RegData in the Spotlight: Becoming future proof now

Rising to the Challenge Today

As discussed in our previous article, 'RegData in the Spotlight: Banks must be forward-looking’, banks are facing an evolving landscape of regulatory requirements surrounding their data management capabilities, posing consequential problems and challenges. In many cases, weak data capabilities result in the inability to meet strict regulatory compliance needs. More importantly, these weaknesses prevent banks from truly deriving value out of their data.

In this second article, we explain what the new expected requirements are, and detail how banks can best meet them to boost business value.

Recap: in Part 1, we identified the key and most pressing data management challenges that banks face as they seek to gain business value and comply with regulatory requirements.

What will the new wave of regulatory expectations around data look like, and how can banks rise to the challenge?

Future Regulatory Expectations

The next wave of supervisory requirements around data are expected to further challenge banks and their compliance journey. Financial institutions can expect an increase in the scope and intensity of requirements, an increased emphasis on data governance, and the continuation of principle-based regulations.

Increased Scope and Intensity of Regulatory Reach

Banks should expect a notable and intensified escalation in the scope and depth of regulatory oversight in the coming years. The increase in targeted reviews and On-Site Inspections (OSIs) between 2023-2025 will add more pressure for banks, and the intensity will not be limited to this period.

The scope of application of data regulations is expected to increase as new metrics and data points are added to the regulatory scope. A key example lies in climate risk and sustainability related indicators, where regulatory texts force banks to have mature aggregation and reporting capabilities to adequately manage their exposures to climate risk. Similarly, the scope of application of BCBS 239 will expand, with the European Central Bank (ECB) stating that the principles need to be expanded to all material risk types and reports.

As illustrated by the above model, we can expect a steeper journey towards meeting regulatory expectations as the scope of applicability increases. Financial institutions must be prepared for the intensified regulatory environment and navigate the higher scrutiny toward achieving and evidencing compliance.

Tightly Monitored Governance

Data governance forms the cornerstone of data management, as the frameworks, policies, and processes it establishes are crucial for the effective and secure use of data. Therefore, regulatory texts typically include strict requirements around data governance. For instance, BCBS 239 establishes a framework for robust governance of risk data, particularly around clear roles and responsibilities. Yet, banks still suffer from weak data governance frameworks and struggle to embed it effectively into day-to-day processes. Not only is this non-compliant with regulatory texts, but ultimately causes issues throughout the data chain that prevent organizations from deriving value from their data. Regulators will encourage banks to strengthen their governance by imposing requirements that target the weaknesses in their frameworks across two key pillars:

• Incentive Structures -- Appropriate incentive structures are expected by regulators on both board and operational levels. Regulators have recognized that by tying incentive structures to data governance, boards prioritize the implementation of sound data management practices . Linking incentives directly to data quality outcomes, for example, can ensure that the management board establishes and enforces practices that lead to accurate, timely and complete data throughout the organization. Aligning incentives with regulatory compliance may also encourage the management board to establish and strengthen data governance frameworks that meet regulatory requirements.
• Quantitative Management of Data Capabilities -- Banks need to quantitatively track their regulatory compliance and data management outcomes. Banks have typically found this challenging due to the complexity of their data environments and subjectivity in measurement. Objective KPIs provide a measurable way to demonstrate compliance with regulatory expectations, as well as identifying the inefficiencies in data-related processes. This further enables management board steering when progress deviates from the pre-defined roadmap.

Principle-Based Compliance Journey

Principle-based regulations in financial services are commonplace and expected to continue. For example, in mid-2023 the ECB published a guide outlining the BCBS 239 requirements to help banks meet supervisory expectations. While this guide provided details around supervisory expectations and showed some best practices, it failed to provide clarity on how to achieve the required compliance. The persistence of principle-based regulations means that banks will continue to face high pressure in designing and implementing their compliance journey. In fact, the high-level objectives stated in principle-based frameworks can lead to different interpretations of regulatory expectations, resulting in differences in how to comply. Given banks’ complex and interdependent data environment, these interpretation differences can make compliance challenging.

Benefits Beyond Compliance

Meeting these new requirements and supervisory expectations is an imperative for banks. Yet, the benefits that banks can attain transcend regulatory compliance. Implementing robust data management capabilities results in simplification, competitive advantages, cost minimization, and innovation and growth. Banks can benefit from higher business value and stay ahead of the regulatory compliance curve through robust data management.

Becoming Future Proof

At their current data capability level, banks will have difficulties meeting new regulatory expectations. Taking proactive measures will be a necessity to survive in the new regulatory landscape. Adopting robust standards around governance, and change management, are key elements to becoming future- proof.

Refocus Governance Models

The limitations in data governance banks face compels them to re-kindle their data governance models. They will need to develop and implement more comprehensive and robust governance frameworks so that policies, procedures, and ownership around data are correctly adopted. Two key elements must be incorporated into enhanced data governance frameworks:

• Incentive Structures: Data Management outcomes must be embedded in senior management’s objectives to ensure alignment and constant pursual of regulatory compliance and mature data capabilities.
• Quantitative Management: Setting and steering on objective KPIs around data management outcomes is critical for banks to address weaknesses throughout the data chain and evidence compliance.

Robust Change Management and Implementation

Banks’ compliance journeys have been thwarted by the lack of successful implementation of the deliverables that meet regulatory expectations. Change management has been poor, and overcoming the limitations will be paramount. Banks will need to critically improve on two key pillars:

• Cultural Shift in Change: Banks need to embed continuous improvement and optimization. Proactive change management must happen and be focused on attaining business value, rather than reactively pursuing compliance and avoiding regulatory sanctions. A key condition for this shift will be the alignment of management objectives with data management outcomes.
• Higher Speed of Execution: Banks will need to accelerate the pace of their digital, technology and data transformation programs. This will enable them to keep up with regulations, demand, and competition. To achieve this, investment must be directed towards attaining a skilled workforce able to drive change programs.