
The Australian Prudential Regulation Authority (APRA) yesterday provided an update on data quality. This update confirms APRA’s ongoing commitment to addressing data risk and its plans for achieving industry-wide uplift. In this article, I will delve into the significance of this update and its potential impact on the future of data governance and data regulations in Australia.
A Decade of Progress
Its been almost a decade since APRA released the prudential guidance guide CPG235 to uplift data risk practice’s with banks, superfunds insurance companies. In 2019, APRA initiated the 100 Critical Risk Data Elements (CRDE) Pilot, involving banks identifying their most critical data elements and enhance risk controls around them. A similar exercise was conducted in 2022 with life insurers and superannuation entities. Despite the progress made, APRA believes that gaps still remain in data practices which impacts resiliency of the industry.
Best Practices in Data Management
Through the CRDE Pilot and subsequent reviews, APRA has identified several best practices in data risk and data governance. These practices shed light on how organizations can better manage data:
- Enterprise-wide Data Programs: Successful data governance requires a unified approach that is consistently implemented and adopted by all business teams. Establishing a common definition for data and parameters ensures consistency and builds a solid control environment.
- Scalable Technology Strategies: APRA observed a shift towards modern data architectures such as data mesh, data hub, data lake house, and cloud storage. These technologies are better suited to meet complex business requirements. The focus is on improving the quality of source data and enhancing data architecture for better data linkage.
- Data as a Product: Organizations are moving towards treating data as a product, creating ready-to-use data sets with multiple controls to ensure data quality. This approach makes data more accessible for analysis, visualization, and reporting.
- Strategic Issue Resolution: Effective data governance includes resolving data issues strategically. This often requires commitment and time to deliver and fund strategic technology solutions while ensuring existing controls effectively mitigate risks.
- GRC Systems: Governance Risk and Compliance (GRC) systems play a critical role in understanding data maturity within entities. These systems provide a comprehensive view of data risk, helping identify areas for investment.
Six Considerations for Better Data Practices
APRA’s engagements with the industry highlighted six factors that businesses should consider when improving data management:
- Unified Data Strategy: Establish a unified data strategy for governance.
- Roles and Responsibilities: Clearly define ownership of critical data elements and processes across the data lifecycle.
- Simplify Technology and Data Architecture: Modernize platforms and decommission legacy assets.
- Identify Critical Data Elements: Create a consistent set of data controls.
- Monitor Data Quality: Establish mechanisms for monitoring data quality and timely error remediation.
- Integrate Data Management Risk: Integrate data management risk into overall risk management frameworks.
To drive industry-wide uplift of data practices, APRA intends to continue its focus on data risk management through CPS 230
The Future with CPS 230
APRA has recently released the final draft of Prudential Standard CPS 230 Operational Risk Management (CPS 230), representing a substantial step towards strengthening operational risk management within APRA-regulated entities. Notably, CPS 230 places a significant emphasis on managing data risk and the identification and management of critical data. This update confirms APRA’s commitment to advancing data risk management through CPS 230.
Implications for the Industry
The introduction of CPS 230 means that we can expect a heightened focus on data governance during its implementation. This includes identifying Critical Data Elements, documenting data lineage, and implementing data quality controls. While regulatory attention on data governance is undoubtedly a positive development, there is a pressing need for updated guidance from APRA. Practical guidance on implementation will be crucial for organisations navigating implementing this for the first time and will ensure a standardised approach across the industry.
In conclusion, Quality data is essential to boards, management, and businesses making informed, risk-based decisions, and facilitating faster and better insights. Organisation’s should take note of the best practices and considerations outlined in this update as they strive to enhance their data management practices and comply with evolving regulatory requirements.
If you have enjoyed our content please like and follow for more!
#datagovernance #datariskmanagement #datagoverned #dataregulations #datarisk