On May 6th, I delivered a presentation, entitled "The Six Steps to Building an Information Strategy," at the ISACA ASEAN Confernece in Singapore. A copy of my presentation can be seen here:
An outline of the topics covered:
1. The world is emerging from recession
2. Growth is on everyone's minds again
3. Information is an hidden asset with enormous potential
4. Now is the time to turn those assets into Information Products
5. To do so, you need to develop an Information Strategy
6. Understand the 5 major schools of thought around Information:
7. Use these Six Steps to build Information Products that generate real revenue
- Discovery Your Data with Semantic Search
- Tag it with Boundaries and Obligations
- Use your crowd to find issues and opportunities
- Make your Council reward innovation
- Develop Information Product Management as an operational discipline
- Think ecosystems and distributed value chains
8. There is a vast new industry of Information Products that is already generating huge value
Are you read?
Not two months after I made this declaration at the IBM Data Governance Council Meeting at the US Embassy in Paris on April 14, 2011 (and wrote about it in a blog on May 11), the United Nations has published a report entitled "The Freedom of Information as an Internationally Protected Human Right."
I am honored that the UN read my blog and agrees. You can read the report here: Freedom of Information as a Human Right
The US Federal Reserve announced new mortgage lending standards today that are designed to address so-called deceptive business practices among lenders. Those measures include:
¶Bar lenders from making loans without proof of a borrower’s income.
¶Require lenders to make sure risky borrowers set aside money to pay for taxes and insurance.
¶Restrict lenders from penalizing risky borrowers who pay loans off early. Such ”prepayment” penalties are banned if the payment can change during the initial four years of the mortgage. In other cases, a penalty cannot be imposed in the first two years of the mortgage.
¶Prohibit lenders from making a loan without considering a borrower’s ability to repay a home loan from sources other than the home’s value. The borrower need not have to prove that the lender engaged in a “pattern or practice” for this to be deemed a violation. That marks a change — sought by consumer advocates — from the Fed’s initial proposal and should make it easier for borrowers to lodge a complaint.
“Rates of mortgage delinquencies and foreclosures have been increasing rapidly lately, imposing large costs on borrowers, their communities and the national economy,” Mr. Ben Bernanke, the Federal Reserve Chairman, said.
“Although the high rate of delinquency has a number of causes, it seems clear that unfair or deceptive acts and practices by lenders resulted in the extension of many loans, particularly high-cost loans, that were inappropriate for or misled the borrower,” he added.
Excellent. Markets around the world can feel confident again that the US Federal Reserve has rooted out the major mortgage lending problems confronting the US Economy and has the entire situation under control.
It is beyond shocking that deceptive lending practices like this even exist in the most "efficient mortgage market in the world" (according to a 2006 IMF Mortgage Market Survey). What's more shocking is that the Fed knew about these practices, had data attesting to their impact on rising rates of mortgage fraud going back to 2005, and did nothing about it until today.
And how do I know that, you ask? Well, the Fed's own economists put out an insightful summary of what went wrong in the current credit crisis and you can read it here:
The first draft of this report was published in October 2007. And in perfect hindsight, the economists concluded,
"Were problems in the subprime mortgage market apparent before the actual crisis showed signs in 2007? Our answer is yes, at least by the end of 2005. Using the data available only at the end of 2005, we show that the monotonic degradation of the subprime market was already apparent. Loan quality had been worsening for five consecutive years at that point. Rapid appreciation in housing prices masked the deterioration in the subprime mortgage market and thus the true riskiness of subprime mortgage loans. When housing prices stopped climbing, the risk in the market became apparent."
Now the US Federal Reserve would not be the first organization in history to have better hindsight than foresight, but shouldn't we expect them at least to move faster with policy controls when the global credit market is facing the second worst crisis in history? And if it takes the Federal Reserve 2 years to study market data and write a telling report more than three months after the crisis has hit, and 8 months more to digest and issue lending guidelines to restrict fraud in the mortgage marketplace, how long exactly will it take them to react when Hank Paulsen consolidates all financial regulation in their hands?
To me this story offers some important lessons that I do hope Congress recognizes:
1. Regulatory Consolidation is not a panacea. Consolidated beauracracies do not historically produce operational efficiency. Witness the Department of Homeland Security and the performance of FEMA during Hurricane Katrina.
2. Data is useless without people empowered to act. The Fed had ample data to control mortgage lending fraud and prevent the worst aspects of the current credit crisis and it either chose not to act or its internal governance is so poor that there was no mechanism in place to forecast non-monetary economic risks and make micro-policy adjustments.
3. More important than regulatory consolidation, Congress should review the operational procedures and data governance practices at the Fed itself. A GAO Audit of Fed operational procedures and internal, below the Board, decision-making would be a great start!
4. The Subprime Credit Crisis was preventable! The Fed had the data and they had the economic skills to use it. They proved today that they even had the regulatory mandate to affect the changes in lending guidelines necessary.
Congress, the US Public, and the world at large, have a right to know what took them so long to use their own data before we entrust that organization with even more regulatory responsibility.
From where I am sitting, the Fed really needs Data Governance.[Read More
Denmark is always at the vanguard of new trends and if you are into free music Denmark is the place to be, though you won't have to wait all that long for this trend to cross the Atlantic. In the battle to win broadband customers, TDC (formerly TeleDanmark), has signed deals with major recording companies to provide free access to MP3 files over its network. In a way, all that TDC is doing is paying the music companies a volume royalty on their music portfolios - just like radio stations do today to BMI and ASCAP, as intermediaries to the recording industry.
But of course, by selling music for broadcast royalties, TDC is not equating broadband to radio. Rather they are shrewdly taking advantage of a reality the music industry is just acknowledging - the price of music data people are willing to pay today is next to nil when it is infinitely redundant, of consistent quality, and immediately available.
If you can read Danish, have a look, though I doubt you will have to wait too terribly long to discover an ISP in your neighborhood making the same announcement in your native language...
I am in Cape Town, South Africa, a beautiful city in a beautiful country with fantastic natural and human resources that is often hobbled by massive challenges. Violent crime runs rampant here with over 15,000 carjackings and over 40,000 murders per year. Xenophobia has led to refugees from Zimbabwe and Mozambique being burned alive. And racial tension is as extreme as the economic tension between extraordinary wealth in first-world white neighborhoods and third world despair in black townships filled with aluminum shacks. The government in Pretoria is as corrupt as anywhere else in Africa and the police are so distrusted that most people use private security services.
In one of the most beautiful countries on earth with so much potential it is not the lack of economic opportunity that holds this nation back - it is the lack of trusted leadership. Good Governance isn't taught in Universities, isn't part of UN stewardship programs, and isn't on the agenda of the G7, World Bank, or IMF, but it is Bad Governance that holds most of the world back from real progress for its citizens.
Trusted Leadership is even more important that Trusted Information, because without capable leadership the best information will still be corrupted to benefit individual ambition over collective good. The global financial crisis is a fantastic example. In Wall Street and in Washington, in Brussels and across the EU, this economic downturn illustrates a systemic leadership deficit that stretches from regulators to the regulated.
Even Sarbannes-Oxley is a complete failure. It was designed after all to prevent corporate failures such as Enron, MCI, and Tyco, but the new accounting rules did nothing to prevent the global financial system from being systemically manipulated by powerful bank and government leaders to serve their own purposes.
Bad regulation is a symptom of bad governance. What the world needs now more than anything is a new dialog on Good Governance and Trusted Leadership because without it real progress is not possible.[Read More
Today, The Basel Committee on Banking Supervision announced a new strategy to address shortcomings in its own global regulatory structure. The proposal creates new capital requirements, leverage ratios, and risk measurements designed to more carefully regulate banking practices across the globe. The proposal includes the following elements:
# strengthening the risk capture of the Basel II framework (in particular for trading book and off-balance sheet exposures);# enhancing the quality of Tier 1 capital;# building additional shock absorbers into the capital framework that can be drawn upon during periods of stress and dampen procyclicality;# evaluating the need to supplement risk-based measures with simple gross measures of exposure in both prudential and risk management frameworks to help contain leverage in the banking system;# strengthening supervisory frameworks to assess funding liquidity at cross-border banks;# leveraging Basel II to strengthen risk management and governance practices at banks;# strengthening counterparty credit risk capital, risk management and disclosure at banks; and# promoting globally coordinated supervisory follow-up exercises to ensure implementation of supervisory and industry sound principles.
Strengthening liquidity and solvency requirements seem like regretful afterthoughts during a time of historically low liquidity and high insolvency, but better late than never. One does wish that the Basel Committee had applied these measures as forethoughts rather than afterthoughts, but that's human nature.
There are three elements missing that I hope to see emerge in 2009:
1. A Global Loss History DB of anonymous credit, market, and operational incidents, events, and losses from every Basel conforming institution. Individual institutions do not have enough loss history to compare their past exposures and "claims" to trend and forecast. Industry and geographic loss information is needed to better inform decision-making at banking institutions. 3rd Party loss data is available to every insurance company for all lines of business. Only the banking community could conceive of risk measurement programs without 3rd party institutional validation.
The Operational Risk Exchange has been aggregating banking loss data for operational risk among the 41 banks who participate in that consortium for 3 years. That model is valid, but the sample size is too small even for ORX. I hope the Basel Committee sees ORX as a valid architype that should be replicated worldwide with each Central Bank collecting the anonymized loss data from each member institution and sharing that loss data worldwide so that all financial institutions can compare their own loss trends to global trends and forecast future exposures more accurately.
2. An XBRL for Risk Reporting Taxonomy. Banks can't report loss events without a global taxonomy so that everyone can agree on what to call things and what things mean when they are reported. Even within banks, the word Risk has many different meanings to different people. For business people, Risk is an omnipresent feature of life, an attribute to calculate potential returns or losses in investments. Many business careers are made by taking risks. For an IT person, Risk is something to be avoided at all costs, the result of flaws in architecture that lead to vulnerabilities and loss. Many IT careers are lost by taking risks.
Business and IT can sit at the same table and have exhaustive conversations about Risk, each thinking they understand the other, and walk away having fundamentally different idiomatic understandings of what was discussed. That misunderstanding is often a source of new risk.
XBRL (Extensible Business Reporting Language) is an XML language for describing business terms, and the relationship of terms, in a report. It enables semantic clarity of terminology, and that clarity is absolutely essential for the accurate recording and reporting of credit, market, and operational incidents, loss events, and losses.
A Risk Taxonomy is like an alphabet - the letters alone convey no meaning, but they are the foundational elements that allow humans to understand each other. We desperately need a new alphabet to describe Risk - incidents, events, losses, claims, exposures, forecasts, reserves - so that firms everywhere can aggregate loss information, analyze it with standard actuarial methods, compare past exposures to present conditions and opportunities, and forecast potential outcomes to illuminate options.
A year ago, I wrote on this page about the need for new macro-economic tools to enable Central Banks to measure aggregate risk taking in the financial world. An XBRL Taxonomy of Risk is a fundamental building block to enable interoperability and standard practices in the measuring and reporting of risk. Those standards in turn will enable Central Banks to manage vast databases of loss history and trend analysis that will inform policymakers and member banks to make better decisions that produce better returns. We will still need new information management software and governance models to make sure the right information gets to the right people at the right time, but none of that is possible without a standard alphabet and vocabulary to describe what's being recorded and read.
Recently, I announced an IBM Data Governance Council initiative to develop an XBRL Taxonomy for Risk. We are inviting all interested parties - banks, broker/dealers, hedge funds, consortia, think tanks, and regulators - to participate in this initiative. We will be working closely with XBRL International and XBRL.US to share ideas in an open and transparent process to bring forward a standards proposal quickly. If you are interested in participating, please drop me a line.
3. Lets bring back Glass-Steagall. Gee what a great idea. No leverage ratios, because investment banks can't leverage with bank deposits at all. Banks, Brokerages, Hedge Funds, and Insurance Companies all need to have their activities segregated. It isn't enough to insist on new solvency, liquidity, and risk measures. We need to separate temptation from action. And when all three of these things are done - new solvency requirements to shore up assets on the balance sheet, risk taxonomies and loss history data to forecast future exposures, and Glass-Steagall V2 - we'll have risk tied up in a knot... until it's not.[Read More
In the Data Governance Community there continues to be confusion about how to Govern Data. Let me be clear: You Can't.
Data is dumb. It has no life, no self-interest. It's needs do not conflict with others. It forms no self-organizing factions, and it's vices require no political appeasement.
People can be governed, and the goal of Data Governance is to affect organizational behavior, to build accountability, over, with, and against Data.
Today, most Data Governance initiatives begin with a Board, a political institution with x-organizational representation ("factions" as John Madison called them). This board should evaluate complex issues with normalized assessment processes, providing a common forum to air issues, explore challenges, and render policy decisions and revisions...
"And time yet for a hundred indecisions, And for a hundred visions and revisions, Before the taking of a toast and tea." - The Love Song of J. Alfred Prufrock, T.S. Elliott
This process, imperfect as it is, requires some governing maturity to dynamically steer organizational behavior, and it should really be seen as an initial step on the road to enlightened Data Governance. A key inhibitor in this process is the lack of organizational data reporting - data about what is going on, how policies are being implemented, organizational roadblocks, stewardship challenges, etc.
But to Govern People well, we need better Data. Better Data not only to inform Data Governors and Stewards, but also to inform People to make better Data Governance decisions on their own.
Case in point: Energy Conservation. Might seem a little off topic, but I think the analogy is apropos.
Denmark today is the most energy efficient country in the world. Despite the fact that it is a net oil exporting nation thanks to rich oil deposits in the North Sea off the Faroe Islands, Denmark gets close to 60% of its energy needs from renewable sources such as Wind, Geothermal, Solar, etc.
Cars and Benzine are heavily taxed, but people have choices. Despite 220% car taxes and 50% gas taxes, People can choose, if they can afford it, to drive big Jeep Grand Cherokee's with V8 motors or tiny Fiat's diesels.
Taxes on cars, registration fees, insurance, and even Benzine are weighted based on carbon emissions, and the emission information is published along with the tax rates.
This is a Governance Policy that leverages Information to inform decision-making. Obviously the Danish Government is working to change people's behavior by associating higher taxes with higher carbon emissions, but people still have a choice. They can pay more to drive more, and the State takes in that extra tax and uses it to subsidize renewable energy sources.
The point here is that we can attempt to Govern People using Data by gathering organizational information and leveraging it for informed decision-making by the Board, or we can pass it on to the People, as "Tax" or "Subsidy", and let human self-interest create an internal market for decision-making about value and risk.
"Bad decisions" can be taxed at a higher rate than "Good decisions," and the excess remittances can be used to fund "clean data" initiatives.
More on this topic in my next blog...[Read More
Last week, I became a victim of toxic content. It can happen so fast, without warning. My sister, a trusted source, forwarded two photos that purported to show the Air France flight breaking in half before it fell from the sky into the Atlantic off the coast of Brazil. There was a caption that said the photos had been taken by a passenger, and while the camera had been destroyed in the crash the memory stick was recovered. Even the photographer's name had been discovered by tracing the serial number of the camera. One photo showed passengers with air masks on, a gaping hole in the mid section of the plane and the tail section falling away. The second photo showed a man being sucked out into the open hole.
They were immediately shocking photos, all the more so to me because two of my students from my Data Governance course at the Bucerius Law School died on that flight. Alexander Crolow and Julia Schmidt were two bright young students from Germany and Brazil who had traveled to Brazil to tell Julia's parents of their plan to marry and were returning to Germany that night to tell Alex's parents. An event like the Air France crash it transformative when you know someone who was on it.
But alas, the photos were fake. They were taken from the TV Show lost and sent around the world in an email. Bolivian TV even showed them on the air before they discovered the fakery. But by then the damage had been done. For so many people around the world wondering how their loved-ones perished in that plane, the photos offered chilling illustration. We should have recognized the forgery at the outset since the plane crashed at night and the photos showed bright daylight through the hole. But critical thinking disappears quickly when you are emotionally involved. And of course on the internet any trusted source can inadvertedly be a conduit for toxic content. Thus knowing the source of your content is not enough to establish trusted information. You need to verify by corroborating the content with another source to establish veracity.
In the 21st Century everyone has to be a journalist.
On Saturday, I sat with an old friend at a secluded restaurant on a grassy river bank North of Bangkok. We are both actively engaged in the banking industry as observers, speakers, and peripheral participants. My friend has a more direct engagement with a Thai Bank but still as an adopted outsider. Lunch was excellent, and we sat on a wooden pier just feet from the river's edge as barges, trawlers, and all manner of ships slowly passed by with and against the current. A pair of large floor fans blew hot air our way and an umbrella shaded us from the searing sun playing tag with the clouds above. The heat in Thailand is soft, enveloping, pervasive, and quietly oppressive. You have no hope of resisting its dictatorship. Somehow the Thais have developed a sweating immunity to their own condition, whereas this Western visitor is deficient in that regard.
During lunch we compared current events in both Thailand, where the Red Shirts have barricaded themselves behind sharpened bamboo poles and tires doused with gasoline. Their encampment was many miles from our lunch spot, and indeed encompasses but a small corner of the entire city of Bangkok. Yet their determination to resist the current government, who themselves are only in power due to a similar incident involving a Yellow Shirt protest two years ago, has driven away western tourists and continues to cause confusion and insecurity in the highest elements of Thai society. And we discussed the Credit Crisis, Greek Debt, US Politics, and Regulatory Reform.
On Greek Debt, we discussed how the former Greek government hid the massive debt it had accumulated from EU Regulators (reporting a deficit of only 3.5% each year instead of the 12% it actually was accumulating), and how this massive amount came to light only with a change in government - when one group had an interest in reporting the bad data another group had an interest in hiding. Most today call this an act of Fraud, but it also has to be admitted that it was not just the former Greek government who had an interest in hiding their debt. The Germans, French, Belgians, and perhaps even the European Central Bank had an interest in ignoring the reality of Greek economic underdevelopment and overextension.
The data about Greek debt was available. Greece can't borrow on the black market. Their debt has to be issued in
bond markets, and the amounts, yield, and maturity dates are all public
record. Bond markets are largely transparent. But Transparency creates its own information asymmetries. First, the availability of information doesn't mean everyone collects the same amounts, has the power to use it, or knows what it means. Second, there is a private sector deference to public sector data aggregation, analysis, and reporting, and the public sector relies on static information reporting programs that limit source authentication, audit, and repudiation. These two behaviors allowed the Greek Government to report fraudulent deficit figures to the EU and the EU didn't bother to verify that information against publicly available market data.
One could argue that the construction and expansion of the EU Common Currency without adequate audit powers created an environment rife for fraud, but this is too easy. EU regulators could have at any time used data from bond markets to verify Greek debt. Why the EU didn't monitor the discrepancy between public reports and private market data has more to do with EU politics than Data Governance.
Every government is comprised of politicians who owe their hold on power to public perception. Everyone in Europe played See No Evil, Hear No Evil, Speak No Evil on the subject of emerging market debt in the EU. The information was available. Net inflows of financing and debt accumulation can be gained by studying the bond markets. Public obligations in Greece are also no secret. Everyone in Europe knew that pension guarantees starting at age 50 in Greece were a ridiculous luxury in a country with such low productivity and wages.
Transparency and Reporting do not, in themselves, guarantee that anyone is using or validating information sources correctly. Every report needs to be validated with external sources, because Transparency is not the same as the Truth. If the EU wants to fix this structural problem in its own multi-nation confederation, it will need to create an independent auditor, like the US Government Accountability Office, whose role it is to audit member programs and reports, to discover waste and abuse.
All reported data must be verified. If we didn't learn this in the Mortgage Credit Crisis, now is the time to take it home in the Sovereign Credit Crisis.
Banks, Hedge Funds, and other investment institutions should not wait for the EU and other governments worldwide to get the audit role right. They should build their own Information Analytics programs to validate the assertions of governments as well as listed companies because what Greece did is not new. Fraud is a part of business.
Data Validation should be seen as an important part of Market and Credit Risk Measurement and Mitigation programs. This is where Data Governance and Risk Management intersect, and new technologies will be needed to make reporting aggregation and analysis easier and faster.
On the river, in Bangkok, I asked my friend if his bank monitored the market and credit activities of their Thai competitors. They do not. They expect the government to collect data from every bank, aggregate and report that to the banking community. And his bank reads those reports. I would argue that the events of the last three years clearly demonstrate that governments are not well equipped to be doing primary market data analysis on behalf of themselves or any industry. They lack the technology infrastructure and the analytical skill to make intelligent use of the data the market already provides and their political dependencies create natural conflicts of interest.
Businesses must perform their own due diligence to verify government reports and conduct primary market data analysis of every potential investment opportunity.
Unverified data should not be trusted. This is Data Governance Rule #1.
ComplianceWeek covered the XBRL Risk Taxonomy Forum Meeting in NY last week with an excellent article enclosed here.
It is a longer article, but this is from the front page:Using XBRL to Attack Systemic Risk
By Todd Neff — April 7, 2009
Already hard at work making Security and Exchange Commission filings interactive, XBRL technology now finds itself at the heart of plans to save the U.S. financial system from future calamity.
A group of risk-management leaders in the financial industry has begun studying how XBRL might bring clarity and transparency to the murky world of financial risks, much the same way Corporate America has just begun using XBRL to bring more clarity to financial statements.
While any such system is a long way off, proponents say the technology is tailor-made to help regulators (and investors) root out hidden threats to corporate balance sheets before they, well, break the bank. XBRL could, for example, let a regulator peer through a bad debt line item and see the individual loans feeding it; that task would take hours of spreadsheet diving today.
But XBRL could also do much more. Steven Adler, director of IBM Data Governance Solutions, says the computer language provides a standard vehicle for regulators to track not only weeks-old summary data, but also financial positions accruing across many banks and market segments. That would shed more light on systemic risks—which, left unchecked, can bring financial calamity of the sort we’re witnessing today.
Any potent XBRL-based scheme to report risks, however, would require the reporting of daily financial positions, a major shift in how trading firms, hedge funds, and investment banks do business. To that end, Adler’s IBM Data Governance Council is spearheading a movement that would change how investment banks and hedge funds interact with regulators.
“At this point, everybody is aware change is coming,” Adler says. “And parties would rather be in the room together talking about common solutions.”
A speech Federal Reserve Chairman Ben Bernanke delivered last month shows him to be in agreement. Bernanke advocated taking a “macro-prudential” approach to risks that are “cross-cutting,” affecting many firms and markets or concentrating in unhealthy ways. It would involve “monitoring large or rapidly increasing exposures—such as to sub-prime mortgages—across firms and markets.”
You can read the full article here.