We are living in the era of computers. Any information is considered to be data and banks run based on them. Data ownership and data management have become very challenging tasks in the present-day world. Even some sort of ambiguity prevails over the issue of who owns the data and who manages those. There are several stages in using the data by banks in their regular operation. These are as follows:
DATA INPUT/SOURCE: This is the beginning of collection of data or information in the bank. Whoever provides information to the bank is considered an input unit. This is a crucial and important area of data management. The prime responsibility of the input unit is to ensure the authenticity of data. It is the gateway. Proper filtering process must be in place to ascertain the accuracy of data. For example, Account Opening Department of a bank branch is the input unit for all account opening information. It is the sole responsibility of that department to insert correct, authentic and accurate data. Prior to inclusion of any data, due verification process must be followed. There must be two persons' involvement; one person will insert while the other person will verify and confirm the data insertion. This two-step process must be executed under the same system with due validation as well as systematic recording of the responsible persons' actions.
DATA MANAGEMENT/MANIPULATION: This is the role of IT (Information Technology) or Technical Department, who will eventually process this data and put those into bank's use. Data inserted by input unit becomes available for use through the Technical Department. However, they have neither data approving authority nor data validating ability. They only put this data into different programs so as to configure with various applications used by the bank. As for example, Account Opening Department inputs necessary information related to opening a current account. With this information, an account number will have to be generated, and required parameters pertaining to the operation of current account will have to be determined. IT or Tech Department will configure all data received from Account Opening Department with the various programs/applications, but this account will not be effective unless authorised by another separate department, viz. Risk Department or Operation Department. Once the use of data in bank's software/applications is completed, this will automatically be sent out to the Risk/Operation Department, who will finalise and authorise this data after complying with the bank's rules, regulations and policies.
DATA AUTHORITY: This is an independent department which may be named as Risk Department or Operation Department. It is completely separate from the Input Unit and IT/Tech Department. This department has the sole responsibility of authorising the data. Any inclusion, deletion or change in the character of data must be authorised by this department. Once this department authorises the data, it will be effective and will become available for use by the bank. This department, however, is not responsible for the authenticity of data; nor will it have any knowledge of how the data has been configured with the bank's application. It will have thorough knowledge of the bank's policies, procedures, relevant rules and regulations. Prior to authorising any data, this department will carefully review and confirm whether authorisation requested for data falls within the purview of the bank's policies, procedures, rules and regulations. If the department is satisfied with this compliance procedure, then it will provide authorisation. Otherwise, it can decline authorisation or send back the data for correction or additional information, whichever is needed.
TECHNOLOGICALLY SUPPORTED PROCESS: This step-by-step process related to data management as well as data ownership must be done through the same system. The input department will load all required information and press enter. This will automatically go to the validation department or to the concerned person. The validation department or person will verify and validate it if found correct in the same system. Once validated, the submitted data will automatically go to the IT/Tech Department with similar email notification. IT department will then work on this data and once their action is done, they will press complete/finish option. Then it will automatically go the Authorisation Department, viz. Risk or Operation department under the same system with similar email notification. When the action of authorisation department is completed, the data will automatically come back to the IT/Tech department. The IT/Tech department will then make the data effective and send those back to the input unit for use under the same system with similar email notification. At every recipient's level, the request will remain in the pending queue for action under the same system; and there will be periodic reminder for action on the pending request. This is how the data management cycle is completed.
DATA CERTIFICATION: Data certification is the final step for completing the entire cycle of data ownership and data management process. However, this step is considered as an additional measure to make the data flow more secure and controlled. This step is also sometimes called certification. When the data requested by the input unit goes through all the measures including authorisation, and finally comes back to the input unit for use, then the certification process is carried out. This requires the input department to review its request and confirm that the actions approved during various stages are found in conformity with the requests of the input department. If found to be satisfactory, they will confirm the certification and thus the final step of data management will be completed. If any deviation is noticed, then the matter will be referred to the concerned department. The certification will then remain pending and as such the data cannot be used.
Nironjan Roy, CPA, CMA, is a banker based in Toronto, Canada.