article banner

Adding value to data: offensive and defensive strategies

Nikhil Asthana Nikhil Asthana

Data is a valuable asset that provides business intelligence, improves compliance and creates new growth opportunities. Nikhil Asthana explains how to use data to reduce risk, streamline processes and add value.

All businesses rely on and generate vast amounts of data every day. It may be client data, market data, transaction data, financial data or operational data. This information supports every business process, influences every decision and underpins all client-facing activity. Getting the right processes in place to support these defensive data capabilities is a key priority. This includes the use of RegTech compliance solutions, where data and technology are leveraged to meet regulatory change obligations. Beyond defensive capabilities, offensive strategies, such as data monetisation, can actively add value through your data.

We take a look at how to balance these approaches so that your organisation can get the most out of its data.

Building defensive capabilities

Accurate, timely and complete data is vital for prudential risk management, conduct and financial crime monitoring. It’s also essential for compliant regulatory reporting, which has jumped to the top of many boards’ agendas due to the citing of poor regulatory reporting as a cause for a section 166 review. Additionally, senior managers are under increased scrutiny because of Senior Managers and Certification Regime (SM&CR) responsibilities for good quality regulatory returns and a focus on high-quality data.

In addition to getting data fundamentals in place, as outlined in previous articles in our series, a data-driven organisation needs to consider several key issues to maximise value and reduce risk. These five areas will help firms action their defensive data strategies, maintain regulatory compliance, establish effective controls and mitigate risks.

Data protection

Firms face ongoing challenges with GDPR (General Data Protection Regulation) compliance and wider data protection regulations, such as the Privacy and Communications Regulations (PECR). These rules also interact with other regulations, such as the second payment services directive. Optimising the data protection environment requires input from operations, marketing channels and communications, with clear responsibilities and accountabilities. It also demands proactive horizon-scanning and thematic risk assessments to support the data protection officer.

Risk data aggregation

Managing risk data is integral to effective controls and reporting. With a focus on governance, infrastructure, reporting capabilities, supervisory tools and inter-connectivity, principle-based regulations, such as BCBS 239 or Solvency II, seek to mitigate systematic prudential risk in the banking system. The broad remit of these regulations means they are continually being refined and re-assessed, which poses ongoing challenges for compliance, project management and running costs.

Data for regulatory reporting

Regulators need accurate, timely and consistent reports from financial institutions. Effective reporting relies on documentation and testing of procedures and assets, in addition to data governance, regulatory interpretations, data lineage, data quality, IT architecture, IT and data controls, and reconciliations. It also requires robust data execution processes, and independent assurance of management information.;

Big data

The ability to assess and interrogate big data is critical for combatting financial crime and fraud. This includes the use of external data sources and data signals from social media. It involves aggregating and analysing internal data, using external data (such as critical reference agencies or Companies House) and signal processing for artificial intelligence or machine learning. Anti-money laundering and know your customer requirements are complex and rely on good alignment of data management, channels, operations, policy and risk appetites across the first and second lines of defence.


The RegTech industry has matured significantly in the last few years. RegTech compliance solutions can be leveraged to solve a number of data-oriented regulatory challenges, which results in sustainable regulatory compliance, reduction in compliance cost, and timely, customer-friendly responses to regulatory obligations.

Building offensive capabilities

Getting the basics right is essential for building an offensive data strategy, as discussed in more detail in the second article of our series. Firms' general roadmap for offensive capabilities is very similar to the one they follow for their defensive capabilities. The destination, however, is to evolve from managing the data fundamentals to becoming a data-driven organisation that derives value and monetises data in a consistent, standardised and repeatable way.

Building data capabilities for offence


Developing the foundation blocks

Effective data management and governance processes underpin all offensive approaches, including robust chief data office or data capabilities, quality data and effective data lineage. Good data architecture and a robust strategy can help build the foundation blocks necessary to move to the next stage of data maturity. Firms can also make use of data management as a service to streamline operations.

Becoming a data-driven organisation

Firms are developing advanced data analytics and visualisation techniques, which combine data analytics software with in-house and specialist external expertise. This is leading to better data-driven decision-making at the senior management and board level. Many firms are also developing advanced data-led automation, especially around control automation. Sustainable success in this stage relies on solid foundation blocks.

Monetising and deriving value from data

The final stage in an offensive data approach is actively monetising the information and deriving value from it. Firms can draw on data labs to discover potential new data use cases that apply to machine learning, AI, or big data. Data platforms, and strategic alliances with external organisations, such as software vendors, data providers, academia and professional services firms, can help firms accelerate the execution of value-adding propositions.

Developing offensive and defensive data strategies

As a baseline, most firms are applying defensive uses of data for business intelligence and monitoring operations. Moving to an offensive data strategy requires more advanced capabilities and literacy, as well as effective risk management. Developing those skills in-house, or leveraging on-demand services, will help identify use cases and embed AI, machine learning and automation across the organisation. In addition to streamlined processes, this can use customer insights to develop new product lines and deliver services in a convenient and accessible way.

Contact us for more information on putting your defensive or offensive data strategy into practice.

Data transformation relies on good data management How data management best practice can support your business

Assessing your digital maturity model

Find out how to optimise your digital journey