Today Compliance Matters spoke to Andrew Joss, the head of financial services at Informatica, the data integration giant, about ways in which businesses can harness the data they are collecting to earn additional cash.

These benefits are both direct and indirect. Firms can use their data to improving the 'customer experience,' or help the sales process. Along the way, he explained why compliance is now a board-level topic of conversation, how exception reports differ from alerts, and why firms should handle compliance data in five crucial ways. This article takes the form of a question-and-answer session.

Q: What is a data integration specialist?

A: Let us go back in time. About 20 years ago, financial service firms were in essence pulling data out of different systems and welding it together to do compliance reporting. It was a very labour-intensive and time-consuming task. Banks and insurance companies, then as now, had dozens of different systems that worked in different ways and did not talk to one another. They were trying to extract it and put it in one place where they could do things with it. We now have some software to manage some or all of that. That's what we call data integration. It has nothing to do with artificial intelligence.

In really crude terms, I build sets of rules for the data. For example, I can work out, with the use of some clever software, how to standardise the way the 'date' field looks on all systems. Some things are a little more complex. We often encounter problems to do with telephone numbers. If the system we build encounters a likely telephone number, it can look at it to decide whether it really is a telephone number. Then we can get it to tell us whether the customer has given us a false telephone number by making the system discover whether it's a Nottingham number when it should be a London number, and whether such a number is possible in the UK.

The software we use also detects patterns and trends. It then allows you to automate the following of rules. If somebody breaks a rule, you get an alert. It's often easy to automate the detection of something that happens that goes outside the rules – perhaps a necessary email was not sent, or perhaps an indicator of fraud happened. This is something that needs action over a short period of time.

Exception reports are less pressing in their calls for action. These do not signify rule-breaches but figures deviating somewhat from the norm, or other things not being as they should be. The action that these things call for is not immediate.

Q: How did you come to be where you are today?

A: I have a degree in maths and statistics. I have been in software all my life. I went straight from college into a job helping to maintain software that was already up and running. I'm also a gadget freak.

Q: The boards of major financial institutions are talking more than ever about getting compliance right – what are they saying?

A: They're talking about a set of regulations from the Basel Committee for Banking Supervision that are called BCBS 239, which aim to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices. They have to look at that and interest themselves in it now as the compliance date for 'globally important systemic banks' is this month. On the subject of 'domestically important systemic banks,' a lower category whose deadline lies in the future, not every bank knows whether it will end up as one or not, which is bad for planning. We have also been receiving signals that if a bank is designated as a domestically important systemic bank, the deadlines for compliance could be three years out.

Senior leaders at banks and insurance companies – especially banks, because they are more heavily regulated – are also talking about the value of data. They want to get the best value out of it. Banks, especially, are now seeing data as a strategic asset. There is even a new type of job cropping up now - the job of chief data officer.

They are trying to maximise the value of the data they work with. I talked to the chief operating officer of an insurance company recently. He was saying that it was important to do things in compliance more efficiently, getting reports out faster, analysing things more quickly, doing it with fewer people - he was asking me all the usual questions about that. However, he was asking more about how he could use it to see his 'customer journey.'

Q: I hear that you have five top tips for handling compliance data. What are they?

A: Our experience tells us that a financial firm has to be able to do five things to find data, check its quality, aggregate it in one place and report on it in its efforts to comply with BCBS 239. It has to do the following.

• Be able to integrate data from any system and in any format.
• Be able to assess the data's quality and fix errors if required
• Be able to form a 'single, trusted view' of key data elements such as clients and counterparties.
• Be able to understand and track data from its source to its destination.Be able to have a trusted set of business and technical definitions of key data elements.
• It directly supports the development of new products, better ways of 'segmenting' [categorising] customers and markets, better marketing campaigns, better customer service, and better 'customer engagement projects.'

Q: Doesn't the Data Protection Act sometimes put a spanner in the works, with the restrictions it places on the ways in which firms can throw customers' information around?

A: We are aware of some bits of the Act. I was talking to an insurance business in Europe some time ago about pulling extraneous bits of data about customers together. Some countries have the Data Protection Act but they also have their own laws that forbid the exchange of some data. Most financial institutions are multinational and the more countries they cover, the more their problems mount – not exponentially, but considerably. Those financial institutions – especially banks – are the ones that have people who are on top of this problem, not us.

Q: Have you ever seen firms asking the regulator whether it likes the way they handle their data?

A: Board-level compliance officers do not consult their regulators about the right way to go about their IT projects; instead, they talk to them about the things that those regulators want to see done. These stipulations then go into the projects that we organise.

I was talking about the European Union's second Markets in Financial Instruments Directive or MiFID II to a banker a while ago. We were saying that becoming compliant is a different task from staying compliant. He, of course, wanted to automate everyting as much as possible, but he was also asking 'what else can we do with that data?' He wanted to know how to use the data in margin-generating opportunities or to promote 'shareholder value.' I told him that he could use it to see how he could build his financial products in a different way. I have never heard of a financial product that was generated by a set of compliance data, but you can use such data to 'decompose' a life insurance product with a view to putting the pieces together again differently – or together with other pieces.

A mere 18 months ago, a lot of financial service companies saw regulation as something to do as quickly and cheaply as possible. However, they are now realising that if you can use data to make you money, or make your operations more efficient, you can offset a portion of your compliance costs. You can't outweigh them, but you can offset them to some extent.

Q: What other observations have you made?

A: Here are five key things we have observed, as providers of data technology services to some of the globally important systemic banks. They should be of benefit to any domestically important systemic bank as well.

1. Banks can either treat BCBS239 as a necessary evil, spending the least time and effort possible to comply with it, or treat it as a journey and work hard to turn it to their advantage. Banks in the former category tend to approach a specific regulation as a project that has a definite end. If they do this, they will tend only to consider the needs of the project. I would argue that getting compliant is one challenge but staying compliant continually is a bigger one. Banks that look at compliance more like a never-ending process tend to take a longer view and search for other associated benefits they can achieve as part of the exercise.

2. Should the data project start with the data that the bank has or start with its requirements? For many banks, the data aggregation requirements for BCBS239 require the production of new datasets and new 'generated insights.' These datasets and insights are probably created from data from many business lines, so which originating sets of data are the right ones to be using for compliance? The only really effective way of tackling this is to start with a top-down definition of the key data entities on which the bank ought to report its compliance and then go looking for the physical data to populate these entities. If the actual data does not exist, the bank should cast about for ways to find it. If a bank starts with the data it has, this will restrict its view of opportunities for the wider use of the data.

3. Good data governance is crucial. Technology is useful here but not the be-all-and-end-all.

4. The range of skills and disciplines required to support any effort to comply with BCBS 239 is wide. It is now much more common to see people doing jobs that involve modelling businesses, modelling data, data architecture, technical architecture, enterprise architecture, 'data quality plus' business and 'technical delivery.' Before BCBS239, how often did the boards of banks discuss ‘data aggregation’? Not often, but they do now.

5. End-to-end visibility for the data that you are processing is vital. Many organisations find it hard to comply with the portion of BCBS239 that deals with business data lineage because they are divided into siloes and because of the kaleidoscope of IT systems used to solve many data processing problems, the continued reliance on spreadsheets for data manipulation and an absence of a universal set of business terms being used throughout all departments. The job of determining 'business data lineage' requires a holistic view of the way data should be managed, plus the removal of many bespoke or shadow systems that many business lines employ.

Organisations really must find out where their compliance data comes from and form strategies to help them keep a record of it, deploy it and manage both it and its associated metadata. Software can help here but it cannot see when a business line is using bespoke software (for example) built for its own use that masks the real source and manipulation of data. Compliance data has to be managed in an obvious way from source to destination, or there will be a risk-point in the data processing flow that somebody will have to understand in ever detail and be responsible for.

Q: What 'disruptive' new pieces of technology are relevant to banking?

A: I see them a great deal. The younger generation have web apps and use Twitter. There are lots of ways now in which our customers can communicate with us. I do everything online, on a mobile app. 'Digital transformation products' is a buzz-phrase that you hear on the boards of financial institutions now. Insurance companies are doing that.

Added to these, and with a slight bit of overlap, are customer-centricity projects. These involve the use of compliance data to understand what customers do and what they want their financial service provider to do. They can use Big Data to tell the project-managers about the journey they have been taking with the firms. Customer-centricity projects use data more intelligently and at a more granular level than before – for instance, they can use it to decide not to send a customer an advertisement for something that he has already. Or if he is looking at a loan, the firm can look at the data and ask how big that loan is and whether it might be, if it is a certain size, for a house. If he fits certain criteria according to the data, the firm could offer him something along those lines, such as a mortgage. It is a way of making the right offer at the right time. This is not done by our company's software, though – we provide the data and the financial firms have the analytical software.

Q: Is Informatica British?

A: No, it's owned by Americans. It has been around for 20 years and has been at the forefront of data integration. The Gartner Group – a well-respected firm that does industry analysis – considers the firm to be a leader in its field. We are in all the major national markets and many more and we have a very wide network of partners.

Q: How many financial firms have you serviced and what kind?

A: We have a mixture. Banks and insurance companies have the greater portion of our business. I don't go in and work out the data strategy after our salesmen have convinced a bank to use our services – the way I get engaged is that I go in before we've sold it to the customers. I get to understand their problems, whether they can use the data they gather for compliance purposes to upsell and cross-sell.

[NB GetElastic says that an upsell entails getting the customer to spend more money – perhaps buying a more expensive model of the same type of product, or adding features and/or warranties that relate to the product in question, while a cross-sell involves getting the customer to spend more money buy adding more products from categories other than the product being viewed or purchased.]