Data Governance in FIs: Intro to Data Governance

This blog series will focus on Data Governance in Financial Institutions. Our first post introduces data governance fundamentals. It will be followed by a discussion of root cause analysis, metadata, the five stages of data governance deployment, and a final blog that crafts a business case for data governance.

Today’s industry leaders recognize data among their top enterprise assets. According to Gartner, the leading global research firm, 20-25% of enterprise value is directly attributed to the quality of its data. However, Financial Institutions (FIs) often underutilize this key business driver by not establishing a formal data strategy.

Let’s look at some of the challenges to building a data strategy, opportunities for implementing a data strategy, critical components of a successful DG program, and the aspects of data that can be governed. We also want to discuss some potential consequences of poor DG implementation and the most important step to mitigate the risk of it occurring in a Financial Institution.

What is Data Governance?

Data Governance (DG) serves as the framework for defining the who, what, when, how, where and why of your formal data strategy. Through the collection of policies, roles, and processes, DG ensures the proper definition, management, and use of data towards achieving enterprise goals.

Challenges of Building a Data Strategy

Too often, the largest hindrance to building a data- and analytics-driven enterprise is the enterprise itself. For historical reasons, data tends to be siloed within internal business units, resulting in disparate collections of overlapping yet inconsistent data. Given that data is built and accumulated over time in various places in the organization, often via mergers and acquisitions, it can be difficult and time-consuming to gather and use the data.

Without a transparent view of enterprise-wide data, credible decision making becomes nearly impossible. More time is spent gathering and consolidating the data than analyzing it. The goal, then, of DG is to break down the silos in which data becomes segregated and foster a holistic approach towards managing common data. Common data creates a shared understanding of data information and is of paramount importance when sharing data between different systems and/or groups of people.

With the proper implementation of DG standards (data naming, quality, security, architecture, etc.), a firm can realize a variety of optimization-based benefits.

Data Strategy Opportunities

An enterprise that properly implements and executes DG creates opportunities for enhanced productivity.

For example, if an enterprise works with large data sets, having defined naming standards allows for data consistency across all commonly used domains (i.e., Customer, Transactions, Employee, etc.) within the enterprise. This results in increased productivity and a competitive advantage relative to other firms.

As DG improves operational efficiencies, FIs can expect increased customer satisfaction rates, attracting both a loyal following from current customers and new prospects.

Critical Components of a Successful Data Governance Program

FIs have a lot of information as part of their normal business processes so it may be difficult to identify what data needs to be governed.

It is important to note that not all data needs to be governed. There are two types of data that do not need DG: department-specific data and application data not needed for regulatory reporting or cross-department communication.

However, there are three key types of data that should be governed to provide reliable information that can be leveraged across all departments of the FI:

  • Strategic data is unique and usually created within the company, providing a competitive advantage to the firm. A few examples include data about customer insight, market insight, and risk models.
  • Critical data ‘materially affects’ most external reporting, risk management, and/or supports critical business functions. This includes financial data, supply chain data, and counterparty data.
  • Shared data is used in multiple business processes in which the definition, quality, and format needs to be synchronized. For example, customer data for marketing, customer service and sales, and counterparty data for risk management and pricing.

Critical Data Aspects

Beyond the data itself, there are multiple aspects of data that are critical to govern. A successful program will consider the following:


Data Ownership: The possession of and responsibility for information

Data Handling: Ensuring that research data is stored, archived or disposed of in a safe and secure manner

Data Allowable Values: Some data types let you specify that a property is restricted to a set of values

Meta Data: A set of data that describes and gives information about other data

Data Storing: The recording of information in a storage medium

Data Architecture: The structure of an organization’s logical and physical data assets and data management resources

Data Quality: The state of qualitative or quantitative pieces of information

Data Definitions: The origin of a field that references a data domain and determines the data type and the format of data entry

Data Reporting: Collecting and formatting raw information and translating it into a digestible format to assess business performance

Poor DG Consequences

A word of caution: There is such thing as poor DG implementation. If your program is poorly built, the enterprise will suffer.

Building inefficient processes, for example, can delay timelines for tasks like data retrieval and data analysis.

An inferior DG implementation may also create compliance issues. If the program is difficult to understand, enterprise employees may disregard your guidelines.

Overall, if DG is applied within internal silos, it cannot be optimized across the organization. The segregation of data that internal silos create needs to be broken down to achieve the goal of managing common data.

How to Mitigate Poor DG Risk

The entire FI must “buy in” to a DG program to be most effective. Without assistance from both data practices and business functions in the rollout of DG program initiatives, the program will likely fail. It is the responsibility of the business, IT, and internal operations facets to be fully engaged and coordinated within the implementation of DG program initiatives.

What’s Next?

Now that we have outlined what a successful Data Governance program includes, it is time to discuss Root Cause Analysis. Our next post in this series will discuss how to find root causes in FIs and recommend actions to solve problems that you may face when implementing a DG program.



“ELearningCurve.” Information & Data Management Courses & Certification Online, 

 Data Ownership, 

 Data Handling, 

 “Administering and Working with Oracle Enterprise Data Management Cloud.” Oracle Help Center, 24 Nov. 2021, 

 “Metadata.” Wikipedia, Wikimedia Foundation, 23 Dec. 2021, 

 “What Is Data Storage?” IBM, 

 Olavsrud, Thor, and Senior Writer. “What Is Data Architecture? A Framework for Managing Data.” CIO, 24 Jan. 2022,

 “What Is Data Quality? Definition and Faqs.” OmniSci,

 “Data Definitions.” IBM, 

 “What Is Data Reporting and Why It’s Important?” Sisense, 21 May 2021,


CECL Preparation: Documenting CECL

The CECL Standard requires more than just another update in the calculation of a financial institution’s (FI’s) allowance for credit losses; the new standard also pushes institutions to be more involved in the entire allowance process, especially on the management/executive level. From explanations, justifications and rationales to policies and procedures, the standard requires them all. The FI needs to discuss them, understand them, and document them.

The first point is to discuss all decisions that must be made regarding the CECL process. This includes everything from the definition of default to the justification of which methodology to use for which segment of the data. Although these discussions may be onerous, the CECL standard requires full understanding and completeness of all decisions. Once there is understanding, all decisions must be documented for regulation purposes:

CECL Topic 326-20-50-10: An entity shall provide information that enables a financial statement user to do the following:

  1. Understand management’s method for developing its allowance for credit losses.
  2. Understand the information that management used in developing its current estimate of expected credit losses.
  3. Understand the circumstances that caused changes to the allowance for credit losses, thereby affecting the related credit loss expense (or reversal) reported for the period.

CECL Topic 326-20-50-11: To meet the objectives in paragraph 326-20-50-10, an entity shall disclose all of the following by portfolio segment and major security type:

  1. A description of how expected loss estimates are developed
  2. A description of the entity’s accounting policies and methodology to estimate the allowance for credit losses, as well as discussion of the factors that influenced management’s current estimate of expected credit losses, including:
    • Past events
    • Current conditions
    • Reasonable and supportable forecasts about the future
  3. A discussion of risk characteristics relevant to each portfolio segment
  4. Etc.

Although these may seem like surprising jumps in requirements for CECL, these are simply more defined requirements than under existing ALLL guidance. Note that some of the general requirements under the existing guidance will remain relevant under CECL, such as:

  • “the need for institutions to appropriately support and document their allowance estimates”
  • the “…responsibility for developing, maintaining, and documenting a comprehensive, systematic, and consistently applied process for determining the amounts of the ACL and the provision for credit losses.”
  • the requirement “…that allowances be well documented, with clear explanations of the supporting analyses and rationale.”

As you can see, documentation is an important component of the CECL standard. While the documentation will, at least initially, require more effort to produce, it will also give the FI opportunity to fully understand the inner workings of their CECL process.

Lastly, advice to avoid some headache—take the time to document throughout the entire process of CECL. As my math professor always said, “the due date is not the do date.”


  1. FASB Accounting Standards Update, No. 2016-13, Financial Instruments – Credit Losses (Topic 326).
  2. Frequently Asked Questions on the New Accounting Standard on Financial Instruments – Credit Losses. FIL-20-2019. April 3, 2019.

Samantha Zerger, business analytics consultant with FRG, is skilled in technical writing. Since graduating from the North Carolina State University’s Financial Mathematics Master’s program in 2017 and joining FRG, she has taken on leadership roles in developing project documentation as well as improving internal documentation processes.

Five Easy Steps Toward Implementing the Fiduciary Rule

The Department of Labor’s fiduciary rule became effective in June with an implementation date that is now less than four months away. It is, of course, uncertain that the regulation will stay in place under the new administration. President-elect Trump has named Andrew Puzder as Labor Secretary, and he may wish to buy time to repeal the rule by deferring the implementation date. According to Barron’s, however, “delaying or repealing the rule could easily take a year or more.”[i]

Major financial services institutions have already made key decisions and launched the related systems, training, and client communications projects to meet the current April 10, 2017 deadline. Smaller banks may be less prepared.

We’re not qualified to offer legal or regulatory advice; if your company is affected by the new rule, we urge you to call in a compliance consultant. Nonetheless, as financial and operational risk managers, we’d like to offer a few practical suggestions to help you get started.

All firms that offer investment advice to retirement savers have to meet certain fundamental requirements by the implementation date:

  • Comply with the Impartial Conduct Standards set forth in the rule (act in the investor’s best interest, give no misleading information, and charge no more than reasonable compensation).
  • Notify investors that your institution and its advisors are acting as fiduciaries, and describe the firm’s conflicts of interest.
  • Appoint a person responsible for addressing conflicts of interest and ensuring compliance with the Impartial Conduct Standards.

The first step is to determine whether to continue offering commission-based products and services (Wells Fargo’s plan) or to convert to a fee-only basis (Merrill Lynch’s approach). This is a board-level decision, and the answer will depend upon such factors as the competitive environment and the bank’s ability to manage cultural as well technological and process changes under deadline pressure.

The second step is to appoint the person who will have ongoing responsibility for resolving conflicts of interest and monitoring advisors’ investment recommendations. In addition to technical competence, desirable qualities include strong communications and negotiating skills.

The third step is to assemble the project team that will analyze the business requirements and make any necessary changes to the firm’s document management, accounting, and client reporting systems.

A sound fourth step, in our view, is to confirm that your firm has current know-your-customer and suitability documentation for every client relationship. You can’t defend any investment recommendations without this information. Now is a good time to make sure it’s complete and up-to-date.

The fifth step can be initiated in parallel with the fourth one. It is to develop advisor training materials in two areas: how to explain “fiduciary status” to their clients, and what the Impartial Conduct Standards require of them.

If it remains in force, the fiduciary rule will massively change the financial services industry over the next few years. Certainly, it will squeeze the profitability of retail investment advisory services, and it may also foster the spread of robo-advising. In the short term, however, banks primarily face regulatory and operational risk, and hoping for a timely reprieve is not a prudent compliance strategy. These first five steps mitigate the risk of getting caught short as the implementation date approaches.

Philip Lawton, CFA, CIPM, is a guest blogger for Financial Risk Group.

[i] “Trump’s DOL Pick: Fiduciary Friend or Foe?” Barron’s, November 9, 2016.

Subscribe to our blog!