Achieving Regulatory Compliance – the devil is in the data

I will be sharing my experience and ideas on “Achieving Regulatory Compliance – the devil is in the data” at an IDQ Seminar Series event in Dublin next month.  I would like you to help me prepare.

I would like you to share your past experience with me, your ideas on the current situation, and most important, your view of the future.

Is Regulatory Compliance a mere box ticking execise?

What industry do you work in?

Is regulation increasing in your industry?

Is regulation merely a box ticking exercise?  Does the regulator simply accept what you say.

What role does data quality play?

What role does data governance play?

My initial thoughts are as follows:

  • Regulation is increasing across all industries
    e.g. Within Financial Services, the list includes:

    • SOLVENCY II
    • BASEL II
    • Anti Money Laundering AML
    • Anti Terrorist Financing AFT
    • Sarbanes Oxley SOX
    • MFID
  • Regulatory compliance is often seen as a box ticking exercise, since it is physically impossible for the regulator to check all the information provided.
  • Regulators will increasingly seek to challenge, audit and query the Data Governance processes used to gather the information, and critically the controls applied within those processes.  (I have written a series of posts on common Data Governance Issues – see Data Governance Issue Assessment Process)

I hope to write a number of posts expanding on the above ideas.  My argument is that “To achieve Regulatory Compliance, the devil is very definitely in the data, but the evidence is in the Data Governance process”.

Whether you agree, or disagree, I would like to hear from you.

Business is all about data

Technologies may come and go.  At the end of the day, business is all about data.

Take the banking industry:
Hundreds of years ago, banks had Customers, with Accounts, on which Transactions were recorded. Bankers knew their customers personally, and all details were recorded by hand in ledgers, using quills made from feathers. Over time, quills were replaced by fountain pens, and later by biros, to record customer, account and transaction details.

Fast forward to today:
Banks still have Customers, with Accounts, on which Transactions are recorded, only many, many more of them.   Financial Regulators require banks to “know your customer”, but it is physically impossibe for bankers to know their customers personally. Customers can now perform transactions via multiple channels, at the bank branch counter, over the internet, over the phone, using mobile devices.

Customer Relationship Management (CRM):
To provide their customers with the best service, banks have implemented “Customer Relationship Management” or CRM systems. CRM systems analyse data to identify situations when the bank may wish to contact the customer to offer additional services, or otherwise improve the service the bank provides to the customer.

Money Laundering, Fraud, Terrorist Financing:
Banks today face ever increasing risks of Money Laundering, Terrorist Financing and Fraud.  Regulators require banks to implement best practice Anti Money Laundering (AML) and Anti Terrorist Financing solutions.

Best practice solutions:
What is the common thread amongst the best practice AML solutions?  How do Anti Money Laundering solutions enable a bank to “Know your customer”?  How do Anti Money Laundering solutions identify Accounts that require investigation? How do Anti Money Laundering solutions identify “Suspicious Transactions” amongst the millions of transactions the bank processes daily?

The answer:
By analysing the data.  However, the data analysis must be targetted.  The analysis must seek out defined activity patterns, and then alert trained staff to the possibility of wrongdoing.   More sophisticed AML systems can identify transaction activity that is unusual for a given customer type, by performing “Peer Group Analysis”.   For “Peer Group Analysis” to work, a bank must be able to reliably distinguish between different customer types.   Distinguishing between different customer types is often more challenging than one would think…