The European Banking Authority’s (EBA) January 2020 report on the increasing use  of Big Data and Advanced Analytics (BD&AA) in the banking sector provides guidance for banks on improving controls in their BD&AA implementation.

EBA report on Big Data and Advanced Analytics-1

ThEuropean Banking Authority’s (EBA) January 2020 report on the increasing use  of Big Data and Advanced Analytics (BD&AA) in the banking sector provides guidance for banks on improving controls in their BD&AA implementation. The EBA is concerned that enthusiasm for these new techniques has led to piecemeal deployment in many organizations, without any overarching planned strategy or control, potentially putting companies at risk.

In its assessment, the EBA has found that BD&AA is in use across most EU banking institutions, and across all use cases – from business strategy to back office operations, from customer segmentation to risk management. 

This fast-growing trend shows no sign of slowing down, representing a potential source of substantial risk for banks. The EBA has identified what they consider to be the four pillars of AA implementation: data, infrastructure, methodology and governance. Without a robust control framework and clear oversight over these pillars, they assert that reliance on any outcomes from the data produced might be problematic.

This report is a first step from the EBA towards greater supervision and control of how banks use BD&AA within their organization. While the EBA has reported on traditional regulatory risk models before, this is the first time that they have turned their attention to how models and analytics are controlled and governed more widely. The EBA wants banking management to be sufficiently aware of the risks and implications of BD&AA to enable them to take appropriate decisions. This report outlines initial guidance on how they could do that.

What has the report found? 

The EBA’s research has found that BD&AA is in use across every facet of a bank’s operations:

  • Risk management – Risk-scoring potential customers; detecting fraud in real time payment transactions; and streamlining Know Your Customer (KYC) processes
  • Market analysis – Analyzing sales, products and network marketing
  • Customer Insights – Using natural language processing (NLP) to assess customer phone calls for satisfaction levels and upselling potential
  • Customer interaction – Employing chatbots to resolve high volume administrative requests, enabling employees to focus on value-add interactions
  • People analytics – Harnessing AI/ML technology to forecast workloads and allocate resources efficiently
  • Internal processes – Automating back office procedures such as data cleaning, email classification and generating client conventions.

BD&AA is, by its very nature, highly complex with a great degree of opacity around the methodology and algorithms used. This means that uncontrolled implementation across a business can lead to significant risks:

  • Data protection & security – Large amounts of data coupled with poor and/or unavailable data sources
  • Model deterioration – Lack of regular testing cycles means that model failures may occur undetected
  • Model misuse – While typically not malicious, misuse can occur through lack of user training and failure to understand the strengths and limitations of the model in use
  • Failure to connect systems properly – Implementation of new models into legacy systems can lead to data protection and security risks
  • Increased reliance on 3rd parties –Limited expertise within the business to understand and control vendor models and systems.

What does the report recommend?

The EBA wants banking management to take necessary steps to shore up the development, implementation and adoption of BD&AA. As the first of those steps, banks are expected to take a robust and cohesive approach across the four pillars which form the foundation of a solid BD&AA governance framework.


EBA report content image 1

The EBA then wants banks to build on these foundations, using eight elements of trust as the principles for building a business case to plan their analytics program. This will ensure that an ‘trustworthy-by-design’ approach to BD&AA implementation is locked in from the outset. By connecting these elements of trust to the four pillars, the EBA has created a robust and exhaustive management framework which forms the starting point for industry-standard implementation.

EBA report content image 2

What should banking institutions do now?

While the EBA guidance is not currently a directive, it is clear that the EBA wants institutions to act now to address the risks. Essentially, this is broadening the scope of model risk management within European banks to ensure the focus on analytics goes beyond traditional risk capital models.

Risk Dynamics believes that banks should take steps to implement a more robust BD&AA framework:

  • Identify existing AA use cases – Banks should carry out an exhaustive inventory of models developed and in use right across their organization, and begin to raise awareness of potential risks among stakeholders
  • Establish a corporate level of ambition – Engage with senior management to demonstrate the current breadth of use cases, frame BD&AA aspirations and prioritize the landscape to balance features against expected benefits, the cost of ownership and risks introduced by Advanced Analytics
  • Design AA governance target state – Assess skillsets, delivery mechanisms, technology, data and controls across the 3 lines of defence. Design an AA framework that is proportionate to corporate ambition
  • Deploy and change – Ensure successful adoption of the newly defined framework: create a transitional operating model to build capabilities and lead change towards a new digital and analytics culture. Progressively deploy the model across the organization.

In our experience, effective implementation of an AA governance management framework depends on three key success factors:

1. Shape vision, prioritize and use a pilot for rapid engagement across the business – Develop a bold vision for the critical role that data and analytics play in the core business model; prioritise the sorting of ‘decisive’ and less critical use cases; gain an initial understanding of potential risks emerging from the highest priority use cases; start building engagement with other stakeholders

2. Engage across all levels of the organization – Involve the right stakeholders from an early stage to establish the foundations for a digital and analytic culture and ensure buy-in. Stakeholders involved in the pilot phase will become ambassadors to support more complex AA transformation. Choose the right organizational archetype and create right roles, structure and capabilities to nurture talent and ensure change transition

3. Leaders should pave the way – Gain commitment from the most aspirational, visionary leaders right from the start. Make sure that AA ambition is aligned with corporate strategy. Tailor communication with leaders to raise their awareness and engagement. Make sure they act as role models for change.