The impact of the Chief Data Officer being brought into the Senior Managers Regime
04 April 2017
At the first anniversary of the Senior Managers Regime (SMR), many firms are reflecting on their population of Senior Managers. Some are particularly looking at whether the Chief Data Officer (CDO) or equivalent should join this group of individuals.
Data management has gained significant attention and investment from financial services over the past several years. Data is increasingly seen as the key enabler of regulation and regulatory reporting, as well as a driver for profitable growth, as it can identify new sources of revenue. Further, with the growing focus in maintaining customer confidence in data security and protection, many firms have created new structures and roles to support this. For example, some have established a comprehensive chief data office, with centralised data strategy and supporting data policies and standards. Given the importance of data, and its risk management to firms’ businesses, many see appointing the CDO as a Senior Manager as a next logical step.
So what would it mean to introduce a CDO into the Senior Managers population, or allocating data risk management responsibilities to existing Senior Managers? As the role of a CDO varies considerably from firm to firm, the first step would be understanding and defining the boundaries of responsibilities, with firms being very clear on how accountability works in practice. The exercise would need to span across the entire business including data governance, quality, integrity and security, as well as privacy, analytics and technology. For example, how would a firm articulate responsibility for the policies and procedures to counter the risk of financial crime, particularly cyber-crime? And how would the firm articulate the ‘hand-offs’ between different Senior Managers who rely on data to discharge their responsibilities? How would a firm measure how effective the data management and data quality controls actually are?
Any CDO appointed as a Senior Manager would need to be confident that they were taking reasonable steps to discharge their responsibilities. This might involve making changes to the organisational structure and reporting lines, or conducting deep dives into parts of the business they now have responsibility for. They would also need to consider how to tackle challenges of multiple business lines or entities that operate independently in terms of data and technology architecture. Joining the Senior Manager population could be an opportune time for the CDO to make bold decisions relating to governance, processes and controls in order to deliver the benefits of SMR. In many cases the CDO is not actually responsible for the data, but for the data management policy, the data governance and quality controls, and how the firm implements its data strategy. So how would the CDO be measured and be able to attest to how well data is managed across the business, when they are currently only partially responsible for this?
While firms don’t have to do anything at this stage, there does appear to be a move from regulators towards bringing individuals responsible for higher risk operational areas into the SMR. For example, the PRA recently proposed to introduce the Chief Operating Officer formally into the regime. So the question is, would your firm consider it appropriate to appoint your CDO as a Senior Manager and if so, what would the impact be?
To help answer this question, we are working with many of our clients to discuss this topic and will be hosting a forum in the near future. We would love to hear your views and welcome your participation with others in the industry.
To sign up and register your interest please click here.
Nick Bouch: Follow @nabrighthere