The Enterprise Data Management (EDM) Council has completed the core content of a Data Management Maturity (DMM) model aimed at helping financial services firms improve risk management and operational efficiency. The EDM Council expects the DMM to become an industry standard and suggests it could, in the long term, become a regulatory requirement for firms working in financial markets.
The EDM Council started to consider best practice data management in 2005 and soon discovered that the Carnegie Mellon University Software Engineering Institute (SEI), owner of the 20-year old Capability Maturity Model Integration (CMMI) methodology for software development process improvement that has become industry standard, was thinking along the same lines. A deal struck in 2009 to collaborate on a DMM model has now delivered a data management model that defines requirements for developing a data management strategy, implementing governance, managing data operations, improving data quality and integration data effectively into business processes.
The model also includes a standardised mechanism to measure data management capabilities against both business objectives and oversight requirements. To do this in a formal manner, the SEI and EDM Council, with funding from consultancy Booz Allen Hamilton, are developing a programme for training and certifying appraisers of data management capabilities.
While the DMM model has been jointly developed, the EDM Council has handed ownership of the model to the Carnegie Mellon University SEI, which is expected to make the model available as an open source tool on its website in September or October 2013. While the model will be free of charge to use, the SEI will charge to visit, appraise and certify organisations’ data management solutions against the model. Ahead of public release, the model has been made available to the EDM Council’s 110 global members. Their task is to use and challenge the model ahead of its completion next year. At the same time, the Carnegie Mellon University SEI is running pilot projects with the model at non-financial companies Lockheed Martin and Microsoft. About a dozen financial services firms are using the model to self-assess and identify weaknesses in their data management, while two regulators, the Securities and Exchange Commission and US Department of the Treasury, are testing the model in self-assessment projects.
Heather Wilson, chief data officer at Citi, a member of the EDM Council and a contributor to the model and early user, explains: “We were one of the first organisations to operationalise the model in the form of an assessment. We originally envisioned the model as a means to provide a measure of our data management capabilities in a structured manner. We’ve used it to identify the areas and priorities for improvement with the hope that it would become an industry standard. As the model has evolved, it has become a foundation element of all our data programmes, helping to bring alignment and an objective view on progress.”
Michael Atkin, managing director of the EDM Council, a non-profit trade association created by the financial industry to raise the profile of data management, says the DMM model is not prescriptive and instead sets objectives that can be filled as firms see fit provided they can prove implementation meets the objectives. “The model sets objectives not methods and its goal is an assessment model that certifies capability. Financial services institutions can be appraised and be given a capability rating,” he explains.
The model is structured across four areas covering strategy, essentially governance; operations, including workflows and requirements capture; IT, in terms of messaging and network connection; and data quality. In each of these areas are 18 processes and in each of these are 38 more granular dimensions of data management. Together, these build up to the objectives. Implementations are given competency ratings of one to five, the lowest rating being one and representing data management barely at project level, and the highest being five and representing best in class and continually improved data management. Atkin suggests the level three rating – enterprise wide and repeatable data management – is the current goal of many companies as they seek to muster data and meet transparency and risk management requirements set down in the Dodd-Frank Act and similar international directives such as Solvency II and Basle III.
“The EDM Council’s intention is to promote a global industry standard for data management. The industry has indicated it would like one to help evaluate issues such as operational risk and regulators have said there is a close relationship between risk appetite and data. Regulators are sending Matter Requiring Immediate Attention letters to firms about data, but the letters give no guidance on how firms can fix problems. We have worked with data management professionals to build a model that reflects what banks do and goes beyond regulatory expectations,” says Atkin. He concludes: “We think the DMM model is likely to become an industry standard and it would be a good idea if regulators adopted it as a regulatory requirement. They do talk about it, but there is a long distance between talking and doing.”