CPG 235 and Metadata Management
Clause 20 of CPG 235 states:
“In order to ensure that data risk management is not conducted in an ad hoc and fragmented manner, a regulated entity would typically adopt a systematic and formalised approach that ensures data risk is taken into consideration as part of its change management and business-as-usual processes.”
This directly implies that banks must ensure that all data risk is clearly and unambiguously defined and understood enterprise-wide so to enforce consistency and control to improve regulatory compliance. Metadata that is managed properly enables strong data risk impact capabilities, while a clearly defined and usable infrastructure allows banks to know that the data, they are looking at is accurate and precise.
This level of understanding cannot be achieved without a fit-for-purpose metadata management process and data lineage solution.
CPG 235 and Data Lineage
Data management and data lineage are critical to an organisations ability to fulfil the intent of CPG 235, the Australian Prudential Regulation Authority (APRA) specfically call out lineage as being a key requirement for Data Architecture.
“In order to ensure that data risk management is effective, it is important that a regulated entity:
(a) understands the nature and characteristics of the data used for business purposes;
(b) is able to assess the quality of the data;
(c) understands the flow of data and processing undertaken (i.e. data lineage); and
(d) understands the data risks and associated controls.”
“APRA envisages that the data architecture would normally align with a regulated entity’s established policies, standards and guidelines. An entity would normally maintain the data architecture as part of its change management, project management and system life-cycle processes. This includes controls to ensure alignment to the standards and guidelines embodied in the data architecture.”
These points highlight the importance of data lineage when it comes to a bank’s ability to track data. Data is created, manipulated and used, usually ending a report of some sort, traceability plays a vital role in assisting with data related decision making.
Visualised data lineage acts as the supporting documentation of risk reporting. It is a reference point where a bank will be able to prove the outcome of the report to both the regulator and senior management.
Solidatus for CPG 235
Documenting a highly complex, large financial institution can be difficult. Until recently, data has been moving unfettered, with no controls, through organisations. Regulatory reporting data may originate from an inappropriate source, it may have undergone an unauthorised modification or simply be incorrect. This data needs to be understood to the relevant and correct granularity for it to be of value and to comply with legal obligations.
Solidatus’ metadata management allows the user to apply an unlimited number of properties to describe, categorise and control their data within a model as required by the business, satisfying the need for a “bank (to) establish integrated data taxonomies and architecture across the banking group, which includes information on the characteristics of the data”.
Solidatus gives financial institutions the ability to gain valuable insight into their data landscape through visualised data lineage, showcasing how data flows through their organisation, tracking from source to target and maintaining a temporal, historical record of change. Through its collaborative crowdsourcing model, Solidatus allows for quick and effective enterprise-wide sharing of knowledge identifying where data is held, its categorisation and who has access to it.
This visualisation enables an organisation to easily share their CPG 235 data lineage in an interactive and dynamic format, allowing for greater transparency and control.