Every business activity uses or generates data. It’s involved in every customer interaction, every market opportunity, every compliance activity. As such, a coherent data strategy is vital for managing those information flows and turning them into a competitive advantage.
Driven by the firm's overarching goals and its technology approach, the data strategy typically consists of both defensive and offensive tactics to reduce risk, streamline operations, and generate value. With such far reach, there are many factors to consider when devising your data strategy, and it’s crucial to get the balance right. Key considerations include the market your business operates in, your regulatory profile, customer expectations, competitor behaviour and your supply chain.
But a data strategy on its own is not enough. The right capabilities must be in place to support a successful data strategy, making it sustainable and achievable in the long term.
We look at what makes an effective data strategy, and how to build the framework needed to action it.
Figure 1: Data strategy pyramid
Developing the data strategy is a board and executive-level priority. There are seven key steps to consider when developing or updating the strategy; it must also align to your wider organisational goals, your approach to technology, and the broader ecosystem in which you operate.
A data strategy must have a clear mission that aligns with the business strategy, technology strategy, business process and (increasingly) the digital transformation agenda. The fundamental question to answer is how customer, employee and supplier data will be used and for what purpose. These objectives must be measurable, with clear indicators of success.
A data vision statement describes what good looks like and outlines the target end-state for the short and medium-term. The vision must align with the firm’s values, core principles and strategic objectives.
Assessing the current data maturity level (as discussed in our previous article) will review data practices and the extent to which key principles and policies are embedded. It will also evaluate team engagement, data literacy, existing processes, risk controls, and their operating effectiveness.
The business case will outline the objectives and proposed supporting activity to achieve the data mission and vision. It will include specific details on business drivers, opportunities, threats, KPIs, resourcing and expected return on investment. There must be input in terms of opportunities and threats from a range of stakeholders, including heads of businesses lines and second-line functions such as risk, compliance or legal. An independent sounding board can also be useful for input on emerging threats and opportunities, which will help inform the business case.
A gap analysis will help identify the activities needed to move from the current state to realise the data vision. These activities may include actions for the Chief Data Officer (CDO) or data team, the executive committee, the technology team, second-line functions or individual business units.
Putting the data strategy into action demands a detailed data transformation plan, with clear timeframes, set milestones and KPIs for ongoing monitoring. Data strategy documents that look great on paper but which are not supported by actionable data transformation activity will ultimately result in failure.
Actioning the plan relies on clear responsibilities, accountabilities, consultation and informing relevant parties. This will make sure critical items do not fall between the cracks, and remove any confusion on who needs to do what, when, and for what purpose.
Without the underlying data capability a data strategy is really just a document. We take a look at the fundamentals of a framework that will help your data strategy become a reality.
An effective data policy sets the bar for best practice around data governance, ownership, privacy, and management. It must be accessible and relevant to everyone in the firm, offering practical guidance on data storage, retention, sharing, disposal, and handling. Governance and ownership responsibilities should be clear, with controls in place to manage data risk.
The data policy will align with cyber security practices, technology infrastructure, the cloud approach, regulatory, governance and risk policies. Data standards will be aligned to the policy with a focus on data management, governance, quality, reference data and architecture.
The data management function (or CDO in larger organisations) is expanding from a management and governance remit, to one of a value-adding business unit. It should have a broader scope to monetise information, apply data science techniques, develop customer-facing data platforms and build value-adding partnerships (to name a few). Attracting the right talent is vital. Early investment in the data management function can reduce risk and cost, resulting in value creation and generating a competitive edge.
Every stage in the data lifecycle, from creation to usage to erasure, will bring new risks for your data strategy that need careful oversight and management. Regulatory considerations include BCBS 239, GDPR and MiFID II, amongst others, with cyber risk being an ongoing concern. Data must be properly categorised and stored, with access and rights management closely monitored.
Firms face hefty fines for loss of personal data under GDPR, and reputational damage can reduce customer trust in the long term. Leaked proprietary information give competitors an advantage, while corrupt data can interfere with business as usual processes. Effective information security policies, combined with firm-wide cyber awareness programmes and training, can reduce the potential for data loss.
Senior buy-in is essential when considering how to leverage data across the organisation. The board will establish the data risk appetite, with senior management helping to embed accountabilities, risk management processes and best practice. Clear support from senior management will also empower the data function, ensure adequate investment and successfully integrate the data management function into the data strategy of the wider organisation.
Looking beyond policies, lifecycles and regulatory expectation, businesses and industry bodies are increasingly concerned with using data ethically. In addition to making sure use cases are ethical, applying them through automation and machine learning (ML) carry significant risks in the financial sector, with implications for fair treatment of customers, among others. In particular, creating ethical artificial intelligence is an ongoing challenge.
Used effectively, data can offer real-time business intelligence dashboards to gain greater insights into how the organisation operates. A mature data analytics model goes further than this and takes a more forward-looking approach, using data to predict and model future patterns and optimise expected outcomes. Both drive the decision-making process and must be based on consistent, good quality and reliable data.
While these tools have been around for a long time, there has been a boom in their adoption across the financial sector in recent years. They can automate essential tasks but need monitoring, with manual intervention at key control points, especially when used in decision-making processes. Machine learning and artificial intelligence activity must be explainable, repeatable, trustworthy, and ethical.
Embedding a data strategy across the organisation relies on the right data and technology architecture, with awareness programmes to upskill wider teams. This can include training on new tools to improve uptake and maximise their value, making sure people are using the tools for their intended purpose. Deriving value from data relies on a broad range of expertise across the enterprise, including technology, channels, cloud, change management, product and customer journey specialists.
Understanding the language of data, key terminology and essential principles will embed the data strategy across the business. Data literacy needs to span from the executive level to the customer-facing teams who are keying in the data in-branch or as a relationship manager. The importance of data, from collecting high-quality information at source through to appropriate usage, must be embedded with use cases and data stories to bring the impact and benefits to life. Data literacy also leads to greater analytics skills around assessing data outputs, leading to more informed decision-making.
When developing your data strategy, it is important to start by reviewing the data framework across the business. If these building blocks are not in place, it may lead to loss of investment, unrealised goals, and greater risk. Embedding best practice across the business, and developing data literacy, can improve engagement between the wider business and the CDO. In turn, this will support change programmes and help realise value-adding data strategies to create new opportunities for growth.