Correcting Past Wrongs – The Gold Standard In Financial Services Data Remediation
Many data remediation programs originate from an issue that is brought to light by a customer or group of customers. Often upon investigation, this gives rise to a slew of other issues that may have been impacting thousands of customers across several years.
The important thing is not to panic; in any emergency, take your own pulse first!
The impact of a data remediation program is most likely organisation-wide, but with the right planning, prioritisation methodology, experience and approach, reputational and investment damage can be minimised and negative impacts on customers can be reversed.
Based on experience, the level of dedication to fixing the issues, timely decision making, plus timely reporting on issue status, are all key features in achieving ‘the gold standard’ of data remediation.
In this article, I offer general advice and outline a number of principles behind making this happen:
Get the right departments involved
Be ready to uncover more problems
Implement remediation effectively
Avoid scope creep by bringing in the specialists
GET THE RIGHT DEPARTMENTS INVOLVED
First and foremost, remediation requires exact knowledge of business rules. This helps confirm that there is a data breakage, and usually requires collaboration between several departments including:
The legal department are needed for advice, potential updates to product disclosure statements and other documentation, plus to liaise with third parties, for example insurance providers, trustees etc.
RISK AND COMPLIANCE
Risk and compliance involvement typically advise and provide oversight, plus coordinate with various regulators.
Actuarial professionals are needed depending on severity or difficulty of calculations.
PROJECT MANAGEMENT OFFICE (PMO)
The PMO is responsible for coordination of business analysts and supply of project resources if needed.
At minimum, the investments business unit needs to be alerted, particularly if there are large cash flow implications impacting multiple customers or funds across several different investment classes.
Customer communications may be needed depending on the exposure, the nature of impact upon customers and reputational risk. The number of customers impacted, number of customer classes impacted and size of remediation in dollars all impact potential reputational risk. Updates to product disclosure statements and other organisational documentation may also be required.
CALL CENTRE STAFF
Education, training programs and call-centre scripts are often required. There may be cause for additional hiring to handle overflow calls (including calls from non-impacted members who have “heard from friends or relatives about a problem at x organisation” and want to know that they are safe).
BUSINESS ADMINISTRATION STAFF
Administration staff are needed to verify of business rules and validation of further payments or processes.
IT OR SYSTEMS STAFF
The IT team may be required to make system changes and/or configuration changes to address the issue. They also may be required to implement controls to minimise the risk of recurrence.
Testing staff are needed to test both data remediation and long-term system/configuration correction.
BE READY TO UNCOVER MORE PROBLEMS
Often in data remediation work, further investigation uncovers other issues. This investigation is complicated by issues extending across years, as customer status may have changed. For example, in the case of superannuation, members may have changed from the accumulation to retirement phase where adjustments may be more difficult, switches have been carried out (complicating the remediation), members may have exited and accounts may have been merged.
It is important to identify as many known issues as possible, so that entire scale of issues impacting each person are known. Identifying all issues impacting a customer allows for a single piece of tailored correspondence to the customer and allows any potential positive and negative errors for the customer to be netted off against each other when determining the final remediation amount.
IMPLEMENT REMEDIATION EFFECTIVELY
Identification of all potential issues impacting customers must be tracked according to severity, by issue, and by customers on the whole. The following five principles are critical to doing this well:
1. IMPLEMENT RECTIFICATION
Implement rectification procedures across payments so that, prior to customers exiting the institution or undergoing a change of state, manual intervention and calculation may be applied.
2. TRACK MANUAL RECTIFICATIONS
Track all manual adjustments made for such customers – otherwise, there is a risk that customers could be remediated more than once.
3. KEEP ALL PARTIES INFORMED (INCLUDING REGULATORY BODIES)
Liaise with all parties mentioned above and ensure various regulatory bodies are well-informed. Ensuring that the appropriate assessments are completed to determine whether the data errors have caused a breach is essential. If the breach is material, it is reportable to the relevant regulator (whether APRA or ASIC).
4. PRIORITISATION OF CONFIGURATION CHANGES
System/configuration changes should be undertaken as soon as possible to minimise the number of impacted members. This should be done on a prioritised basis, with prioritisation being determined based on various weighting criteria. For instance, number of impacted customers, total dollar impacts, reputational risk etc.
5. STRONG AND DIRECTED DECISION MAKING
Scope creep can be minimised through strong and directed decision making, and through good project management. Clear roles, responsibilities and timeframes need to be communicated to all parties including regulators. Discovery of further issues or new problems should be dealt with following the same methodology as other issues discovered (including prioritisation etc).
AVOID SCOPE CREEP BY BRINGING IN SPECIALISTS
Specialised data remediation teams should comprise professionals with expertise and/or knowledge across the various business areas mentioned above, who ideally have significant previous experience to help negotiate pitfalls.
Everyone involved must clearly understand procedures, such as prioritisation of issues, particularly in a large program of work. It is especially important for significant data remediation events to be calling in the best possible team; otherwise, scope creep and program costs may blow out and data problems could be compounded.
With the right planning, prioritisation methodology, experience and approach, data remediation can be achieved to a high standard. The effort will often produce invaluable learnings and inspire implementation of better controls. This means that, not only are error events less likely to occur, but the business is utilising data they can truly rely on to make important strategic decisions.
Stephen Mahoney – Executive Director
If your organisation needs assistance with data remediation and data quality management, QMV can help.
QMV have performed hundreds of data remediation projects. We utilise an innovative and flexible approach to assist clients identify and create visibility of data quality issues.
QMV’s extensive work in data quality management led to the development of Investigate our data quality software solution.
QMV provides independent advisory, consulting and technology to superannuation, wealth management, banking and insurance organisations.
Like what you see? Please subscribe to receive original QMV content!
You may also benefit from our free monthly pensions and superannuation regulatory updates.