This week, JWG has published its finalised industry guidance on the maintenance of wholesale customer data, which was compiled by the industry think tank’s Customer Data Management Group (CDMG). Julia Sutton, who last year joined the Royal Bank of Canada (RBC) as a director of global reference data, explains to Reference Data Review that the industry guidance is aimed at providing senior managers with the ability to understand the issues surrounding customer data and to benchmark their practices.
“There are no excuses for not tackling customer data management, the fact that it is a hard process is not a good enough excuse any more,” says Sutton, who is part of the CDMG and in charge of heading RBC’s customer data management. “Regulation, increasing volumes and customer requirements are all factors driving the need for change and there is an increased sense of vulnerability at the senior management level about this data in a post-Lehman world.”
The CDMG’s seven recommendations are therefore ultimately aimed at enhancing the efficiency of the treatment of customer data by financial institutions. To this end, the guidance document details the issues, including reference processing and data modelling, faced by thousands of firms which all need to comply with 1000 pages of financial services regulation on to the treatment of customer data.
They comprise of considerations around: internal policy creation for customer data; governance and metrics around its maintenance; the underlying regulation-based data sets involved; risk-based categorisation; periodic review criteria; events that should trigger data updates; and benchmarks for evaluating data sources. These, in turn, are based on four building blocks for dealing with this data around monitoring, updating, checking and reporting, explains JWG CEO PJ Di Giammarino.
The discussions that led to the establishment of the CDMG sprang from JWG’s research on fixing customer data for MiFID in 2008, continues Di Giammarino. The process involved in drawing up the guidelines was lengthy (around 400 days) due to the requirement for all parties to agree on the best way to go forward and the group engaged the UK Financial Services Authority (FSA) in the discussions with a view to providing some degree of regulatory feedback.
“There are so many facets to the way customer data is used within financial institutions and lots of lenses to look through, such as regulatory reporting around anti-money laundering, KYC and liquidity, that the group decided to keep the recommendations as simple and as high level as possible. The definition of what good customer information looks like is fundamental to getting the supervision of the financial sector right,” he elaborates.
Compliance with the patchwork of customer data regulatory requirements that has developed over the last couple of years has been challenging due to the lack of industry benchmarks in this space, contends Di Giammarino. “The management of this data is typically manually intensive and cuts across a lot of internal silos, including the front office, operations, compliance, legal, risk and audit functions. This raised the issue of a need for benchmarks against which to determine a firm’s customer data management provisions’ suitability and appropriateness,” he says.
The recommendations can therefore be used as a management framework to deal with regulatory data requirements, according to JWG. The group’s work thus far has only considered the relevant rules introduced up to the end of 2008, but Di Giammarino indicates the guidance will be extended to cover 2009 and 2010 requirements.
Upcoming regulations on the radar in the UK in particular include the FSA’s Single Customer View (SCV), changes to the Capital Requirements Directive’s large exposures regime, living wills legislation, corporate governance changes, consolidated group reporting for AML and carbon reporting, to name just a few. “There are a total of eight currently live regulations incoming in the UK market and firms need to factor compliance with these into their data management systems,” warns Di Giammarino. “The carbon reporting requirement for example is something that many seem to be unaware of and it will require a significant amount of work for firms to track their ownership of sources of energy in order to produce consolidated carbon usage reports.”
Carbon reporting will require firms to declare their carbon footprint if they own more than 50% of energy providers, which at first seems to be a simple task, but will involve group wide tracking of this data. The consolidation of data across firms’ various legal entities and subsidiaries could prove to be a lengthy and challenging task. Moreover, firms could face criminal charges if they fail to do this work accurately; a significant factor for compulsion if ever there was one.
In the meantime, the CDMG seven recommendations comprise:
- Policy creation: firms should create an internal policy for maintaining wholesale customer data that is aligned with existing control policies.
- Governance and metrics: the maintenance policy should outline the operating model controls for selecting and managing the customer data set.
- Regulation-based data set: customer data sets should be defined in the maintenance policy and linked to regulations and legal requirements.
- Risk-based categorisation: customer data sets should be categorised and prioritised based on the nature, scale and complexity of the activities of the financial institution.
- Review criteria: the maintenance policy should define criteria, frequency and rigour for periodic reviews aligned with risk-based customer data categorisation.
- Triggered updates: the maintenance policy should outline the events that impact the regulation-based customer data set.
Evaluating sources: the maintenance policy should outline the minimum performance, quality and service level standards required to approve customer data sources as ‘fit for purpose’.