Data management is a topic that keeps coming up in the regulatory landscape - and for good reason.
In today's world, data is no longer just information; it's a proof-point, a strategic asset, and a justification to both stakeholders and regulators for all your business decisions. For banks, this is particularly important. As competition increases and regulatory expectations continue to grow, using reliable, high-quality data is key to successfully unlocking the power of your models and maintaining compliance.
This is increasingly significant in light of the Prudential Regulation Authority’s (PRA) model risk management principles for banks (CP6/22), which outlines an increased need for effective model risk management (MRM) practices and aims to raise the standard of MRM at UK firms.
The Role of Data Management in Model Risk Management
Having a robust data management framework is crucial to MRM as banks hold an abundance of data, and the models derived from these are often the backbone of decision-making for risk functions. The PRA expects “higher uncertainty” and model risk where firms have “complex data structures”, “low quality or unstructured data” and where “larger numbers of inter-related models and interconnected data structures and data sources” are used. So, to ensure the data used to build and validate risk models is accurate and reliable, firms must continually review their data and related systems and processes.
This review should begin with explicitly defining data ownership and quality responsibilities amongst your team. Then, you should undertake a collaborative effort with key stakeholders in order to assess whether the current data inputs and strategy support business needs. This is not only due to the importance of models in informing educated decisions, but also because “the quality and relevance of the data inputs” directly affect model risk, including factors such as proportionality, bias or representativeness.
Key Characteristics of a Robust Data Management Framework
To ensure your data is up to scratch for MRM, objectives for data collection, management, analysis, and reporting should be clearly identified and agreed upon by data and model users. You can then begin gathering all the necessary data and performance indicators used for modelling, including for development and validation. As the PRA outlines specific risks “stemming from the use of larger datasets, including alternative or unstructured data”, all such data should be organised under an enterprise view to guarantee insights are reconciled, consistent, explicable, and easily accessible. Whilst this can be complex (often due to data being derived from different sources and/or being hosted in various legacy systems), an enterprise view of data facilitates governance and management and will allow you to enhance the capabilities of your models, speed-up reporting processes and ensure your data is safe and secure.
As stated in the PRA’s Appendices to CP6/22 – Model risk management principles for banks, your firm’s data should be “representative of the underlying portfolios, products, assets, or customer base the model is intended to be used for”, “compliant with data privacy and other relevant data regulations”, and be identified and recorded in the model inventory. To maintain best practice, your data management framework should also contain certain characteristics, including - but not limited to - source to target lineage, metadata, a data dictionary, quality monitoring and incident management processes, and appropriate technologies and automated processing systems.
Banks must ensure that data quality is maintained throughout its lifecycle, from collection and storage to analysis and reporting. This requires establishing robust data governance processes to trace and verify the data used in models. Regular monitoring and assessments of the data quality and model performance will help you identify potential issues and take corrective action before they escalate.
Unlocking Opportunities with Effective Data Management
Banks use models for a variety of purposes, including credit risk, operational risk, market risk, stress testing, and more. But effective model risk management is not just about mitigating these risks, it’s also about unlocking new opportunities for your organisation to tap into. By regularly reviewing and improving your data, you can ensure the quality of your data sources and systems, grow confidence in the reliability of your models, and, thus, make better business decisions for your firm – all whilst keeping the regulator happy.