Data Management in Banking – a guide
Banks and Financial institutes have invested significant time, money and resources into developing and managing anti-money laundering compliance programs.
Data management in banking is a hot risk topic. In this article we explain why it is critical and guide you through the basics…
A fundamental part of the solution of an AML program is the software used. It helps to analyse transactions, review customers, provide analytical and research capabilities to support the filing of suspicious activity reports (SARs) and identify suspicious risk activities.
AML compliance programs also need to know ‘who’ the customer is (KYC).
KYC is the activities performed by financial institutions to establish the identities, gain knowledge about the expected transaction activity, and risk rate its customers. Both of these critical processes rely on the quality and accessibility of data.
All of this activity means the data the institute has at its disposal has to be accurate and accessible. This particular point means institutes need to understand customer data (UCD).
Especially risk data.
UCD is not just about providing definitions and a breadth of understanding. It requires a deep understanding of the systems, data lineage, storage, and the way the data is utilised across different institute business processes.
This means AML professionals need to become proficient with understanding big data and its management. This is despite them already being under pressure and scrutiny from burgeoning risk requirements. Managing data is an extra layer of responsibility, adding another layer of complexity to an already difficult job.
The benefits of understanding and being able to make sense of data will make significant changes to the role of AML as the technology removes some of the heavy ‘checking/cross checking’ work.
AML teams need to be cross-functional (CFT). They need a grounded basis to understand all the elements of the business and specialisms in each stream. This includes data management.
Institutes need to create cross-functional AML teams.
The ideal approach is to create a big data governance system combining all four disciplines (KYC/UCD/SAR/CFT) – the cross-functional team, software application knowledge, knowledge of customers, and the ability to accurately report SARS.
Data governance is critical when viewed by regulators. They expect businesses to document and understand business lines and processes in a detailed and audit-able way.
They expect institutes to be able to accurately articulate business lines and processes to defend against Money Laundering, Terrorist Financing and Fraud.
Many institutes find big data governance daunting.
It is the elephant in the room.
Suspecting there is detailed information within their own data that outlines breaches of AML guidance, laws or regulations. It is fundamentally critical banks and financial institutes clearly outline their strategic intent and have threat and risk assessments that recognise this risk.
Then have operational objectives clearly laid out to mitigate those threats and define how the institute intends to deal with them.
- Managing data
- Protecting data
- Ensuring accuracy
- Understanding data
- Exploiting data
Data governance is a group of management and technical disciplines that ensure an institution has the right data available, at the right time and that the data is accurate and in the correct format required.
Technology enables the process, but it is specific business knowledge and context being applied to a set of information that really adds the value.
- Accurate Data
- Available at the right time
- In the right format
- For the right tasks
Technology platforms can enable to support data governance ( data quality monitoring, centralised data repositories).
AML leaders must work closely with front-line business process owners to ensure good ownership, definition and monitoring of data required for the AML programs.
The management of master and reference data can be enabled by technology, which helps to ensure uniformity and improve quality across data sets.
An example would be a customer with multiple accounts and conducting multiple types of transactions. The bank will have the customer name, transaction details and other identifying information appear in multiple records, across multiple systems managed by the technology to aid transaction monitoring.
The technology would ensure consolidation of the right data points to prevent duplicate alerts for the same customer. It cannot work effectively without this kind of maintenance of the information that is fed into it.
This is where data governance is fundamental to any AML program.
Contact us for more or read on below…
[contact-form-7 id=”61″ title=”Contact form 1″]
Challenges and Opportunities
The challenge for transaction monitoring is ensuring all reference points/attributes are captured and then monitored. Data should be sourced and analysed in a timely way.
It must be clearly understood by the team to ensure they can warrant the validity of rules and systems to support SAR decision making.
It is the rules specifically that can cause missed opportunities as binary decisions made can miss opportunities to exploit. This area is made more complex with legacy systems failing to ‘talk’ to each other and after merger or acquisition systems being incompatible.
Silo management of data, teams and even people, causes difficulties that can and should be overcome with properly aligned business strategy and operational plans.
Set aside the AML function, institutes not being able to interpret big data they already have can and will be negating exploitation of business opportunities.
A complete understanding of big data isn’t just knowing the data points. It is understanding the meta-data that explains what the data point actually is.
Understanding how the data is used in its current format and business line, business rules that govern it and how it is transformed in the business.
This needs to be understood across a business line through the whole enterprise. This is why it is fundamental AML teams have data managers in the team. To understand from inception to completion what data is available and its construct/use in the business.
A full audit of data management and use is needed by organisations to fully understand what they have at their disposal. To do this they need to ask;
- What system did the data come from and what up-front controls exist within those systems to protect the quality and fidelity of the data?
- Can the data be linked back to the first-line business processes to ensure that the right data elements are being leveraged for transaction monitoring?
- Is there data quality monitoring in place to flag issues such as incomplete transactional data or material changes in volume?
- Does similar data from different data sources actually mean the same thing throughout the business?
- An effective data governance program should provide the answers to each of these questions, and many more.
- To establish such a program and framework, financial institutions first need to overcome several typical challenges, listed below:
Typical UCD Challenges
Data quality gaps – Many systems capturing data for AML may not populate key elements uniformly (e.g., country of domicile, ISIN, counterparty) or may capture data in free-form or ‘hard to leverage’ formats. This limits the use of this data for high-volume transaction analysis and leads to false positives.
Lack of a centralised data dictionary and metadata – Many financial institutions do not have dedicated resources (people and processes) who can act to educate users on data changes and decide how best to harness the data. This data management is a key requirement in UCD.
Contact us for more or read on below…
[contact-form-7 id=”61″ title=”Contact form 1″]
Lack of understanding – As financial institutions grow and acquire and/or update data sources, the enterprise and AML data governance team may fail to take into account the impacts to various applications, resulting in ineffective data use.
Understanding the quality of the data requires not only knowledge of the technical lineage of the data, but also the business knowledge to understand how the data is used within key business processes and across the organization. This is one of the main reasons the AML compliance department needs to drive the effort to understand data.
Management silos – Larger institutes are plagued by gaps between departments. This can make effective data collaboration difficult, creates disparate data processes, leads to data duplication and multiple versions of data logic.
All of these issues make it difficult to centralise functions for AML compliance and result in ineffective AML data analysis. UCD will help integrate silos by answering important questions about the data quality – how it was created, what is its definition, where it is stored, how it is used across the organization and what business rules and standards have been applied to it.
Technological gaps and challenges – Institutions are inundated with structured and unstructured data. The volume is increasing exponentially. Without data repositories/warehouses to support integration, technology is unable to meet the business demands to integrate, process and sort this data in a timely way.
Businesses attempt to solve this through building data processes outside of IT. Frequently this can even mean human cross checking with the old fashioned ‘Sharpie’ pen. Unfortunately, this approach often exacerbates the problem.
Often these unsanctioned sources lack uniform master or reference data, may be using outdated, inaccurate information, or may not have data of sufficient granularity.
A solution for data management in banking
UCD is fundamental to any legitimate AML program. For too long banks have relied on legacy systems bolstered by ever growing costly human teams to cross check data and its quality and alerts in a never ending stream of false positives.
Without a properly structured data governance program, managed at the executive level as a tenet of the strategic threat assessment, the problems will only escalate as data becomes ever more pervasive. These basic tenets of UCD include:
- Defining common data across different products/lines of business to integrate it business wide.
- Enabled governance and management of master and reference data.
- Regulated business processes, controls and documentation.
- Full business/technical metadata to ensure clear tracking of data origin.
- Fundamental human resource who have accountability and responsibility for the management of data quality throughout the data life cycle.
- Build an effective Data Governance function.
- Enforce effective master and reference-data management programs.
It should be seen as a business strategic imperative that enforceable enterprise-wide data governance strategy and processes be implemented. This should enforce the break up of silos of data and functions and align data for integration.
Data ownership should be a board level sign off to ensure appropriate management and monitoring of data quality. Assigning ownership and responsibility for key data within the AML processes will help ensure continued compliance.
Indeed the management and accuracy of data should be an enterprise wide function owned by the compliance team.
A centralised repository for metadata is critical. Create a centralized repository for metadata. This will help to manage redundant and needless data and assist with privacy regulated data.
The repository will ensure all data streams have metadata applied to them to create a knowledge about the data and its use/accuracy/timeliness/type. This will funnel downstream consumption and lead to reduction in the total cost of ownership of various data sourcing applications.
Financial institutions are beset with new data and the ability to incorporate new ways of monitoring large volume of transactions and extract value from the data is critical to effectively managing AML programs.
It is important for institutions to maintain strong data governance as it allows institutions to transition easily to big data analytical platforms and tools through easier data integration.
AML teams should be asking the following questions:
- What data is available?
- What data is still needed?
- What processes do we want to support with data?
- How will we keep data updated?
- How will we respond to changing systems and technology across the organization?
- Where does AML compliance fit in the IT hierarchy?
- What is an acceptable level of data quality, and who is ultimately responsible for ensuring the data is delivered at that quality?
- What external data can help us?
- How can we integrate it?
- How is the data we use weighted, if at all?
- How do we grade data we use?
- What is its provenance?
By answering these questions, financial institutions will begin creating a solid foundation for data-driven AML compliance.
CYW Solutions are in the process of designing a new way to manage AML software and data management. We are seeking partners in this endeavour as we seek to help organisations overcome the elephant in the room and be confident their systems are correctly identifying money laundering and terrorist financing.
Our program has recruited 16 diverse specialists from the industry and externally. Crucially we have involved intelligence experts to create a system that isn’t driven by IT but aided by it.
The result will be a system that provides for the first time a truly comprehensive system to defeat the criminal. Accounting for internal and external cross matching of data to identify them in their action.
While we have systems deployed in banks that fail to spot even basic data checks like company dormancy while transacting, we as an industry cannot sleep well at night.
CYW aim to change the landscape from reaction to pro-action with data management in banking.