Skip to content
Search to learn about InterSystems products and solutions, career opportunities, and more. Results include content from our developer community, product documentation and education websites in addition to

The Risk Management and Regulatory Compliance Imperative

TABB Group

Developing a Defensive Data Strategy for Financial Services Firms

Regulators Have Upped Their Data Game

The risk management and regulatory compliance functions have compelled firms to prioritize investment in the efficient management of data over the last decade. Not only has the industry seen some of the highest data-related financial penalties on record for financial market participants, but regulators have also been increasing their own investment in data technology.

Global regulators are now better placed to interrogate everything from the data underlying regulatory reports to the inputs into risk management calculations. To this end, the US Commodity Futures Trading Commission (CFTC) formed a specialized Division of Data in October 2020 and appointed its own chief data officer (CDO) to better support its data investigation and analytics capabilities. In November 2020, the European Securities and Markets Authority (ESMA) indicated that data quality is one of its strategic supervisory priorities for 2021 and beyond.

ESMA, November 2020

The proof of the regulators’ increased data capabilities can be seen in their crackdown on financial institutions’ data quality infractions over the last 18 months. For example, the Office of the Comptroller of the Currency (OCC) fined Citigroup US$400 million in early October 2020 for deficiencies that were identified in its enterprise-wide risk management, compliance risk management, data governance, and internal controls. The OCC also issued a cease-and-desist order requiring the bank to improve the functions identified as lacking in its judgement, including improving its data quality management and data governance processes. Moreover, the Federal Reserve Board took a related action against the bank’s holding company, mandating that the corrective actions be carried out including:

US Federal Reserve Board judgement, October 2020

The magnitude of the fine and the mandated corrective actions are just one example of why many large financial institutions are concerned about their approach to risk and compliance data. Financial penalties are only the most visible impact of regulatory actions—the reputational hit and potential client and shareholder impact must also be considered. Negative press related to compliance or risk management failings can cause share prices to fall and result in difficult conversations with current clients as well as the loss of prospective clients to competitors.

The Heart of the Data Challenge

Functions such as risk management and regulatory reporting rely on high quality data from multiple sources across the business. The complexity of managing data across multiple silos and downstream systems cannot be overstated. As firms have grown, so too has their data and their technology debt—every merger or acquisition, every newly-launched business line adds to the complexity. There will always be another merger, acquisition, strategic change or regulatory challenge around the corner that creates another silo. Data managers must act as arbiters of truth in the data realm and ensure that risk management and compliance data requirements are being properly met in this regard. Data must not only be clean, accurate and current, it must also be fit-for-purpose and its lineage and provenance must be clear. If a regulator comes knocking, C-suite executives need to be able to answer questions about specific data items at a granular level.

The pace of data creation has increased significantly as more processes have become digital and firms have begun to expand their horizons, in particular with the usage of unstructured data sets. Data managers have to fight to manage this rising tide of data to ensure that risk and regulatory obligations are met, even as the priorities and requirements change from month to month. They have to figure out how to do more with fewer resources to manage the growing pool of data.

Validating, verifying and ensuring the accuracy of data is a significant undertaking for firms. This is an area where technology can be either a hindrance or an asset.

Developing a Defensive Data Strategy

Rather than being forced by regulatory and disciplinary actions to change, firms can proactively pre-empt data quality issues by investing in technology that will keep them compliant and ahead of the curve competitively. Most C-suite executives recognize that IT teams are already overburdened supporting both innovative and revenue-generating initiatives alongside business as usual, which means building new solutions from scratch is significantly challenging. Every compliance requirement or risk management market practice change means an increase in the workload for IT teams building custom systems.

Rather than attempting to rip and replace existing technology, forward-looking firms are incorporating modern, intelligent data management technologies that address these key challenges and enable them to achieve their goals for compliance and risk management purposes. The introduction of an integrated and consistent data layer—or data fabric—across a firm’s various technologies and data silos can unify data from across the enterprise, provide a unified semantic layer, facilitate real-time queries for regulatory reports or ad-hoc investigations and enable the accurate tracking of data lineage. It provides the ability not only to support regulatory reporting requirements, but liquidity reporting, model risk management reporting, and risk reporting requirements as well, complementing a firm's existing technology architecture and data assets. Alongside support for these current market practicalities, it provides firms with the agility to adapt to future regulatory compliance and business requirements. One other benefit is that such a layer enables executives to more easily spread the workload across a broader set of individuals by separating out the various responsibilities.

The global focus on governance has placed increased emphasis on C-suite executive responsibility for compliance and risk management outcomes, which means there is more pressure than ever on these leaders to be able to explain and defend their firm’s approach to meeting functional and regulatory requirements.

As previously noted, there will always be another regulatory requirement around the corner, and data silos and technology debt will continue to be a fact of life. Firms can’t wait until regulatory actions are taken to address the heart of the data challenges that plague risk and regulatory compliance support. Proactive defense against these problems will ensure they are competitively advantaged over their slower moving peers, all while meeting the myriad and changing requirements of industry regulation.

Learn more about smart data fabrics

This article was sponsored through a partnership with InterSystems

Tabb Group Logo

About TABB Group: TABB Group is a financial markets research and strategic advisory firm focused exclusively on capital markets. Founded in 2003 and based on the methodology of first-person knowledge, TABB Group analyzes and quantifies the investing value chain, from the fiduciary, investment manager and broker, to the exchange and custodian. Our goal is to help senior business leaders gain a truer understanding of financial market issues and trends so they can grow their businesses. The press regularly cites TABB Group members, and analysts routinely speak at industry conferences and gatherings. For more information about TABB Group, visit


Other Resources You Might Enjoy

Take The Next Step

We’d love to talk. Fill in some details and we’ll be in touch.
*Required Fields
Highlighted fields are required
*Required Fields
Highlighted fields are required
** By selecting yes, you give consent to be contacted for news, updates and other marketing purposes related to existing and future InterSystems products and events. In addition, you consent to your business contact information being entered into our CRM solution that is hosted in the United States, but maintained consistent with applicable data protection laws.