Insight,

Quality data as an asset in the financial services sector - findings from APRA’s multi-year pilot study

14 December 2023

Our People
KWM Kinetic
Owl Advisory
AU | EN
Current site :    AU   |   EN
Australia
EN |
China
JP | ZH | EN |
China Hong Kong SAR
ZH | EN |
Japan
JP | ZH | EN |
Singapore
ZH | EN |
United States
EN |
Global
ZH | EN |

Tell me in 30 seconds

APRA has released its findings on data management practices in the financial services sector, the output of a multi-year pilot study with the industry. APRA’s report identifies examples of better data governance but also highlights areas for the improvement of data management practices.

Context

APRA has been proactive in developing guidance in relation to managing data and information security risks, including CPG 235 Managing Data RiskCPS 234 Information Security and CPS 230 Operational Resilience.

In 2019 and 2022, APRA’s 100 Critical Data Risk Elements (CDRE) Pilot program approached the financial services industry (banks, life insurers and superannuation funds) to understand their data management practices. Now APRA has released its report outlining the findings of the 100 CDRE Pilot Program, including key examples of better data practice as well as recommendations in relation to areas for attention and  continued improvement of data governance in the financial services industry.

How this impacts you

We recommend that APRA regulated entities:

  • review the data management practices identified by APRA as being examples of better practice, as well as the APRA identified areas for improvement;
  • review how their own data management practices compare against these; and
  • consider remediating any deficiencies.

Key Examples of Good Data Practice

APRA’s 100 CDRE Pilot highlights five key better data practice activities applicable to banks, insurers and superannuation trustees.

Enterprise-wide data programs that are consistently implemented and adopted by business teams

Entities with central coordination of data governance activities demonstrate consistent adoption and implementation of data practices across business teams.

Central coordination allows for the establishment of a common definition for data and its parameters. This, in turn, allows for data governance activities to be fully embedded in business teams’ business-as-usual processes. 
Technology strategies that are scalable and adaptable to changes in business requirements

Entities that are focused on multi-year, scalable technology strategies that can reliably carry data work forwards are better positioned for changes in technology and business requirements.

Better practice also involves a focus on improving the quality of source data and redesigning the data architecture to improve linkages between data points.

These entities tend to implement more resilient data and technology strategies. 
Improving data accessibility by offering ‘data as a product’

Utilisation of data domains that create ready-to-use data sets for access across an organisation allows for improved analysis, visualisation and reporting.  
Resolving data issues strategically

Ongoing and strategic mitigation of data risks through an effective issues management framework was better practice amongst program participants. 
Use of Governance Risk and Compliance (GRC) systems supporting data risk reporting enhancement

GRC systems play an important role in understanding data maturity within entities. An entity’s use of GRC systems ensures a comprehensive understanding of the health of a data environment which produces a clear picture of data risk. 

Improving Data Practices

APRA’s engagement with the financial services industry has highlighted six factors for businesses to consider when improving data management:

  1. Establish data governance with a unified data strategy.
  2. Provide clarity on roles and responsibilities for ownership of critical data elements and processes across the data lifecycle.
  3. Simplify the technology and data architecture environment through improved platform solutions and by decommissioning legacy assets.
  4. Identify critical data elements and create a consistent sent of data controls.
  5. Integrate data management risk into risk management frameworks. 

APRA’s Continued Focus on Data Risk Management

APRA will continue its focus on data risk management through CPS 230, noting that there is progress to be made by entities to effectively embed data frameworks. APRA considers that several gaps remain in data practices which impacts resiliency of the industry:

  • data practices are not consistently integrated into business-as-usual activities and are often being performed as an additional exercise which impacts efficiency;
  • entities have not consistently made the connection between enhancing data practices and better decision-making;
  • entities are struggling to quantify data inaccuracies across key reports, models, and scenarios, resulting in limited risk reduction;
  • improvements in data practices are not considering the full requirements of business end-users and solutions are not always fit for purpose, resulting in reduced ability to enhance the quality of reporting provided to senior leadership.

It is in the best interest of entities to streamline processes, increase automation of manual controls, and improve data quality.

Categories

MEET THE AUTHORS

SHOW MORESHOW LESS
LATEST THINKING
Insight
NTC Consultation Paper: Streamlining Rolling Stock Approval Processes
The National Transport Commission (NTC) have released a consultation paper for industry feedback as part of their review of existing rolling stock approval processes

14 May 2025

Insight
Under the Hood – Connected Vehicles & Australia’s Privacy Commissioner
Australians have long embraced technological innovation, and nowhere is this more apparent than on our roads. Vehicles that once operated in splendid isolation are now sophisticated, data-generating computers on wheels

13 May 2025

Insight
Reform Reflections: Understanding the Shift in Australia’s Industrial Landscape
The incumbent Australian Labor Party (ALP) has been re-elected to a second consecutive term in office. While all races are yet to be formally declared, the ALP is set to have more seats than at any point since its establishment, and will likely face a materially less fractured Senate, no longer having to rely on patching together support from a diverse group of independents in order to pass legislation.

12 May 2025

EXPLORE LATEST THINKING
OUR PEOPLE
LOCATIONS
MEDIA CENTRE
CAREERS
ABOUT US
Explore Our Expertise
Explore insights
Explore Our Insights

Advertising and Targeting Cookies