Managing Risk, Regulation and Data Governance
JEFF NELSON TITLE: MANAGING DIRECTOR – FINANCIAL CRIMES & COMPLIANCE DIVISION COMPANY: PRECISELY
Jeff Nelson is a Managing Director of Financial Crimes & Compliance at Precisely. He has over 16 years of experience in the financial services industry working with commercial and retail banks, broker-dealers, asset managers, and investment banks in the areas of process improvement, regulatory compliance, fraud, sanctions, and anti-money laundering.
JD DONNELLY TITLE: SENIOR DIRECTOR – PROFESSIONAL SERVICES COMPANY: PRECISELY
JD Donnelly, Senior Director of Professional Services at Precisely. JD is an Information Technology Strategist, the past decade plus have focused on driving business value though data. This includes developing and operationnalizing data governance programs, process optimization, digital transformations/technology enablement, and developing custom implementation strategies and roadmaps.
2
precisely.com
A financial services roadmap for compliance: An opportunity for organisations to improve operational efficiency and risk management practices
T
oday, financial services providers are well-known for being highly regulated. To meet these regulations, data governance frameworks have become crucial
for operations rather than just a nice option. Additionally, regulators in markets worldwide are demanding stronger and more comprehensive data quality capabilities within those frameworks, aiming to address weaknesses in risk management and internal controls. Therefore, solutions that deliver converging capabilities are an essential cog in the data management strategies of the future. Financial service providers are developing strategies that mitigate the expense and reputational damage incurred by non-compliance. How can all financial service providers start implementing great strategies? The first step is a change in mindset.
Compliance: An opportunity, not a chore Financial services providers must realise compliance is an opportunity, not a chore, or a hoop to jump through. Precisely Managing Director of Financial Crimes and Compliance, Jeff Nelson, still believes many financial service providers still look at compliance as a have-to, not a want-to. This is the first mistake you can make. However, Nelson says: “If you consider the merit of downstream decisions and what compliance requires you to do from a data perspective, what it does is add rigour to the process.
“Compliance should be seen as an opportunity for organisations to improve their operations efficiency and risk management practice.” – Aberdeen Group
precisely.com
3
“It ensures that the programme
in where we spend our money,
Nelson likens the current state of
from a data perspective creates
where we invest our financial ability
transition to electric vehicle (EV)
efficiencies and effectiveness
in order to continue the compliance
uptake. “I’m not ready to drive an
upstream so that your downstream
programmes that are out there.”
electric car, but at some point, I will
systems are there.”
be. I’m slowly leaning into that and As a result, the survey also showed
I think we’re finding more and more
The 2023 Data Integrity Trends
that companies are beginning to
organisations are willing to move
and Insights Report by Drexel
take steps in their data strategy
into the cloud.”
University’s LeBow College of
to manage specific constraints
Business details how many
they have. So what’s happening?
Those that are accelerating their
data-driven organisations have
“Market conditions are forcing the
transformations to compliance are
reduced workforces and resource
opportunity for many businesses,”
also finding cloud migrations are
allocation by 40%, and budgets
Nelson says.
helping financial services providers
by 37%, as a result of current macroeconomic uncertainties.
manage resource shortages, with Data backs this up; 57% of financial
the help of workflow automation,
service providers are moving
AI, machine learning and data ops.
“This means employees have to do
workloads to the cloud to create
more of their job with less support
more operational efficiencies, with
Precisely Senior Director of
and less money,” says Nelson.
43% of this figure accelerating
Professional Services, JD Donnelly,
“What that means is we have to
their digital transformations at
says one of the ways cloud migration
become significantly more efficient
a rapid rate.
is helping with workforce shortages is by “enabling a workforce multiplier,
“Driving towards more sustainable compliance to adjust to current macrotrends and optimise investments in the future.” – Jeff Nelson, Precisely
a key component of sustainability in the workplace”. It is in this way that a shift towards compliance is driving sustainability, as well as helping businesses adjust to macroeconomic trends and optimise investments in the future.
Precisely: The core characteristics of a sustainable compliance programme Precisely has been in the business of partnering with customers to develop and deliver data management solutions since its inception in 1968. So it’s no wonder it has developed six key pillars, or tenants, to building a sustainable compliance programme.
4
precisely.com
How are organisations managing compliance initiatives now? Sustainable compliance is in a state of evolution – with many organisations starting to jump on the bandwagon of implementing compliance initiatives – but where are most at with sustainable compliance now? There are key decisions that every organisation must make when sounding out compliance opportunities, such as whether to centralise or decentralise these initiatives. For Nelson, this decision is ‘part of the evolution’. “Many that go through this change are potentially starting to get pressure from a regulatory compliance perspective. “From an evolutionary perspective, I think many organisations will follow a decentralised approach,” Nelson adds. “They go through a decentralised approach where different groups and different divisions start enhancing their own microprograms. “Then at some point what you find is that the super-sophisticated client has a centralised approach. That has a lot of positives and it has a few negatives here and there, but the centralised approach could be great. But not every group within the financial institution has the same approach or needs. So there is, and will continue to be, a mix between the two.” Data suggests that currently, around 50% of organisations employ a centralised approach, while the other half manage compliance using a decentralised approach.
precisely.com
5
As Donnelly explains: “The first stage
This encompasses the ability
from certain portions of information
is to build a centralised knowledge
to end out notifications when
that you, as a financial services
repository, collecting information
exceptions are occurring, to check
institution, may have on them.
and democratising it. This way it
on the quality of it. This also applies
becomes relatively accessible and
to any change or a proposed
“To do that, you have to know
you have a single point of truth for
change that’s down the pipeline
where they exist throughout the
that information.
for any of those compliance areas,
multiple lines of business, and that
informing the change to particular
sometimes means it’s from different
“Second is identifying the data that is
owners or those that are
data sources, and that is why you
specifically important for a relevant
accountable to that data.”
need easy access to those data
compliance area. The third is about
components. It is also why you need quality data residing in these
an organisation, and what impact
Sustainable compliance: Common use cases
its position has on other facets of the
With many organisations
to identify and manage.”
business. This is important because
gradually seeing the value of
if you make a change to this, you’re
sustainable compliance as an
It is in this way regulations such
able to see how it will impact your
opportunity, many of its current
as GDPR and CCPA in the US
operations more broadly.
use cases come as a result of
mandate the need for financial
regulatory necessity.
services to have a comprehensive
asking where this data lives within
“Fourth is monitoring. It’s identifying
different components – it’s easier
data management and compliance
and understanding what good data
Compliance needs include General
programme. The more robust and
looks like. This really parlays into
Data Protection Regulation (GDPR)
thorough the programme, the easier
number five, which is observability.
and in the US extends to the
it is for financial service providers
This is about understanding and
California Consumer Privacy Act
to adhere to these regulatory
being able to inform any observable
(CCPA), both of which are designed
requirements.
changes or exceptions happening
to protect consumers’ data.
within that data, which then
These are not the only regulations
increases proactivity when it
As Nelson explains:
financial services providers
comes to data compliance.
“Compliance with GDPR
must comply with in the US. The
and CCPA means you need to have
Office of the Comptroller of the
“Lastly, it’s about recording data
the capabilities to be able to permit
Currency (OCC) also lays out
and documenting any changes.
your customer to remove themselves
regulations for specific data uses,
6
precisely.com
particularly in regard to
when adhering to regulatory
structure is that you have in place
anti-money laundering
requirements. This includes
needs to be flexible and adaptable
(AML) concerns.
sanctioning transactions with
because there’s always going to
corresponding banks and originators
be new compliance areas and
Nelson expands: “To determine if
of beneficiaries; the question of
compliance has many masters;
transactions look suspicious, you
permitting this transaction should be
it’s a wide term. A case in point is
have to understand who your
front of mind.
the rise in ESG (Environmental, Social, Governance) requirements
customers are. Thismeans analysing
and reporting.
transactions and ensuring customers
There’s the perspective of fraud too,
are not transacting with themselves.
and the need for compliance to be
You have to make sure hat account
robust enough to effectively adhere
“Any operating model needs to
holders are independent.
to AML requirements.
be able to accommodate and adapt to changes within all compliance needs.”
“You have to have good data for
“We are also finding that the
that particular customer to do that.
common use cases sometimes
It’s the same thing when looking
come externally based on what
at sanctions. There are certain
requirements are from regulatory
Data compliance: In support of ESG
people and organisations and
bodies and sometimes they come
Data compliance is a must in today’s
countries that you can and cannot
from internal pressures to make
financial ecosystem, more so as
do business with. Understanding
the financial institution more
organisations aim to bolster
this also requires a comprehensive
efficient and effective at their
their ESG initiatives and drive
compliance programme.”
current core business.”
sustainable practice.
Financial institutions need to ask
Donnelly adds: “The other thing to
Just as sustainable compliance is
themselves pertinent questions
keep in mind is that whatever the
an ever-evolving aim that financial institutions should seek to better, so too are ESG considerations an evolving goal that should be strived for. Nelson concludes: “At first, I think ESG was an acronym used to please the public. Now, organisations have taken it upon themselves to make it more than that. I think it’s critically important to the success of humankind, and a great thing to strive for.” While ESG governance may at times prove complex, by having an effective, sustainable data compliance mode, organisations can begin to consider wider ESG concerns, just as they have grown precisely.com
7
Precisely: How to keep compliance models agile Regulations are fluid in their evolution, and just as regulations evolve so too must a financial service provider’s compliance model. So, how do organisations go about achieving agile compliance models? For Nelson, it’s a culture shift. “Compliance is not a destination, it’s a journey. And it’s almost one where you never arrive at where it is you’re going to. It’s a journey of adaptation, it has to change, it has to progress, and it has to evolve because the regulatory environment is progressing and evolving the needs of your compliance model. “I think it’s acceptable for an organisation to say its compliance programme is not at 100%.” Donnelly adds: “We typically say data management and compliance is a lifestyle change rather than a diet. “So to get there to that level of sustainability, you can go through a quick fad diet to catch up, but you can’t achieve true sustainability until you go through a lifestyle change. It’s something any organisation should be working on all the time because it is a journey.” Data reveals around 40% of organisations say their compliance processes scale and adapt to changes in new use cases very well, with 30% saying there may be a few issues with scaling to meet change. Another 20% of financial services providers feel the scaling capabilities of their compliance processes are below average, while 10% say scaling compliance processes represents a very difficult challenge.
to consider implementing stronger
Donnelly says: “Not everything
middle out, as you identify data and
sustainable compliance initiatives.
requires governance, but identifying
what it relates to throughout the
that high value or high priority data
rest of the business.”
Compliance models: Where to start?
within the organisation or within that specific part of compliance, and
Instead of only seeing compliance
Beginning a new lifestyle in building
developing frameworks around that
as a cost of doing business,
sustainable compliance models may
will allow you to expand.
organisations should identify where
seem a daunting task, but where
data can drive greater insights,
Precisely has helped organisations
“There are three different
deliver business value and achieve
build models and frameworks – it
perspectives that can be considered;
strategic objectives.
says the best place to start is on
bottom-up, middle-out and top
critical, priority data, and building
down. Building a compliance model is
Donnelly offers an example: “If I am
models around that.
really the perfect example of building
a financial services company and
8
precisely.com
I am complying with GDPR and
Cross-functional synergies to expand value
CCPA, the data that is involved around that maps to the 360-degree view of my customer, which then maps to my enhanced customer experience or my improved ability for marketing and profitability. “So it’s about understanding that having a high quality of that data and ownership of that data and understanding where that processes within the organisation.
Compliance models: Adding value to critical data
This can then feed into analytics
Identifying critical data is at the core
and insights, which then optimally
of building successful compliance
support other organisational
models, but adding value to this
goals or a strategic objectives.
is something financial service
data lives within the other
The graph details ways that cross-functional synergies, born from a compliance programme, can expand value
providers should be looking to do, “Therefore, there is value
because, as said by Donnelly, “not
that can be extracted from
everything requires governing”.
the organisation by mastering
Donnelly explains the process:
and setting up a framework of
“As an organisation if you look at all
quality and management in
of the data within your landscape,
some of these compliance areas.”
you’ll find thousands of records in
precisely.com
9
Focusing on What Matters (critical data adding value)
The graph details a model for building added value to core data in a compliance model
different columns and fields. Firstly,
then gives you the ability to
For Donnelly, this depends
it’s about identifying the data which
expand operationally and have
on who is closest to managing
is of critical nature, assigning quality
data that is more centralised
areas of critical data. “We
and business rules to that, and
and streamlined.”
typically look at ownership and
understanding where it should
accountability from a domain
Compliance models: Who’s responsible?
perspective. Who are the
“Then it’s about mapping out those
Laying out the processes for
at stake on that piece of data?
relationships to other processes
establishing and implementing
that are involved in compliance and
effective sustainable compliance
“Then at the next level down,
policies. Organisations that do this
models, the question remains:
it’s important to have data
will find themselves quickly moving
who in a financial organisation
stewards facilitating and working
up this pyramid, as they pinpoint
should shoulder responsibility
with that data on a daily basis,
critical data.
for establishing data-driven
answering to key knowledge
compliance initiatives?
individuals. When we set up
live in the organisation.
“This high-priority data is typically then linked to an operation that runs the business, to do with performance or KPIs that an organisation is using to determine which way the business is going. “Then ultimately the pinnacle of the pyramid is identifying new opportunities an organisation can capitalise on. “So focusing on high-priority data at the onset is key for an entity to establish a governing organisationand foundations for the compliance programme. This model structure
10
precisely.com
individuals that have ths most
models at organisations, those
involved because some
with a significant operational
individuals who should manage
Sustainable compliance: The data integrity journey
impact are consulted and
the domain don’t want to be
Notwithstanding adoption issues,
informed of any changes to
involved. This then goes back
establishing sustainable compliance
data compliance models.
to that culture change, and
comes with abundant benefits. The
getting individuals to see the
initiative of any company – freely
“Sometimes it’s not cut and dry,
value of compliance models.
admitted or not – is to make money,
there could be workplace politics
It’s a team sport.”
save money and comply.
Distributing the operational management of compliance models may seem easy enough, but what are the challenges associated with managing compliance models for financial organisations? In our poll, we found 30% of financial services providers, the biggest challenge to managing compliance is getting timely access to critical data, while another 30% say the biggest hurdles are in understanding data policies, lineage and ownership across different divisions. Meanwhile, for 19% of organisations, the biggest challenge is using sustainable compliance to instill internal confidence and visibility around data quality rules and scores. Donnelly looks at some of the issues: “One of the main issues I see is a lack of common understanding of data policies, their lineage and ownership. “I think what helps is having a holistic view of that information. Ideally, it will all be within the same knowledge repository, the same easily accessible, one-stop shop. “Another issue off the back of that is that the information may live in different areas of a business – different Excel files or SharePoint instances. But having it within a central repository and marking it as approved or certified indicates that it is correct and valid. That seems to be a challenge for most organisations, but it’s a use case that can be resolved.” Nelson agrees: “Timely access to critical data is important. Many groups have data in silos and tried 15 years ago to bring that all together into a data lake, and what they found out is they created a data swamp. “A lot of larger financial institutions are broken down by lines of business. And each line of business owns its own data points and has access to it. But bringing that together and facilitating the cataloguing and business glossary of that data is proving very difficult to do.”
precisely.com
11
Graph how governing compliance is a team sport, reaching across a business
Governing compliance is a team sport
Achieving sustainable compliance
specific goals of each organisation,
“Once you pull that
is a goal for many businesses
the journey may begin at different
information together and
that want to utilise data to make
places. One critical step is
you’re able to score that,
intelligent decisions and better
integration, bringing data together
you also have to have a solid
serve customers – not just tick
from different silos and areas of
data quality process,” he adds.
the compliance box.
an organisation. Nelson says:
“You need to standardise,
“Integrating into mainframes,
normalise, and validate the
For Nelson, sustainable compliance
distributed systems and the cloud
information that’s there.
is a sign that an organisation has an
is certainly a requirement in modern
Then you need to be able to
holistic ‘data integrity’ approach.
ecosystems.” “You also need to have
utilise the data from multiple
“Financial institutions that are
a governance process, you have
sources to inform whatever it is
progressing most successfully are
visibility into what policies apply to
you, as a financial institution,
the ones leveraging compliance
what data, validate where the data
are trying to solve.” It is not only
data to support use cases to achieve
is coming from. You need to ask
historical data that financial
multiple goals or objectives
what the lineage and impact of the
services providers should be
across the organisation.”
data is on other business processes
looking to leverage either.
– and ensure your glossary terms
As Nelson notes, the impact of
Data integrity consists of multiple
are properly identified from multiple
location data can be incredibly
steps – and depending on the
data sources.
useful also.
Sustainable Compliance requires Data Intergrity
Graph details the ‘data integrity’ journey 12
precisely.com
“Understanding location is an
live in, and the lifestyle
with integrity. It is critically
opportunity to append information
they have.
important for financial
to customer information now.
services providers today.”
Birds of a feather flock together.
“At this point, you have
Understanding from a location
a well-rounded view of who
perspective where customers
your customer is, and you
reside, shop, or travel is important
can define the products and
Downstream use cases: implications of poor quality data
to providing financial services.
services that are best to offer
While the key implications of
them. You know the preferred
operating poor-quality data
“This is the next big thing that’s
channel of interaction with
are evident, whether it be
happening in the financial services.
a customer and the right
compliance failure,
Then it’s about enriching that
message to send.
subsequent financial penalties
information. It is understanding
and reputational damage
the type of car your customer
“Achieving this is a sign of
– the impacts of poor data use
drives, the type of home they
using data in the right way,
can extend to third parties too
– including audit teams and
that occur. So having the ability to
“This is because the ability for
advisory firms. Poor quality data
utilise data is critically important.
us to catch transactions that are
used by financial institutions
A lot of people will resent this,
needed to be caught is getting
can affect an entire ecosystem
but there are regulatory bodies
harder and harder as the amount
of partners. As Nelson puts it:
that are now enforcing the
of data that we have gets
“Everybody needs to use the data,
understanding of data.”
multiplied almost every day.”
programme is a necessity. If you
One such regulation is that enforced
This makes it all the more crucial
don’t, regulators are going to come
by the New York Department of
for financial services to employ
in and ask for information.”
Financial Services, which introduced
sustainable compliance models
Regulation 504 to mandate that
– to avoid harbouring bad players.
so a good data management
Advisory firms too, have created
data be used to review whether
businesses based on the inability
a transaction is compliant.
Nelson believes financial services providers “have to
of financial institutions to do “This is no longer a nice to have,”
be on board with regulators,
adds Nelson. “This is a must-
and IT and technology teams
Nelson adds: “It’s a triangular
have. Regulators are looking at
needs to understand the
opportunity between regulators,
organisations today, and the issue
ramifications of poor data
financial institutions and those that
they have is catching the fraudulent
downstream that can affect
are looking at the implications
transactions that need catching.
their line of business”.
things quickly.
14
precisely.com
Precisely: Adding value through sustainable compliance The impact of sustainable compliance models offers financial services providers is extensive. But what is the greatest value a sustainable compliance model can offer? Whether it is higher productivity with limited resources, greater confidence in understanding compliance requirements, minimised fines in return merchandise authorisation (RMA), or improving corporate reputation, the values are wide-reaching. Poll data suggests 44% of financial services providers see the greatest value in sustainable compliance coming from driving higher productivity with limited resources, while 33% say sustainable compliance offers greater confidence and understanding of risk. For Nelson, the greatest added value of implementing a sustainable compliance model depends on who you’re asking. “If you go to the C-suite, I think corporate brand and reputation are absolutely by far the number one values. “Whereas if you are looking at departments that can be fined and have matters requiring attention from a regulatory body, accountability is their number one priority. “But I would say that if you look at it as a whole, from the work Precisely has done over the past 18 years, it has to be greater confidence and understanding of risks when it comes to compliance requirements.”
To learn more about managing risk, regulation & data governance, see www.precisely.com
precisely.com
15
Precisely is the global leader in data integrity, providing accuracy and consistency in data for 12,000 customers in more than 100 countries, including 99 of the Fortune 100. Precisely’s data integration, data quality, data governance, location intelligence, and data enrichment products power better business decisions to create better outcomes. Learn more at www.precisely.com.
BizClik’s FinTech portfolio connects banking, financial services, payments, technology & consulting brands and their most senior executives with the latest FinTech trends, industry insight, and influential FinTech, InsurTech & Crypto projects as the world embraces CX, Business Transformation and Digital Ecosystems. FinTech Magazine and its entire portfolio is now an established and trusted voice on all things FinTech, engaging with a highly targeted audience of 113,000 global executives. We provide key industry players with the perfect platform to POWERED BY: showcase their brands, develop content syndication plans, webinars, white papers, demand generation as well as a global set of events (In-Person & Virtual). Learn more at www.fintechmagazine.com.