How Can Financial Services Firms Ensure Regulatory Compliance? – Leveraging Data Lineage

The sub-prime crisis of 2007–2008, which began in the US after the housing market crashed, ended up costing the world economy over $2 trillion and resulted in the fall of the ‘Lehman Brothers’, one of the world’s largest banks.  

It exposed the inability of financial organisations to assess and manage risks comprehensively, demonstrating the banks’ inability to provide a transparent assessment of the risks in the institution and manage these risks effectively. As a result, in January 2013, the Basel Committee on Banking Supervision issued BCBS-239. BCBS-239 chastised banks for not doing enough to mitigate risk and ensure regulatory compliance. 

In current times the COVID-19 pandemic’s human and economic consequences are still being felt throughout the world. While it is still early to know the long-term effects of these events, are the financial institutions in banking and capital markets, insurance, and asset management sectors prepared to handle challenges yet to be manifest, brought forth by the ‘new normal? 

Customer Trust Deficit in Financial Service Organisations 

Trust in financial services has been a critical problem since the sub-prime crisis. According to a YouGov survey, 66% of British citizens believe banks do not work in the best public interest, and 72% believe banks should have faced stricter penalties during the financial crisis. As a result, clients’ faith in the financial services businesses eroded, even though some financial firms were well-known brands with decades of customer relations.  

The onus of building back the lost customer trust lay on the financial firms.  

To rebuild client trust and promote confidence in financial services, regulators have acted swiftly and enacted measures to minimise risks through BCBS#239, GDPR, IFRS 9 and Solvency II regulatory frameworks, which mandate financial institutions to offer visibility into their risk and data aggregation procedures.

Financial Regulators Putting Greater Emphasis on Transparency

Today, regulatory agencies conduct in-depth examinations of financial institutions’ compliance and governance systems. The BCBS 239 and other international standards mandate financial service organisations to do back testing, reconcile source data, follow attestation criteria, and exhibit regulatory reports that include required data taxonomy. 

 IFRS 9 establishes the classification and measurement of financial assets and liabilities and the creation of contracts to buy or sell non-financial items like building, land, equipment, etc.  

Regulatory compliance requirements impose increased transparency obligations on businesses in terms of data tracking and auditing. Nowadays, financial companies must disclose hundreds of metrics to regulators, and these metrics are often produced by disparate systems, with the data flow from source to report often inadvertently left untraced and unrecorded.  

Most businesses lack comprehensive enterprise-wide data traceability and lineage strategy. Financial services firms usually fail to monitor data properly or lose track of specific data components within the broader flow. Many do not adequately document the data sources from which computations were made, nor do they track parameter or business rule changes. Thus, the entire contextual intelligence is often lost.

Data Lineage Leads To Effective Data Management

Data lineage is increasingly being employed to trace the path of data inside an organisation — where it began and how it evolved through time to reach its current condition. 

It can help understand where your data originates from, how it’s utilised, modified, and where it’s heading. This analysis can help organisations answer regulators’ queries.


Data Transformation Process


Take, for example, a request from a regulator for asset appraisal. It’s critical to know the asset’s entire evolutionary history of the data that led to its valuation. 

Data lineage is being enshrined in-laws and data quality standards, such as the European Central Bank’s (ECB) Targeted Review of Internal Models (TRIM), and this is all connected to the requirement for “traceability.”  

For example, suppose a financial business evaluates a particular asset at £55 million. In that case, it must explain why it is valued at that amount, how it arrived at that conclusion, and what data points it utilised. All this information, as well as others, must be kept on track. 

GDPR: An Additional Data Challenge for Financial Businesses 

Data privacy regulations, such as GDPR, are subjecting further pressure on every financial services company. GDPR, implemented in Europe in 2016, established a basis for data consent management and guarantees that consumers’ personal information is protected, correctly handled, and not abused for illicit marketing reasons. The GDPR allows the EU’s data protection authorities to levy fines of up to €20 million (roughly $2,372,000) or 4% of global turnover for the previous financial year, whichever is greater. 

The GDPR, which went into effect on May 18th, 2018, resulted in 68 fines across 20 European countries, with finance leading the way with 11 fines. 

Following the implementation of GDPR, Canada updated the Personal Information Protection and Electronic Documents Act (PIPEDA) to reflect GDPR’s criteria. The Consumer Privacy Act of 2018 was enacted in California (AB375). Thus, regulations further increased in the already heavily regulated financial industry.  

Implementing Data lineage can help financial services companies comply with these regulations, simplify the complexity of vast data, and gain visibility into the data’s flow. For example, under GDPR, if a firm’s client requests that their data be removed from the records, the financial services organisation must know where all and in what all forms the customer’s details were used and has ended up to ensure compliance. Firms can utilise data lineage to track where the client details originated, how the records evolved and moved and importantly, where all the data have been used inside the firm. 

The regulatory challenges for financial firms come from regulatory agencies and Financial Action Task Force (FATF). Under pressure from the Financial Action Task Force (FATF), national regulators are taking a firmer stance on anti-money laundering (AML), knowing your customer (KYC) and data privacy breaches, and paying greater attention to the quality of financial institutions’ data. Between January and November 2020, $10.4bn was levied in fines for violations of legislation relating to AML, KYC and data privacy, representing a 26% year-on-year increase.

Though data lineage is vital in achieving superior data management, the 2018 A-Team Group audience poll suggested data lineage is not mature, with 38% of respondents starting to build a solution, 28% in the planning stage, and 13% with a complete solution. 

Financial firms are sure to experience substantial regulatory and reputation risks if they choose to ignore adherence not only to compliance and regulations norms but also to exhibit artefacts in evidence as well. To meet these challenges, banks and other financial services firms will need to effectively implement two different aspects of data lineage: horizontal and vertical. 

Horizontal data lineage follows a piece of data as it flows from source to destination across the system. After being licenced by a financial institution, a data product contains content from a prospectus that is examined and possibly enhanced before being used in a report or business application. In this manner, horizontal data lineage efficiently follows a single piece of data’s path – often across systems and reports. 

Vertical data lineage, on the other hand, describes the transformations that happen to the data as it flows across the systems in the organisations. Vertical lineage tells if a field name, the format changed along the way, was it done on purpose, or did a system make the change and for what reason.  

Most financial services organisations do not completely comprehend the complexities of data lineage. Larger businesses are divided on what data lineage means. They are aware that their audit trail is broken inside a particular application, but they lack an overall view or the capacity to follow data throughout the organisation or adequately record it.  

At Elait, we help financial services, and banks map business lineage to technical lineage to give businesses a more technical view of data and better understand the relationships. At Elait, we enable business users to graphically represent data and data pipelines to meet regulatory compliance. We help enterprises construct a comprehensive Data Governance strategy to meet specific internal and external requirements to ensure reliable and accurate data for downstream processing that enables decision making. 

Data Lineage Case Study 

At Elait, we partnered with a large commercial bank to help set up Data Lineage to meet regulatory requirements as part of data governance implementation. We created graphical representations of the regulatory reports, which made providing explanations and justifications to the auditors easy, freeing businesses to focus & continue their Digital Transformation program. 

We helped the commercial bank ensure that all inherited data from multiple sources was accounted for and migrated and transformation rules captured. We assisted the client in gathering data lineage across the entire estate for the regulators and implementing a Governance strategy to allow future regulatory audits to be completed suitably.  Read the Case Study. 

Data Lineage & Business Intelligence 

Data lineage improves data management and quality, meets various reporting requirements, and debugging and data incident root cause analysis. It is crucial to reduce or eliminate inefficient processes, amplify data intelligence, reduce frauds and risks, and eliminate human and technical resource waste. We will discuss these aspects of Data Lineage in our subsequent articles. Do share your comments below. 

Case Studies

Creating Data Lineage To Meet Regulatory Requirements And Implement Data Governance

A major Financial Institution had a requirement to meet IFRS9 regulatory requirements to identify all data and transformations to data utilised for auditing purposes.


Leave a Reply

Subscribe to Our Newsletter

Recent Articles

Knowledge Center Article

Get in Touch