reusing data while defining and observing it when it exists on the platform, like a lake, will be a critical part of platform governance. This will generate incremental value, reduce costs, and ensure that the platform does not turn into a swamp.
To summarise, the needs of financial services require an increased focus on regulatory preparedness as regulations around data to evolve. The business environment is undergoing constant transformational changes while the primary drivers of these evolving needs are advancements in technology and competition. Data governance is now a new normal in most enterprises as demanded by regulations like BCBS 239, GDPR, EU No 1024/2013, EMIR, GDPR, and MiFID2. Moreover, data governance is a process of managing the availability, integrity, use, and security of data used in an organisation. It involves defining policies, procedures, and standards for collecting, storing, and destroying. The
goal of data governance is to ensure that data is trustworthy and insights derived from data can be relied upon.
As a technology leader, how do you think automation is uncovering opportunities for end-to-end enabled processes to drive efficiency and enhance control monitoring?
In the daily routine of a metadata analyst or a privacy engineer, there might be anywhere between 10 and 50 requests to classify data. This is to determine whether data is personal data or sensitive personal data of customers. This classification is further used by Information Technology (IT) or Business divisions to implement and enhance controls. Automation of data classification as one of the many opportunities can make it more efficient for multiple data, privacy, and IT personnel by freeing up their time to work on value-added activities.
Automation in data quality across business processes can enforce consistency in the way data is collected from various channels like branches, mobile apps, and internet banking thus reducing the risk of human error, leading to a reduction of blockers in turn-around time to service customers.
Enhanced monitoring is possible through automation in data platform governance. This is because capabilities such as schema drift and quality alerts, latency thresholds, and spend monitoring are available, making it possible to scale data operations with ease.
Today, regulations drive enterprises to assess data-related risks. Why do you believe so?
There are many regulations that provide direction on the assessment of data-related risks. Indeed, my latest book “Data Risk Management: Essentials to Implement an Enterprise Control Environment” covers the value-based perspective of managing data risks apart from the regulatory perspective. Managing privacy risks as a domain is set out specifically in the General Data Protection Regulation (GDPR) within the European Union (EU). This regulation drives the creation of a control environment in organisations that process the personal data of European citizens. Similarly, the Payment Card Industry Data Security Standard (PCI DSS) provides guidance to organisations that store, process and transfer cardholders’ data. Along the same lines of managing data risks are the Health Insurance Portability and Accountability Act (HIPAA), and Federal Risk Authorization Management (FedRAMP).
Tell us about your book Data Risk Management- Essentials to implement an Enterprise control environment. How is it making a difference?
If you are into managing any kind of risk, you must hear this often – risk and value are two sides of the same coin. Well, that’s not far from true! As we hear common phrases embraced by industry practitioners like “data is the new oil”, and “data fuels the digital economy”, it becomes evident that data has to be managed actively along with technology. Data and its infrastructure, such as pipelines and databases, must be managed for both their benefits and risks. I got an opportunity. A mortgage service provider in the United States invited me to establish a data risk function with the goal of creating “trust” in the data that was being processed to take decisions. As a result, I have shared my practical experiences with the broader community on how to manage data risks in a step-by-step approach, right from influencing the Board. Privacy is one of the most crucial data risk domains, and with my recent stint as a data protection officer, I got to publish the last chapter of the book on data privacy risks.
How do you see data risk management shaping up the banking industry in the next few years?
Many data offices see value in data by monetising it either directly by packaging and selling it or by gaining insights to create a competitive advantage. This could be an increase in wallet share or customer satisfaction. There is often a void in enterprise risk management functions to actively manage data risks like the way other strategic, operational, and regulatory risks are managed. However, data offices are yet to curtail substantial risks associated with data and its operations. Some of these aspects are covered by widely known general data management principles.
We now can see that popular frameworks like the Data Management Capability Assessment Model (DCAM) take into account the principles of data risk management. I can see this domain expanding in standards with awareness built by common yet standard frameworks and regulations like privacy and security policies.