Morgan Stanley, SocGen Shift Sight Line on Who's Accountable for Data

Some banks are no longer pointing the finger at technologists for the state of their data; more and more, the business professionals shoulder that blame. While firms are at different stages of maturity in their governance programs, some, like Morgan Stanley and Societe Generale, are altering the line of data accountability.

Morgan Stanley has spent the last year deploying a federated governance structure for managing data across its organization. The approach means that each business within the firm has both ownership and accountability for all the data it uses, taking the onus off the bank’s information technology teams. 

“I think there is a recognition that the business needs to take ownership and be held accountable,” said Kate Taylor, executive director of data governance at Morgan Stanley. “Historically, the technology [and IT teams] have been responsible for data and I think people are starting to understand why the business needs to play a role.”

Those using the data understand the data—this is the theory behind a distributed-accountability model. Each individual team, operating in their own section of a business, should have an intimate relationship with the data they use. Taylor believes it is those teams that are best equipped to understand the quality of the data, how it should be used, and what data controls should be applied. Morgan Stanley has a small central governance team that is tasked with ensuring those individual businesses are armed with the tools and analytics necessary for performing data exercises. 

“In my organization, we [the data governance team] don’t actually own or manage the data directly. We provide the capabilities, the tools, the visibility to where the organisation stands, and the ownership of the data and the actual day-to-day management of it is done out in the business areas—so in the in the front office, the middle office, and the back office,” Taylor said, who was speaking at the inaugural WatersTechnology Innovation Exchange.

But tooling alone is not enough. Many employees—including traders, risk managers, and back-office staff—will have to undergo training programs to learn how to use the governance solutions and educate themselves on their new data responsibilities.

“We are in the process of rolling out a more robust training and education program that is going to bring people into virtual classrooms today—[it will] bring them into the classroom and explain, not only how to use the tooling and how to follow the procedures, but help them understand what it is we’re trying to achieve, why it’s important to the business … what’s okay to delegate and what really should they be responsible for directly,” Taylor said.

During the same panel, Doris Brophy, managing director of data governance and standards at Societe Generale, echoed Taylor, saying that subject-matter experts and practitioners need to be held accountable for the data used in their own departments.

The notion, however, is easier said than done. Applying a federated approach requires a radical shift in thinking for any organization, Brophy said, as it asks business units to accept a new catalog of obligations and liability. In some cases, banks have developed central repositories for managing their data, often referred to as a golden source. These single sources of truth are underpinned by data and technology standards.

“You need to have your business dictionaries that define your business terms, your business metadata, and you need your technology dictionaries that define your technology metadata. It’s very important that there is a one-stop shop for people who want to use data—where they can go, [where] they can find it, and get permission to use it,” Brophy said.

Once the data is centralized, governance tools can be built on top. Examples of those solutions banks are considering are monitoring tools, data quality analytics, and entitlement controls, she added.

Privacy and Ethics

More than ever, data governance—and particularly, data privacy—is a hot topic. Since the enactment of progressive data privacy legislation—most notably the General Data Protection Regulation in Europe—banks and industry firms have had to re-evaluate the way they process and store personally identifiable information (PII), such as client data. Privacy rules are becoming an integral part of helping teams understand what they can and cannot do with data, said Taylor, and the rules outline the different classifications, including sensitive and non-sensitive information.

Crucial to the debate around data governance programs is data bias and ethical artificial intelligence. More than ever, financial firms are having to systematically apply ethical principles to the way they develop products and services. One driver for this has again been regulatory pressure. Global authorities have taken more progressive steps in the last two years to apply legislative frameworks and accountability to AI systems. For instance, the European Commission formed a High-Level Expert Group on AI in 2018, and in April 2019 they presented guidelines to companies on developing trustworthy AI. In late 2018, the Monetary Authority of Singapore (MAS) also published its own set of AI principles for the financial sector.

Keeping in lockstep with the trend, Morgan Stanley is considering ways to integrate an ethical doctrine into its data management processes. Taylor said that the bank is mulling critical questions on ethics internally, including: How can the bank ensure data is used appropriately? How does it ascertain whether the developers who are building the models are aware of their ethical responsibilities? How to identify and weed out data biases?

“I think it comes back to education—being really critical for both the population that owns the data, but also the population that is building the algorithms using that data—and [it is important] that the rules provided are taking all of those things into account,” Taylor said.