The CDO and Data Governance

Lorraine WatersHSBC Group Deputy Chief Data Officer

RESTRICTED

2

Data Governance

Data Governance is less about the data and more about trust

RESTRICTED

3

The Maturity of Data Management

Intelligence

Trusted Information

Baseline data management capabilities to meet license to operate

requirements1.0 Initial

5.0 Optimised

RESTRICTED

3.0 Defined

4.0 Managed

2.0 Repeatable

4

The Opportunity if we look at it the other way around

RESTRICTED

Intelligence

Trusted Information

The return on data

Base level data management

5

Data as an asset

Data is an asset that has value

and should be managed and

measured accordingly throughout it’s lifecycle

RESTRICTED

ValidateAcquire Maintain Store Distribute Control

6

Data Governance – the Accountable Executives

RESTRICTED

Vision, Strategy,

Trust & Co-operation

People

Process

Technology

Data

CDOCOO

CTO / CIO

CRO

CEO

CFO

7

Good governance and risks and management

Corporate governance is the system by which companies are directed and controlled.

Accordingly, for good governance, including Data Governance, it involves ensuring that:

· there is a proper division of responsibilities between individual directors· that no one person has unfettered powers of decisions· that decision making is undertaken by those with the requisite skills and

expertise· that risks are identified and addressed· that the potential outcomes of decisions are well considered and

understood, and· that there are appropriate internal controls/checks and balances in place.

RESTRICTED

8

Data as a Risk

MARKET RISK

RESTRICTED

Wholesale Credit Risk

Operational Risk

Liquidity Risk

Reputational Risk

Compliance RiskDATA RISK ?

Country RiskInformation Security Risk

Financial Crime Risk

Fraud Risk

People Risk

Regulatory risk Technology Risk

Supplier or Third Party RiskLegal/litigation risk

Tax Risk

Retail Credit Risk

9

Whose role is it when considering business change…?

Operating Model

People

Process

Technology

Data

RESTRICTED

What about

the data?

• Opening a new business?• Closing a business?• Implementing a new system?• Demising an old system?• New country?• New channel?• New Risk?• Etc. etc.

10RESTRICTED

The three Operating Committees will:• Define & manage vision & data services within the domain• Define & manage metrics & data quality within the

domain• Identify issues/funding requests for approval by the

governance SC• Manage the portfolio of projects within the domain• Assign resources/manage prioritiesThe three Working Groups will:• Provide domain specific SME knowledge• Maintain issue logs • Agree data taxonomy, meta data, data ownership and

standards• Manage business requirements • Develop solutions for OC approval

The Governance Steering Committee will:• Deliver the vision and approve strategy• Deliver the Roadmap• Agree and set key principles for reference data

management• Manage overall budget and allocation• Major decision making and conflict resolution, including

prioritization• Ensure architectural and business process governance

facilitated by a new oversight forum

Specific project teams will:• Deliver specific projects• Raise issues/risks to projects SC and Stakeholder or

Operating Committees as required

Data Governance STC

Master Data Op-Co

Architecture governance/

Design authority

MDM Working Group

Reference Data Op-Co

RDM Working Group

Organisational Data Op-

Co

Org Working Group

10

Standard Example Financial Services Data Governance structure

11

Standard Example Financial Services Data Governance Roles and Responsibilities

RESTRICTED

Role Responsibility 

Data Owner (Accountable)

The role of a Data Owner is to be accountable for the data within their scope in their Division. All data sets must have a single designated point of ownership within a Division or Group Function. The owner is usually identified by being the person or function most concerned with the accuracy and availability of the data. (Typically FO, Sales, Finance or Risk)

Data Steward(Responsible)

The Data Steward manages the operational processes for a data set including sourcing, validation, exceptions management and distribution, ensuring that these processes adhere to the business requirements, data control standards and policies agreed with the Data Owner (typically Operations). 

Data Champion(or Data Guardian)

The Data Champion is the principle representative of a business function in the governance process who is responsible for disseminating within their area any relevant communications and decisions.The Data Owner may delegate authority or decision making to the Data Champion but this must be a documented and agreed delegation of authority e.g. Sales to Client On-boarding. Note: Accountability can never be delegated. 

Interested Parties(or Data Custodian)

Interested parties (typically Technology) have a vested interest in the ownership, sourcing, maintenance and distribution of a dataset. They do not own or act as stewards for the data but are kept informed of changes to policy or process. The interested parties may represent the interests of systems consuming the data governed by the Data Steward. 

Delegated Authority

Decision making authority can be delegated by any of the above but only where there is defined , agreed and reference-able details of what has been delegated by and to whom. Note: Accountability can never be delegated. 

Accountable Executive(CDO)

The named Accountable Executive is accountable at a Company, Business Unit or Divisional level to the Board and the Regulator for sign-off and compliance with a specified data set. 

The roles of Data Producers and Data Consumers and their responsibility for data quality are emerging – but not yet widely adopted.