Posts Tagged ‘MBA’

Taking Care of Business

Tuesday, January 24th, 2012

By Mark P. Dangelo

Innovative Relevance

http://www.mortgagebankers.org/tools/FullStory.aspx?ArticleId=28527#full

Four years after the Great Financial Crisis of 2008, senior
banking officials are continually thrown under the bus as the new Robber Barons—just
as industry captains of old (e.g., Andrew Carnegie, John D. Rockefeller, and
Cornelius Vanderbilt).  History is once
again repeating itself.

The formerly revered and sometimes feared names of Lewis
(BofA), Mozilo (CWF), and Cayne (Bear Stearns) have been ushered out with scorn
and replaced by new leaders seeking vision, directions, and regulators approval—and
a way out of billions in litigation, claw backs, and fervent attorney generals.  Whichever side you take on the financial
collapse debate, constantly shifting politics within a presidential election
year continues to make it a very unpleasant time to be a banker, let alone a
financial institution with nervous investors.  Perhaps by 2015, we can find that elusive “next
curve”.

Moving forward and with increased certainty, financial
institutions, driven by a new patchwork of thorny, disjointed global regulations
including mandated annual stress tests, are turning historically venerated institutions
into ordinary public utilities with commodity offerings.  It is under the guise of safety, soundness,
and deep liquidity where hundreds of billions of investments will be spent on
new infrastructure (i.e., hardware, software, services, security, and networks),
policies, and processes to satisfy the next five to seven years of regulations.  Reminiscent of the go-go mid-1980’s
investments, the war on profit and loss will be waged with diverse technologies
and data efficiencies—not lending and trading. 

As a result of the games being played and the livelihoods
being lost, I for one am growing exceedingly tired of waiting for the next shoe
to drop and the pundits to finally get it right.  How many housing recovery plans have come and
gone in the last 48 months from every constituency—the Administration, Congress,
the Federal Reserve, industry associations, and consumer groups?  Whether some like it or not, it is past time
to get back to finance and banking business. 
Dialogue doesn’t pay the bills—discretely focused and measurable actions
will.  Let’s look at two key actions for
2012-2013.


Loan Origination System Excellence

In an extensive interview with industry mortgage veteran Keith
Kemph, Managing Partner, Shadow Point Consulting LLC, he highlights his 2012 strategy
and operational initiatives for profitable originators and their tightly-coupled
LOS needs.

Regarding the current state of the industry and an ability
to adapt, “One word that has become synonymous with the mortgage industry is
change.  Whether it’s a) change for the
good, b) change for the worse, c) change that helps move the industry forward,
or d) the recent changes we’ve seen that move our industry ‘backward’, today to
survive the new mortgage millennium mortgage bankers must be more ‘agile’.  Bottom line, a mortgage banker’s agility (or
lack thereof) will directly impact their bottom line (cost per loan / net
revenue per loan) and subsequent survival.  Agility is required at both the philosophical
and IT infrastructure level.”

To support changing requirements and industry paradigms, Mr.
Kemph states, “Before we can address how the pending regulatory and compliance
changes will need to be supported by technology providers in 2012 and 2013, we
first need to look inwardly and be certain our ‘business philosophy’ has
successfully made the transition from the traditional mortgage banker thought
process of ‘that’s how we’ve always done
it’ to ‘what do we need to do?’  Once mortgage bankers have successfully
adopted this new philosophical framework for evaluating their business
processes, policies and procedures they will be in a better position to
articulate what exactly they need from a process or technology standpoint.  Then the mortgage banker can then start asking
their respective technology providers and personnel to assist them
accordingly.”

When discussing existing operations and investments, “As it
stands today, a majority of mortgage bankers have already gone out and
purchased a new LOS at some point in the last three or four years.  Still other tech savvy mortgage bankers have
successfully patched together a fairly efficient set of processes that deliver
compliance.  Considering this and how
mortgage bankers will continue to operate on razor thin margins for the
foreseeable future, they will not be able to afford an initiative of uprooting
their existing technology and starting from scratch in order to meet changing
regulatory requirements.  Furthermore, mortgage
bankers are keenly aware that while each vendor offers various bells and
whistles, after all the hard work, time, money, and effort the mortgage banker
still holds the bag.  Loosely translated
this means that the mortgage banker still assumes 100% responsibility for their
‘loan decision’ on each and every loan regardless if the technology provider is
compliant, or not.  As a result, it’s no
wonder mortgage bankers are carefully evaluating risks versus costs when making
decisions surrounding technology investments.”

Mr. Kemph emphasizes, moving into the definition of and deployment
for business and consumer mandates, that “There will be growing demands within
the industry for LOS providers to offer more cost effective access for clients
to self manage their own LOS environments and platforms.  This will require technology providers to
become more organized and efficient in managing professional services, while
delivering technology in an agile architectural envelope which is both client
and vendor integration friendly.  Otherwise,
outsourced professional services, consulting firms, and 3rd party
vendor software services will see THE increased demand, as they help
organizations deliver maximum productivity and revenue using compliance as the
wrapper.  It’s my opinion that either by sheer
luck or a true strategic approach, firms and partnerships similar to Optimal
Blue, Secondary Interactive and Motivity Solutions, are fine examples of
organizations that may be ahead of the curve in this regard.“

So what should be done to guarantee investment returns?  Mr. Kemph concludes, “While technology
providers have historically played an important and significant role in helping
mortgage bankers to operate more efficiently, for the next two years they are
going to need to align themselves with vendor partners.  They must seek out best-in-class customer
service and low cost and high efficiency firms, who also provide easy access to
framework architectures at a reduced cost surrounding platform management.  Five years ago, the CEO of a leading mortgage
technology service provider privately stated, ‘It’s ok for our clients to put
pressure on us and dictate what they need – the pressure to reinvent ourselves
is a good thing for the industry.’”

As Mr. Kemph touched on above, the demand for technology to
business process integration will become a cornerstone and key competency of
any future banking strategy—that is they must be proactively linked to promote
the best fit at the least cost.


Transforming Business Process Management (BPM)

In transforming organizations using BPM, Pedro Fong,
Managing Principal, Innovative Relevance® directs his expertise against the
extensive adjustments and development of business processes needed to
efficiently orchetrates technology investments, data reuse, and operational
integrations.

For Mr. Fong, the remedies of prescriptive solutions are not
a panacea due to the complexity of legacy environments.  “Constant change seems to be the ‘new normal’
in our post mortgage meltdown economy. 
Yet, exactly what does that mean for BPM folks?  This new equilibrium can refer to a variety
of new business processes that have to be either reengineered or created from
scratch for a business to profitably operate. 
If you are lucky your business partners should have standard business
processes that were documented and instantiated within the organization well
before your arrival—or not.  Either way
businesses are going to need BPM expertise that can step up and help
organizations navigate through the different methods and techniques available
today to achieve their business needs. 
Unfortunately the answer of whether to BPM or not is ‘it depends’.  Moreover, BPM is not going to be a ‘silver
bullet’, but it can be a way for an organization to capture its thought
leadership and map out a strategy.  This
is an approach that can be communicated out on what the new normal means to the
organization and how it’s going to impact its operations and profitability.”

By selecting the right instrument for the task at hand, “Everyone
understands that simply deciding that you are going to ‘do’ BPM and purchasing
a tool, does not mean that your BPM approach will help you achieve your
business goals.  BPM at its core is
really a way for IT and the business partners to communicate through the use of
a ‘process tool’ or common language that will help their organizations become
better aligned to achieve their goals. 
Once aligned, IT and the business can focus on the people, process, and
technology changes required.  The
implementation of any new business process (will be read by the organization as
‘change’) whether it’s a small tweak, a process redesign, or the creation
processes to support a new business; they all have to be approached
methodically.”

If organizations reuse the same tactics and principles of
operation, they will fail.  So what
should be done?  “The ‘new normal’ is
challenging the FSI in ways that cannot be addressed with the same old
approaches and tools that banks have used in the past.  The banks that choose to dust off their old
approaches to meet these new challenges will at best continue to struggle or
worse fall by the wayside.  The new
normal requires FSI organizations to look at everything and rethink how they
will meet the challenges (e.g., new regulations, risk management, increase
profitability, consumer perception, and ever changing technologies) that are
being thrown at them at a high rate of speed and still run the bank as a for-profit-business.  Changes will continue to be lobbed at FSI for
the foreseeable future and banks will not have the luxury of implementing them
at the same slow and steady pace that they have been operating in the past—as
new regulations now number in the dozens per week.”

By internalizing nimble, compartmentalized building block business
processes, “Only the process savvy, agile organizations will be able to keep
pace with changes as they sweep across their FMBO’s (i.e., front, middle and
back office).  These organizations will
not only know their business but they will know how all the processes are
wired, what processes are shared across business units, the data that is being
passed through each point in the process, how that data is used, how fresh or
accurate the data is—where else should they be leveraging that data to support
other business processes?  Banks will
need expertise to identify how to interconnect their current vertical stove
pipe business units to create a more efficient and profitable
organization.  Understanding how to
maximize existing business processes is going to be a key starting point for
all of the banks.  Nonetheless,
understanding how to successfully implement those new business processes will
determine which ones will be the leaders and which will just be running with
the pack—or not at all.”

* * * * * * * *

The need for solid directions cannot be underestimated for
this coming year.  With a projected
recession for the second half of 2012 spurred by EU crisis after crisis, and underpinned
by the realization of why a $1 trillion IMF fund is needed to deal with lending
demands, it is clear that business as usual or a return to normal is a
mirage.  The deployment of new structured
products (e.g., US covered bonds, non-GSE MBS’s) and robust secondary markets
(for liquidity, risks and pricing transparency) are also a critical aspect that
many domestic corporations have yet to appreciate, let alone create plans for
implementation.

Moreover with foreclosures now projected to be greater than
1.5 million in addition to the hidden REO stealth inventories for 2012, the
downward pricing on housing even without the prospect of rising energy
pressures (e.g., gasoline > $5 gallon) will not allow the market to find a
new equilibrium.  With consumers once
again diving into savings to support the recovery, the market’s ability to
reach origination and refinancing volumes equal to just two short years ago may
take another five or seven years to reach.

The need to get back to business has never been greater.  Very little of the past is a guide for the
future as the forecasts continue to be wrong. 
To deal with the vast uncertainty of consumers, markets, and
politicians, technology and data must be the cornerstones for critical
transformational actions.  Taking care of
business has to start with LOS excellence, BPM, and the downstream needs that
are tightly-coupled with every new, non-government backed structured
product.  The realization of lead,
follow, or get out-of-the-way has never had great resonance.

 

Tags: , , , , , , , , , , ,
Posted in Analytics | Comments Off

In Times of Renewal, Everything has Value – Not Everyone Sees It

Tuesday, May 18th, 2010

By Mark P. Dangelo

www.Innovative-Relevance.com

As everyone is busy digesting and commenting on financial regulatory reform, a new crisis is quietly unfolding.  Alongside markets, consumers, and investors demanding “different” behaviors, the operational “glue” that binds organizational and system interactions is rapidly losing its adhesion.  The rules of success and organizational profitability are permanently changing, and our trusted and certified systems built with precious CAPEX are losing their efficacy.

“How can this be?” is the typical response, “We measure everything!”  Although, if we examine historical organizational results or performance and project the KPI’s (key performance indicators) forward over the next 18 months, will we be so steadfast in our assertions?  Are the business case justifications and future relevancy for technology driven business solutions still relevant?  Do we have the blueprints or even the architectural frameworks, which secure operational capability to construct new products, deliver bespoke services, or even meet future compliance mandates?

Like many organizations examining their future, the relevancy of existing business processes touching people and systems, across all pillars of finance and mortgage innovation, is fast becoming a competitive liability.  Hemmed in by legacy systems, inadequate governance practices, n-1 generation skill sets, market and organizational transformation, inherited business processes have become arcane and expensive to maintain. 

It appears that an idea of “rigorous self examination[i]” within finance and mortgage groups (FMG) should not be limited to just Goldman Sachs.

Not Everyone Sees It

So, what do all the challenges mean for finance and mortgage organizational renewal at a time when budgets are thin and survivability a top corporate goal?  Is there a proven, universal approach that can be positively utilized for short-term gains with “long-tail” benefits?  How will CAR’s (i.e., challenges, actions, and results) be orchestrated, and more importantly, when will they hit the bottom line? 

However, you may be surprised to learn that hidden within our own organizations’ often resides the answer, the framework, and the (iterative and incremental) approach – business process management or BPM.  BPM is frequently practiced, but not always seen, let alone understood.  Additionally, some believe that BPM is merely a series of disciplines and technologies cobbled together in the early 1990’s, and are not up to the challenges of today’s finance and mortgage innovation demands.  They ask, “What is so special about BPM two decades after it was introduced?”

Historically, BPM has been widely accepted and practiced within IT divisions, while subsequently being provisioned by vendors using architectural approaches such as SOA and SaaS.  Yet, the BPM “call to action” represents a holistic and comprehensive set of interrelated disciplines, “promoting business effectiveness and efficiency while striving for innovation, flexibility, and integration with technology.[ii] 

Now, with two decades of validation and improvements behind it, BPM is being utilized for more than modeling and simulation.  Today, BPM is being deployed for cost savings (e.g., with results from 10% to 35% ROI), cost avoidance, business adaptability (i.e., agility), and profitable “To-Be” roadmaps, which knit together technologies, operations, and data regardless of geography or platform.  It has found unreserved respect among select, internal champions – but moving forward, BPM will become a corporate agenda item recognized for its versatility and repeatability in driving organizational excellence and continuous innovation.

BPM Case Study Benefits and Outcomes– Large U.S. Retail Bank[iii]

·         Gained competitive advantage against leading larger retail banks:

o   Standardization of credit packages

o   On line application for customers allowed to process factor 4X more credit applications

·         Increased customer base by 25% in one year

·         Lowered operational risk via automated credit check processes and fully automated risk compliance management (i.e., real time dashboards)

·         Reduced staff by 20%

·         Optimized Bank’s working capital via better P&L management

·         Overall productivity increase reached 35%

According to Pedro Fong, BPM Senior Manager at SunGard Consulting (SGC), “The potential for tangible returns using BPM are there.  Nevertheless, the key factors for sustained success reside with the proper alignment of BPM approaches to the goals of the organization.  Experientially assessing how much an enterprise is prepared to invest (i.e., time, people, capital, implications) in making those goals a reality, influences the plan of attack, number of iterations, technology, and the establishment realistic performance benchmarks.” 

For many FMG’s dealing with three years of chaos, losses, and buybacks, BPM has become an organizational stealth competency – or weakness – that cannot be ignored.  Implicit in bringing BPM into the FMG executive agenda is the full recognition of dependent programs, cross-department productivity, and required organizational change mandates. 

Everything considered, by ignoring BPM as the glue which binds organizational transformation and growth, management will likely document an inaccurate picture of progress, benefits, costs, and opportunities.  The result is misplaced accountability and performance driving decisions and investments.  We have to ask the question, “Is this why for the last 15 years over 70% of all organizational initiatives consistently fail to meet their approved charters, criteria, and KPI’s?”  

BPM: Built for Relevancy – Architected for Results

As everyone is eager to “Retweet,” there are some embryonic signs that the domestic and global economy is finally improving.  In fact, John Paulson, the hedge fund manager who made billions predicting the housing market collapse, is now foretelling an impending “V” recovery in 2010 across the markets hardest hit – particularly California. 

So if the markets are recovering, why worry about rebuilding processes or streamlining them for efficiency?  After all, if you are reading this you survived the worst recession in 80 years.  No need to change now as the crisis is past, right?  

Encapsulated within the aforementioned inquires resides one of the greatest mischaracterizations of BPM – that it is only useful when times are tough or “something is broken.”  The benefits and value propositions inherent within a robust BPM framework provides the roadmaps starting at the “macro” and moving into the “micro” – not to mention the ability to traverse and audit processes in reverse. 

As shown in Figure 1, BPM practiced in the hands of experienced personnel provides the iterative and collaborative design that envelopes better publicized improvement methods (e.g., six sigma).  Also, BPM can proactively address the necessary adapters required for existing and emerging technologies along with their provisioning practices (e.g., SOA, SaaS, IaaS, BI, et al). 

Figure 1 — www.innovative-relevance.com/MBA051810Fig1.html

Mr. Fong asserts, “For finance and mortgage organizations, BPM has always been about the proper determination of operational impacts, which can be estimated in such areas as throughput, performance, risk, quality, and availability of data.   

BPM is architectonically organized to achieve results regardless of the operating conditions being experienced.  Upon detailed inspection of Figure 1, we note that the utilization of the generic BROC3 framework (or its equivalent) yields consistently measurable actions and results underpinned by technology and implementation techniques.  For FMG’s pursuing renewal, internalized BPM approaches (like BROC3) can mean the difference between commodity positioning – or market leadership.  

When asked about the proper deployment of knowledge solution sets, Mr. Fong says, “By leveraging technological innovation (e.g., cloud computing, SaaS, SOA) to implement and measure processes (e.g., via dashboards, analytics, and BI tools), organizations are able to create financial and customer insight unknowable just three years ago.  For BPM, technology represents the efficient use of scarce resources, while improving an organization’s ability to create, model, and share new business processes across the entire organization.”

Everything has Value

As we have intrinsically acknowledged, current survivability does not guarantee future organizational sustainability.  Moreover, advanced technology adoption seldom guarantees competitive differentiation – let alone lasting profitability or repeat customer loyalty. 

As noted recently in the Financial Times[iv], “… since 1977 about 700,000 new businesses have been started in the U.S. every year.  The number barely changes from year to year.”  With high domestic unemployment (national average > 9.5%) and record business failures since 2007, the extraction of organizational and operational value cannot be left to chance – or misplaced on a corporate initiative not grounded in realistic quantification. 

So what should we do?  Where is the value hidden and more importantly, how can we get approval to release it from the grips of organizational dogma?  Frankly, do we even have the time needed to reinvent our operations before the next wave of FMG crisis descends on already precariously weak balance sheets?

The answer to these questions, challenges, and opportunities commences with the identification of a business case for BPM.  As granularly presented in Figure 2, Defining the BPM Business Case for Finance and Mortgage Groups, there are many beneficial areas that occur along a continuum of organizational importance.  Moreover, Figure 2 also clearly shows that to ensure your FMG business case survives scrutiny and skepticism it must be tempered against operational requirements, rigor, and yes, reality. 

Figure 2 — www.innovative-relevance.com/MBA051810Fig2.html

 

“The lasting value of BPM is frequently marginalized by the lack of robust business measurement criteria,” say Mr. Fong.  “To ensure organizational sponsorship and support, the business case must be completed as part of developing the project charters and plans.”

However, Mr. Fong also cautions organizations that “BPM is an excellent discipline, but it is no ‘silver bullet’.  All FMG BPM efforts need to be viewed as components of a company’s overall strategic roadmap to meet the needs of the organization and to support the business goals.  These BPM efforts need to be become part of how the organization thinks and reacts so that they are internalized and allowed to evolve.  As with similar methodologies or PI (process improvement) efforts BPM should be viewed as a tool that an organization can use to achieve improvement milestones and lasting operating success.”

As we can now summarize, BPM should not be approached casually or as a “hammer seeking a nail.”  To make BPM more than a slogan or theory, it must align with the business model and a concrete case for its existence must be established.  BPM is much more than a set of IT tools or vendor solution sets.  Whereas, there are short-term benefits that can be achieved without a detailed business justification, if left unattended BPM will languish or be misapplied to situations that are better suited with complimentary approaches.

As demonstrated, the returns and costs of BPM spans many issues within FMG’s.  Provided as examples in Figure 2, you can see some of the items that may resonate with business leaders who are signing the “checks” for BPM enabled programs.  By qualitatively and quantitatively determining “what has value,” your BPM effort is taking an important first step on a journey to reach a proper fit not just for a given business model, but the against the culture, technologies, and operating characteristics of the enterprise. 

* * * * * * * *

It was Lao Tzu, the founder of Taoism, who said, “The journey of a thousand miles begins with a single step.  BPM for FMG’s is both a place (i.e., discrete conclusion or end result) – and a journey of continuous process improvement delivering concrete organizational outcomes.

As we have examined in Figures 1 and 2, the adoption and adaptation of BPM creates an operating environment that is healthy and proactively aligned to changing business models, economic challenges, and consumer behaviors.  Careful and in-depth study of Figures 1 and 2 will yield additional insights and questions that I cannot address in a single article.  Perhaps I’ll save those for another column, as we didn’t even mention the outsourced and shared services implications for BPM transformation, governance, or delivery.

In conclusion, BPM is suited for “one-off” situations as well as enterprise transformations.  It is the hidden glue that binds our people, technologies, and data.  When the glue fails, our operations become like “Humpty Dumpty,” — no amount of money, people, or technology can singularly put it right.  Without managed business processes, without the glue and its adhesion, we will eventually fail.

 


[i] Lloyd Blankfein, Goldman’s chief executive, May 7, 2010, as published in Financial Times.

[ii] Wikipedia, definition for business process management.

[iii] Data furnished by SunGard Consulting.

[iv] “US Unemployment,” Financial Times, May 10, 2010.

Tags: , , , , , , , , , , , , ,
Posted in Analytics | No Comments »

Data Integrity – The “Movable” Pillar of Discovery and Substantiation

Wednesday, April 21st, 2010

By Mark P. Dangelo

www.Innovative-Relevance.com

Integrity.  A character defining word that ranks with ethics, morals, and principles.  Its denotation affirms exceptional personal conduct, while its business implications suggest repeat customers, market status, and brand durability. 

More to the point, who can argue with the need for integrity, authentication, and chain of custody when it comes to financial and personal data that must be examined under scrutiny, forensics (e.g., fraud, transactional), or penalty of law? 

Whereas integrity principles are accepted as beneficial, it is in the achievement of these goals where money is lost and legal cases won – or lost.  There are cascading and hidden risks within, which are only surfaced when misfortune (e.g., delinquencies, foreclosures, class-actions, securitization failures) is internally recognized. 

Yet, for many individuals and organizations, the realization of integrity for data is something more mysterious.  It is commonly pushed deep into the enterprise — to the technologists in the back office.  Data integrity has little relevancy or correlation with today’s corporate strategies, operations, quality conformance, and profits.  Right? 

Fallacy and Reality

It seems every five to seven years, industry specialists and business leaders declare victory over the “hydra” of data integrity – classically defined as having three components of entity, referential, and domain.  With “victory” achieved, the organization and its focus shifts to the next problem or market challenge vexing its bottom line.  The data integrity requirements and regulatory mandates (e.g., business rules, data life-cycle, fail-safe controls) fade into the realm of IT myth and folklore.

However, with the steady advancement of technologies and practices (e.g., guaranteeing of data integrity in public cloud computing environments), the acceptance of demise for data integrity requirements creates false security – and lurking liabilities.  Like the hydra of mythology, the requirements compound and grow back (like the heads of the legendary beast gaining ferocity), becoming a menace to operational sustainability and business viability. 

With litigation and due diligence surrounding the data elementals of handling, storage, authenticity, durability, touchpoints, and isolation on the rise, it appears that hydra of integrity has found new life.  Some common data integrity misconceptions are frequently voiced as:

·         “Since our organization has structured application systems for our FMG (finance and mortgage group) operations, isn’t it a given that we  have the data integrity we are required to have for regulatory compliance?”

·         “We have standards for data entry fields, so why should we be concerned about the elements within the data repositories, marts, applications, and storage farms?  Isn’t data integrity really just about standards and field capture?”

·         “Data integrity is only about old application systems and approaches (e.g., flat files, VSAM, spreadsheets, point-based systems).  We have a commercial database and have spent years creating robust functionality in our origination and servicing systems.  Data integrity was taken care of years ago in our organization.  Sounds like much to do about nothing– like the IT department looking for a budget increase.”

Some of you reading this are probably just about ready to find another article that is more “edgy” or “important” to your organization.  Some would argue, this topic is old and stale and has very little to do with 3-years of housing’s turmoil and the current challenges facing FMG survival?  Let’s take a quick look at just a few of the realities documented by various organizations.

·         Annual price tag for bad loan data in the U.S. financial markets was as high as 7.3% of revenue – QAS Research, a unit of Experian,

·         FDIC reported that over 83% of the mortgages they audited contained violations,

·         Over 50% of the data corruption and integrity issues reside outside of technology – IBM, “Transforming Enterprise Information Integrity,” and

·         With over 90% of all records stored electronically (or scanned into electronic formats), the ability to maintain integrity over the life of the financial product (and for compliance) is material.

Moreover, with existing and pending legislation, additional concerns arise for the integrity of historical data stores and for future databases.  A very small snippet of these include (depending upon your business and model):

·         Consumer protection agency and its proposed charter,

·         Rule 803(6), U.S. Federal Rules of Evidence (see Info Law Group, “Privacy, Security, and Intellectual Property Law,” January 29, 2010),

·         “Skin-in-the-game” implications of Congressional financial bills (i.e., consequences of “cradle to grave” data life-cycle demands for definition, discovery, and defense), and

·         Existing and proposed state sponsored “breech” legislation – and consequences.

To believe that the guarantee of data integrity has been “met” across financial markets that are redefining rules of operation and conduct is fraught with peril.

A Principle-Driven Data Integrity Approach

For experienced enterprise architects, the utilization of principle-driven approaches is familiar – and represents stability and consistency for ever-increasing technological options.  Made famous in the “IT Paradigm Shift” by Don Tapscott and Art Caston, the use of the PRI (i.e., principle, rationale, and implication) architectural framework has gained global acceptance especially with the deployment of specialized technologies, layered outsourcing arrangements, and application compartmentalization. 

With estimates currently ranging from 4% to 9% of an IT’s budget directly or indirectly being consumed by information discovery, due diligence, and defense, the life-cycle challenge of data integrity cannot be left to chance. 

Table 1 provides an illustrative example for IT and business leaders of the granular and interdependent PRI’s, which are needed for the next decade.  So before you purchase the next origination system, sign up with a servicer, or restart private securitization efforts, ask yourself, “How are we addressing these areas, at what cost, and with what exposure?”

Table 1 – Illustrative PRI for Data Integrity / Data Architectures

Principle

Rationale

Implication

To guarantee adherence to organizational values, data custody and authentication must be able to be verified and certified by an objective and qualified third-party.

·          With the rapid adoption of cloud computing solution sets, data routing and its transmission cannot be assumed to be tamper proof.

·          Sequencing of data segments, since they may come from multiple sources and technology platforms, must involve the full acceptance of the data record or demand a complete rollback of all elements.

·          More than ensuring data and time stamps.

·          Demands more than standard hashing algorithms.

·          All data transmitted across public networks and from layered applications will be subject to predetermined certification tests.

·          Best practices will be adopted / modified to ensure data integrity of the highest quality.

·          On-going / continuous monitoring.

The validity of data and its consistency of capture, storage, and usage must conform to all published enterprise standards and applicable in-country regulations (e.g., privacy, confidentiality, et al).

·          Enterprise data demands must recognize disparate requirements, laws, and compliance demands when crossing local, state, federal, and international borders.

·          Within pending regulations, new implications of handling, storage, and usage will be demanded, with the “old” practices requiring a different set of data integrity “release” parameters.

·          If data is shipped in a cloud, its route should not violate laws on its path to corporate systems (a current challenge for network data routing in a cloud).

·          Compartmentalization of data management elements, schemas, and logical representations (along with all the rules and validation edits), should be maintained and able to be reconstructed for the life of the data.

Unless explicitly exempted by data owner, all data, rules, and manipulation must be implemented utilizing “data isolation modules” (DIM’s).

·          Identify and ensure fail-safe controls.

·          Ability to reconstruct “versioning” of data evolution at a discrete or elemental level.

·          Minimize reoccurring expenses associated with development and application segmentation.

·          DIM’s will have been validated and certified by custodian of record.

·          Taxonomies of data must be developed and maintained.

·          Any exception must be documented and sanctioned by corporate officer.

·          Use of (n)XML standards for data interchange and portability.

·          Common data models.

Data must be classified by both durability and risk to uphold usage, archival, and retirement.

·          With changes in technology solutions (i.e., technology is the least stable part of an architectural solution), portability and availability of data must be guaranteed.

·          A comprehensive data life-cycle approach for ensuring data integrity goes beyond application and database systems.

·          Part of a robust master data management (MDM) approach.

·          Years after the original transaction, due diligence demands will require a comprehensive review of all touchpoints including the outside review of litigants.

·          Workflows must reflect data requirements.

·          Rules engines do not singularly satisfy data integrity demands.

Data, and the transactional streams used during their life-cycle, must adhere to / exceed all auditing, logging, and compliance requirements.

·          With litigation on the rise, the “states” of data, its manipulation, and its usage must be captured across all its forms / transition states.

·          To support processes and regulatory demands, the data underlying the organizational certifications must be managed according to generally accepted practices that have been proven trustworthy in a court of law (i.e., they should be accepted by corporate legal advisors and auditors).

·          Use of robust WORM solutions according to performance, regulatory, and cost constraints.

·          All DIM’s and associated API’s must be certified.

·          Off-the-shelf certified solutions that incorporate industry standards, will be given preference during system “ever-greening” (to reduce capital costs, custom tailoring, while ensuring repeatability across multiple locations).

·          Monitoring and benchmarking of adherence will be done every (xxx).

Data sourcing, sequencing, and trustworthiness (SST), must be identified and maintained over the life-cycle of the data in adherence to corporate data standards and practices.

·          A clear system of record must be defined and maintained to guarantee efficacy and integrity.

·          With the data sourcing chain now firmly linked across origination, servicing, and securitization, access to the original data source (and the guarantee of its integrity) will be a top 5 corporate responsibility (and potential expense) during the next decade.

·          The use of “ACID” properties should be part of the certification process.

·          Use of existing and evolving data standards will be favored over internal, one-off solutions (to reduce costs, risks, and ETL requirements).

·          Developing and delivering data intelligence (DI) as part of standard operating procedures.

·          Strong and enforceable (with consequences) data polices.

NOTE: Illustrative and abbreviated for presentation purposes

 

After reviewing this lengthy table, some will ask, “Where’s the technology?  Where are the explicit standards?”  How can you have a data integrity architecture without solutions?” 

If we could add additional columns to the right, we would then add in the technology and discrete solution sets needed to deliver the principle-driven architecture that has been rationalized with its interdependencies.  So far, we’ve aligned organizational need, identified processes, and touched on the need for personnel and skills.

Perhaps the questions that make more sense for business personnel using this approach include, “What technologies are required to satisfy the business needs and operational requirements (inherent in the business and operational needs of the first three columns)?  What solutions best fit our ‘As-Is,’ ‘To-Be,’ and gap implementation programs of work for minimal capital costs and maximum return ensuring data integrity rigor / discipline?”

So yes, data technology and standards are very important – but only after the operating parameters have been articulated and approved.  They will vary for nearly every FMG driven by their management team, markets, and current challenges.  The interesting aspect of this proven approach is that once defined and maintained, it works in concert with numerous development or provisioning methods, applications needed, or outsourcer selected. 

In summary, the data integrity principles outlast the technologies, promote non-linear decision making, and “hold up” under the scrutiny of review.  For business leaders signing the checks of new solutions, it gives tremendous business case justification to “why IT does matter.”  And, when it comes to legal and regulatory challenges, preparation and anticipation are always cheaper than intrusive discovery and evidence gathering.

Challenges within Cloud Computing and Virtual Data Provisioning

Last, but not least, are the data integrity challenges materializing within cloud solution sets.  Since cloud computing and associated data storage options are one of the fastest growing offerings (e.g., Amazon, IBM, Dell) we cannot neglect the evolving issues of data integrity within the clouds.  (For an extensive discussion of cloud computing challenges and deployments, see The Alchemy of Creating Intelligence in “The Cloud”, by Mark Dangelo, October 2009). 

Data routing and storage within the cloud is one of the leading concerns facing publically provisioned cloud computing environments.  As the data is routed via a host of third-party, and country controlled telecommunication services, it can be exposed to fraud, corruption, sequencing challenges, and of course, privacy constraints. 

Additionally, given the types of interfaces and security mechanisms deployed across disparate computing platforms, the ability to introduce error and fraud has also increased when the flexibility of “pay-as-you-go” cloud computing is added.  Bottom line, there are exceptional benefits and values with cloud computing – but for today, organizations must consider exposure, risks, and consequences before placing mission critical or financial transactions over them.

The good news is that there are standards and practices that are being developed, which should be mentioned.  These include multiple standards from Object Management Group (OMG), Storage Network Industry Association (SNIA), Organization for the Advancement of Structured Information Standards (OASIS), and many others (for a comprehensive list see http://cloud-standards.org/wiki/index.php?title=Main_Page).

 

* * * * * * * *

 

As you can see, data integrity is a complex discussion that incorporates many horizontal and vertical disciplines in FMG’s, within computer science, auditing, and legal professions.  The final question that has yet to be asked is “How do I know if my organization has a data integrity problem?”  Well, if this is the first time you have asked that question for your enterprise….

 

For additional information and discussion on data integrity, please attend the “How Much Is Data Integrity Costing You?” conference session on April 26, 2010, 3:00 p.m., at the MBA’s National Technology in Mortgage Banking Conference.  For a complete list of session panelists and topic discussions see www.mbaa.org.

 

Tags: , , , , , , ,
Posted in Analytics | No Comments »