Home | Topics | Semantic Data Management

Data Governance for Risk Management

Printer-friendly versionPDF version


In a recent blog post, which has been very popular I must say, I went off on one of my "wax lyrical" rants about the sorry predicament of line management in banking today. If I refer my own twitter feed I must be one of the few people worldwide to offer a scrap of sympathy to that beleaguered community but fear not chaps I am on your side (if you want!?). My blog post on banking line management is here;-









The New Banking Transparency is inevitably DIY UPDATE

In it, I made these specific comments;-

muircealago"......the worst nightmare has actually occurred, worse than the mathematicians or the economists taking over the bank (which is beginning to happen) now Line Management have to implement software applications which produce numbers for new Rocket Science like reporting requirements which only specialized accountants, economists or statisticians might understand, right? So Line Management in Banking right now has to take advice from geeky experts talking gobbledygook about statistical significance, slide rule techniques for impaired assets or waterfalls. Line management has to implement new systems costing several millions in record time to meet reporting deadlines. Line Management has to take it on trust from these 'experts' who could well be accused of being so obsessed with their field that only the Murciélago will do, not only what the solution needs to be but what the requirement is, in the first place."  

I offered no conclusion to this challenge in that original blog post so here I would like to begin the process of an iterative discovery of what a solution might be. Let me just refocus the original context briefly. What we at asymptotix are advocating with our partners is that no particular software solution can solve all the risk management and transparency requirements which are being heaped upon the banking industry today. If you believe that there is an easy single vendor fix then you haven't done your home work and more to the point you are copping out. This Risk Management challenge is hard, the numbers make your head sore but that is no reason to give up and take the easy route out & buy the story from one single mega-vendor or one mega-SI ridiculously partnered with a mega-vendor who tells you that they will solve all your problems in a time frame and to a budget. They tried that before (pre-credit crunch) and failed spectacularly & if you read their noddy output they haven't learned a thing. May I also say that if you believe that you can build it all yourself from scratch the you are quite simply bonkers and must be "made of money" at the same time!

 The mega-vendors and the mega-SI's do not have sufficient competence with the requirement in sufficient depth within their organizations today and they know it. All they can offer is deeply crafted powerpoint and junior teams who will not stray far from the Product Management or Business Unit "strategic line" for the most part dictated from Chicago, a spargle field or a research park in New York state. Their inevitably "one size fits all" approach is archeological and down right dumb. Risk Management is just not as simple as that.


 The point of risk management is that it is essentially idiosyncratic but you have to understand it to see that, idiosyncrasy is not just an inevitable by-product of differentiation, it is the essential driver of business value in the financial services brand and thus it is that very idiosyncrasy (deviation from the norm, uniqueness) which the supervisor and regulator is trying to capture when he is monitoring the financial institution. That is why I have argued elsewhere that supervisory and regulatory engagement is paradigmatically game-theoretic;


They (the supervisor) are trying to regulate your uniqueness away and you are trying to innovate yourself beyond them, there is a time lag of indeterminate length during which you can cash-in super normal profits until the regulator (and the rest of the market) catches up with your latest innovation (Schumpeterian dynamics). If you want some evidence for the validity of this deconstruction then just take a look at the European Central Bank and the Committee of European Banking Supervisors finally agreeing to cooperate on the definitions of the classifications of their respective reporting systems. Well would you believe it? Finally!


Of course, I will argue that this is further evidence that the disciplines of econometrics and accounting are being slammed together like two little brothers in the garden being told to make up after a spat but I would argue that wouldn't I? See the initial blog reference op cit.. If I am right then this is the underlying reason why Risk management is so difficult, it sits on the border of both accounting and econometrics so it's going to take a special kind of weirdo to really understand it all.

Jose Murinho FerrariTHE SPECIAL ONE

But maybe that "special one" is not a human being, maybe it's a software application or a set of them. Essentially I suppose that is where my initial blog post was going. But since your Risk management process is so key to the manner in which you conduct business today (post credit crisis) and will be in the future, arguably moving from an irrelevant periphery to the very core of business operations today (since in cynical terms your risk management capability defines what you can get away with); can you really rely upon some giant lumbering, never completed, all encompassing, "one size fits all" approach to your problems? "Not on your Nelly"! Would be my advice Mr Board member and Mr CTO and if your line management recommend that lazy approach then I would ask them to think again.

Asymptotix believes that the solution architecture for the Risk management requirement of today requires "point solutions" which are "best of breed" integrated around a Risk mart or warehouse, think of the star schema paradigm. You need these best of breed cyborg solution engines because the software engineering in the tools is "best of breed" but also because the functional expertise of the companies which produce these packages is hundreds of man years old; they understand their specific niche of the challenge better than you ever will or in fact would want or need to, that is why you deploy them, that is what they are there for. Asymptotix is partnered with the two finest solutions to specific risk management problems today in that regard in Siag Risk Management and FRS Global; solutions upon which we have blogged extensively on this site.



This is what we call an agile / intelligent approach, there has been some thinking going on here. The challenge then becomes how do you as banking line management govern that data mart and these point solutions?


W e agreed above (did we not? And please comment if you disagree or indeed concur) that these smart engines (Siag and FRS) encapsulate a great deal of Intellectual Property which is "rocket science" from a day to day business as usual perspective. That rocket science IP is in the calculation techniques for sure which are thoroughly document as part of the product delivery but there is also a great deal of your business IP in the data structures and semantic definitions in the underlying databases which support the calculation objects in both FRSGlobal (strictly speaking RiskPro for calculation and Data Foundation) and in Siag (Price Manager and the Risk engines). From a practical perspective these tools will be supported by a Risk data mart which draws together appropriate data from disparate operational systems before feeding this 'On demand' to the Risk management toolsets. This Risk data mart cannot be regarded as a simple "Microsoft database" it's much more complex than that and it is a key information resource to the totality of the financial institution not only for supervisory and regulatory reporting but for the offices of the CRO and CFO; for control and tactical and strategic management as I have described recently in relation to Siag specifically, an argument which is equally applicable to FRSG.


The key process in successfully implementing such a toolset is of course the definition of the source and target data models, this in fact as I have advised a UK client recently, is where the real development IP is, since the VaR matrix (for example), sufficiently documented (as Siag is) is simply a calculation thereafter. Both FRS Global and Siag will answer the challenges in front of the CFO/CRO in the immediate term but longer term the outlook is for more and continuing historicisation of operating numbers to support the management process. The data set collected for specific risk management requirements is in itself for the most part meaningless, there are better numbers to track the bank right now but as time series that data set can develop to become meaningful and evolve into a crucial information resource applicable to more than just regulatory and supervisory reporting. So it is the data collection and specification process which itself is intrinsically valuable to the financial institution.


How do you get a handle on that information resource you are building? How do you govern it? Actually in the instance of Risk management, given my logic about cyborgs and rocket scientists how do you know that you know that your line management has a handle on it? You can't hire Professors of Economics and Accounting, even if you would want to! You have to automate the Data Governance process itself, there is no other way. Again, asymptotix believes that the answer to this governance challenge or logically prior, the answer to the understanding problem is not in human beings it is in advanced software. This is where asymptotix' partnership with Collibra fits into the Solution Architecture. Collibra is an enterprise software company facilitating business integration by defining business concepts in the business context. These business definitions drive and align underlying ICT systems to improve business / IT alignment and reduce complexity and costs. The Collibra solutions bring business and technical stakeholders together to govern Risk Management solution design. Collibra defines the demand-side of IT, which results in better implemented and integrated systems.


collibra logoData governance is an emerging discipline with an evolving definition. The discipline embodies a convergence of data quality, data management, business process management, and risk management surrounding the handling of data in an organization. Through data governance, organizations are looking to exercise positive control over the processes and methods to handle data. This evolving definition clearly emphasizes the combination of people, processes and technology. The Collibra Data Governance solution takes into account these key success factors. It starts by bringing business and technical stakeholders together to define the meaning of key business concepts from a business perspective. By adding more formal business facts and rules complying to the OMG's SBVR standard (Semantics for Business Vocabulary and Rules), an agile and ever-evolving semantic layer is created.

Asymptotix believes that integrating the Collibra toolsets into the Risk Data Mart development process and using Collibra to create governance processes and crucially semantic definitions of the Risk Management concepts in use in the specific financial institution automates away that key conundrum facing every financial institution today which is that the total complement of staff cannot be both professors of accounting and economics at the same time. The semantic layer created by Collibra becomes that repository of Risk Management IP which ensures that every one internally is on the same page and thus assures external stakeholders (supervisors etc) that the institution knows what it knows with a high epistemic coefficient. Arguably just as important, implementation of the Collibra semantic layer during the Risk management solution development process, ensures that the financial institution has one single version of the definition of each of the complex Risk management classes and that you are not calculating the same thing twice in a different manner.


John A Morrison Profile / email John

Short URL
Asymptotix on Twitter

Are the key legislative pillars such as Basel II & III, UCITS IV and Solvency II forcing you to re-examine how you identify, measure and manage risk and capital?

Asymptotix work closely with our partners to help clients develop a more proactive, systematic and integrated approach to governance and risk management to deliver proper value.

Asymptotix can offer the support you need to deliver on time. Read more...

Is the goal of your website to sell services or products, educate, or collect data?

A positive customer experience is vital to conversion, no matter what your conversion goals may be. Our designers and developers will create a positive experience to maximize your conversions and deliver the optimal return on your investment. We strive to find the perfect balance between the web site’s design and functionality.

Asymptotix implements interactive solutions for European companies. From corporate websites to social communities, our clients will tell you an investment in building a scalable online experience will deliver long-term tangible benefits.

Based in Luxembourg we can help you all over Europe. Our multi-lingual team can work with projects and speak your language! Read more...