November 2020

Why risk data integrity is a ticking time bomb

By Keith Man, Head of Asia Pacific.

Increasing compliance requirements and turbulent markets mean that risk teams have never been busier. Confidently calculating a company’s exposure is critical, yet compiling and reconciling risk data is becoming increasingly complex as reporting requirements expand.

Data is at the heart of effective risk management but poor integrity, outdated platforms and inefficient processes can create inaccurate or incomplete information – a ticking time bomb that could cause major issues for an organisation. 

Risk management controls can be tighter, more nimble and more efficient if risk teams can confidently report on a single data truth, avoiding explosive issues stored up by poor data integrity. 

Owning the problem

Data may be the critical component in today’s risk function, yet risk teams are rarely the owners of the broad sets of complex data that they must compile and reconcile.

In order to make a confident risk assessment, teams must rely on data from disparate sources and systems or even territories, often in multiple file formats and of varying quality. Reporting is often done manually, from models running across inefficient spreadsheets to extracting information from platforms that are unable to split data or report simply against multiple metrics. 

The risk of basing reports on poor quality data and relying upon antiquated processes mean that issues aren’t picked up until final control points or, worse, when financial or compliance problems arise.

Covid19 has exacerbated the problem: operational data tasks reliant on manual work and sluggish spreadsheets are incompatible with the swift digitalisation of the workplace brought on by the pandemic.

At the same time, risk teams are tasked with ever-more frequent checks on the financial health of companies navigating rough economic waters.  

Data integrity is also on the regulators’ radar: Banks are under increasing pressure to improve their risk report quality. Despite investing time and effort putting in place strong governance frameworks and infrastructure, all major systemically important banks are still non-compliant with BCBS 239 regulation that expects them to both reconcile and validate risk data between systems for all risk metrics. 

Regardless of sector, while risk teams may not own the data, the growing need for continuous extraction and assimilation of reports – and the consequences of errors – is creating momentum to find new solutions.

Risk managers need to be able to process and reconcile data, deliver change and adapt to new data sources to achieve compliance and report with confidence, without lengthy or costly IT projects to build bespoke platforms that may not be future-proofed.

A single data truth

The primary barrier that most risk teams face is the inability to consolidate, cleanse and normalise the variety of data formats and types that pour into their systems.

Automation may already be used in some processes, but the patchwork of automated and manual work still creates an unhealthy margin for errors. Intelligent software is already addressing these challenges and delivering a ‘single data truth’ for risk professionals to report against.

Cloud-based solutions that handle any format of data make it simpler to consolidate all data into one system. Data can be cleansed at point of entry using intelligent technology and elements of machine learning, removing the risk of errors being thrown up downstream and negating the need for risky manual intervention.

Teams are then able to extract multiple data sets and report confidently against different metrics, speeding up processes and ensuring auditable trails. Rules and algorithms can be adapted easily as regulations and business requirements evolve, avoiding the need for lengthy change processes or costly IT upgrades.

This ‘single truth’ creates a tighter, more efficient approach to risk management, providing risk teams with the robust data integrity required to be fully in control of business risk.

From the consequences of under-estimating a company’s financial health to the financial and reputational cost of regulatory breaches and non-compliance, data integrity has become the ticking time bomb of business risk. Taking action to diffuse it must be a top priority.