Data is everywhere and so are regulations, so it is not surprising that the two are having quite a large impact on each other. While it is possible to have data without regulation and regulation without data, it’s unlikely to find one without the other in today’s highly-regulated data-orientated financial environment.
Whichever piece of financial regulation you take, be it Dodd-Frank, CCAR, Basel III or MiFID II, they are all inherently data centric.
Dodd-Frank was brought in to ensure transparency in record keeping and prevent a repeat of the financial meltdowns; CCAR relates to data quality, lineage and overall data management; MiFID II attempts to regulate data collection for commodity derivatives firms; while Basel II and III concern themselves respectively with quantifying operational, credit and market risk data, and capital requirements stress testing, market liquidity risk and the use of data to run ratios.
Then there’s tax regulation, such as the Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards (CRS), which relate to the sharing of data; Solvency II, which is similar to Basel, but is concerned specifically with EU insurance companies and the issue of capital requirements to reduce the risk of insolvency. There’s also European Market Infrastructure Regulation (EMIR), which relates to OTC derivatives, regulatory reporting and risk management and is heavily dependent on counterparty and trade data.
International Financial Reporting Standards (IFRS) is designed as a common global language for business affairs to ensure standards are maintained in accounting and financial data across international boundaries. Anti-money laundering (AML) and Know Your Customer (KYC) regulations both relate to data systems management, data quality and overall data management.
Add to that data privacy, with the EU Data Protection Regulation (GDPR) in the European Union, Personally Identifiable Information (PII) and Gramm-Leach-Bliley Act (GLBA) for credit related PII in the US, and similar versions of the same laws in other countries, it leaves no doubt as to the strong relationship between data and regulation.
However, despite the importance of all the above-mentioned data-related legislation, BCBS 239 is key.
Focused on risk data aggregation (RDA – to improve data sharing and finely tune risk management) and reporting, data quality, lineage, aggregation and infrastructure, BCBS 239 is the one case where instead of answering a specific question, organisations are being asked to prove that data governance has practical application.
In short, if you get BCBS 239 right, then all the other data governance should fall into place.
