The European Banking Authority’s (EBA) January 2020 report on the increasing use of Big Data and Advanced Analytics (BD&AA) in the banking sector provides guidance for banks on improving controls in their BD&AA implementation. The EBA is concerned that enthusiasm for these new techniques has led to piecemeal deployment in many organizations, without any overarching planned strategy or control, potentially putting companies at risk.
In its assessment, the EBA has found that BD&AA is in use across most EU banking institutions, and across all use cases – from business strategy to back office operations, from customer segmentation to risk management.
This fast-growing trend shows no sign of slowing down, representing a potential source of substantial risk for banks. The EBA has identified what they consider to be the four pillars of AA implementation: data, infrastructure, methodology and governance. Without a robust control framework and clear oversight over these pillars, they assert that reliance on any outcomes from the data produced might be problematic.
This report is a first step from the EBA towards greater supervision and control of how banks use BD&AA within their organization. While the EBA has reported on traditional regulatory risk models before, this is the first time that they have turned their attention to how models and analytics are controlled and governed more widely. The EBA wants banking management to be sufficiently aware of the risks and implications of BD&AA to enable them to take appropriate decisions. This report outlines initial guidance on how they could do that.
What has the report found?
The EBA’s research has found that BD&AA is in use across every facet of a bank’s operations:
BD&AA is, by its very nature, highly complex with a great degree of opacity around the methodology and algorithms used. This means that uncontrolled implementation across a business can lead to significant risks:
What does the report recommend?
The EBA wants banking management to take necessary steps to shore up the development, implementation and adoption of BD&AA. As the first of those steps, banks are expected to take a robust and cohesive approach across the four pillars which form the foundation of a solid BD&AA governance framework.
The EBA then wants banks to build on these foundations, using eight elements of trust as the principles for building a business case to plan their analytics program. This will ensure that an ‘trustworthy-by-design’ approach to BD&AA implementation is locked in from the outset. By connecting these elements of trust to the four pillars, the EBA has created a robust and exhaustive management framework which forms the starting point for industry-standard implementation.
What should banking institutions do now?
While the EBA guidance is not currently a directive, it is clear that the EBA wants institutions to act now to address the risks. Essentially, this is broadening the scope of model risk management within European banks to ensure the focus on analytics goes beyond traditional risk capital models.
Risk Dynamics believes that banks should take steps to implement a more robust BD&AA framework:
In our experience, effective implementation of an AA governance management framework depends on three key success factors:
1. Shape vision, prioritize and use a pilot for rapid engagement across the business – Develop a bold vision for the critical role that data and analytics play in the core business model; prioritise the sorting of ‘decisive’ and less critical use cases; gain an initial understanding of potential risks emerging from the highest priority use cases; start building engagement with other stakeholders
2. Engage across all levels of the organization – Involve the right stakeholders from an early stage to establish the foundations for a digital and analytic culture and ensure buy-in. Stakeholders involved in the pilot phase will become ambassadors to support more complex AA transformation. Choose the right organizational archetype and create right roles, structure and capabilities to nurture talent and ensure change transition
3. Leaders should pave the way – Gain commitment from the most aspirational, visionary leaders right from the start. Make sure that AA ambition is aligned with corporate strategy. Tailor communication with leaders to raise their awareness and engagement. Make sure they act as role models for change.
© RiskDynamics | Part of McKinsey & Company