In a complex operating environment, the Australian Prudential Regulation Authority (APRA) is encouraging regulated entities to focus on quality data as an asset.
Contents

APRA's growing emphasis on data risk management, evident in regulatory guidance such as CPG 235, CPS 234 and CPS 230, highlights the critical role of quality data for APRA-regulated entities. Recent cyber incidents in the financial sector have shown the need for a robust understanding of data storage, deletion, and security. Data is pivotal in decision-making across various functions and maintaining data privacy is somethings stakeholders trust organisations with – so its protection should be top priority for Directors and Executives.

APRA's 100 Critical Risk Data Elements Pilot study with select banks has revealed progress in data practices, driven partly by regulatory changes. However, a significant gap remains between current and optimal data risk management practices. The implications of poor data management span beyond making misinformed data-driven decisions, to customer complaints or regulatory actions which can lead to reputational damage and financial loss.

The pilot study has identified areas for improvement for all APRA-regulated entities, including:

1. Implement a cohesive data strategy for robust data governance.

2. Define clear roles for ownership of essential data throughout its lifecycle.

3. Streamline technology and data architecture by upgrading platforms and retiring legacy assets.

4. Identify key data elements and enforce consistent data controls.

5. Monitor data quality and promptly address errors in alignment with business needs.

6. Incorporate data management risks into broader risk management frameworks.

APRA acknowledged that despite progress since the study began in 2019, entities face challenges ahead in integrating data practices into business-as-usual activities, quantifying data inaccuracies, and aligning improvements with business end-user requirements. APRA intends to continue focusing on data risk management through CPS 230 to drive industry-wide uplift, while recognising the complexity of this process and its requirement for considerable time and resources.

Quality data is essential to informed decision-making, risk management, and efficiency improvement. APRA-regulated entities must identify critical data elements, remediate issues, enhance technology platforms, simplify legacy architecture, and make data more accessible to effectively manage data risk in an environment where demand for data is continually increasing. Addressing existing gaps in the industry and maintaining a strong focus on maturing data practices will be key to support the ongoing resilience of the industry.