June 2016 DPN

The Next Game Changers for Data Governance

  2nd June 2016, 3:30pm - 5:30pm

      CGI, King's Place (near King's Cross Station), London


BCBS 239 and Solvency II have driven the Data Governance Agenda for banks and investment firms. New drivers are on the horizon.

The regulatory assessment process has started and banks have the IMMEDIATE task of finalising and submitting their plan for “Full Compliance” within the next few days.  That plan has to be submitted by Internal Audit to the Regulators.

The plan must define the scope of “Full Compliance”, describe the activities involved and explain how the plan integrates with other business, cultural, governance, change and regulatory programmes across the bank. 

At the EDMworks Data Practitioner Network on 2nd June we review the current state of the regulatory assessments and discuss with leading GSIBs how banks are creating the “Plan for Full Compliance”.  We also look to the future to explore the next major drivers for data governance in the European region.

Three seemingly unconnected pieces of legislation will fundamentally change the data management landscape over the next three years. They all have different causes, but their combined effect will be to ENFORCE accountability for data, REINFORCE governance, UNDERPIN data architecture and MANDATE data quality management:

The General Data Protection Regulation (GDPR) changes the rules and accountabilities for security around personal data and transforms penalties for data breaches from “cost of doing business” to “bankrupting the business”.

The Network and Information Security Directive (NISD) focuses on identification, registration and accountability for critical networks or systems. The scope covers financial, telecoms, utilities and other types of business. It is the European Union’s response to cyber terrorism.

On 7th March 2016, the Senior Manager and Certification Regime (SMCR) was implemented as a self-regulating framework for senior management accountabilities across the finance sector. This provides the legislative structure for the PRA/FCA to demand individual accountability for and oversight of critical business functions. The NISD and GDPR will use this framework to ensure personal accountability for data assets across the organisation.


Welcome & Introduction

Dennis Slattery, Chief Executive, EDMworks

Chris Collins, Partner, Financial Services, CGI

Broadening Accountability for Data Management

Verner Parke, Director of Security Consulting, CGI UK.  

Verner Parke has more than 35 years’ experience in security risk management, cyber security, privacy and secure solution design, covering the full systems’ lifecycle. He has performed the roles of consultant, programme manager, managed services lead and strategic advisor.  This included developing the approach and managing the end to end security and information assurance programme for a 250,000 user top to bottom IT replacement programme. The unique approaches reflects his long term passion for integrating security into business and designing realistic workable controls.

GDPR and NISD represent a major change and maturity improvement requirement in Data Management and Cyber Security.  They carry with them the risk of material fines for gross breach and no longer make such a breach almost ‘business cost justifiable’.  This was a criticism of the Data Protection Act, even when the fines in that regime were ‘reset’ to £0.5m maximum, especially as no such fine has yet been imposed.

At the same time:

  • The ‘Safe Harbors’ model has been cancelled by EU Courts (probably also impacting  the ICO’s approved locations model);
  • The US and EU are mid-negotiation of ‘Transatlantic Trade and Investment Partnership (TTIP)’ (that many see as a watering down of regulation and governance);
  • Organisations are rushing to the ‘Cloud’ (perceived as a panacea for reduced IT costs); and
  • Those same organisations are flirting with the ‘Internet of Things’ (that represent both a step change in ‘Big Data’ and convergence of technology domains previous, typically, run separately by different communities).
  • Senior Manager Regime – driving professionalism and accountability throughout the organisation underpinned by hefty sanctions
  • Digital Customer Experience – volume, speed and access to client and other data causes new security and regulatory issues
  • There is an expectation that breaches will occur – does a firm know accurately what data has been compromised?

GDPR and NISD therefore represent both the biggest challenge to AND opportunity for Data Practitioners.  This presentation will survey the landscape, the challenges and provide a suggested ‘approach path’.

BCBS 239 current status and "The Plan for Full Compliance"

Dominic Gittins, Risk Information Director, Barclays Bank 

Dennis Slattery, Chief Executive, EDMworks

Over the last five years, huge investments have been made on improving data quality, underlying infrastructure and governance oversight.   Most GSIBs claim o have achieved "Material Compliance" and now have the task of submitting their "Plan for Full Compliance" in June 2016.

This session reviews the current status of BCBS 239 "Material Compliance", the approach that regulators are taking in assessing compliance and looking at the key components and activities that have to be part of  "Plan for Full Compliance".   

End user panel: Q & A Discussion

Moderator: Andrew Delaney, President, A-Team Group


Sue Baldwin, Executive Director, Control Office, J P Morgan

Colin Gibson, Global Architecture Director, Willis Towers Watson

Tom Dalglish, Senior Integration & Data Manager, HSBC

We have covered a lot of ground in the previous sessions. Now it is time to hear from the end users who are making this happen within their firms.  How do we evolve our existing governance activities to cope with both existing needs and and emerging challenges.  Andrew Delaney will moderate a panel of experts and take questions from the floor.  

Close and final remarks

Dennis Slattery, Chief Executive, EDMworks

Chris Collins, Partner, Financial Services, CGI

Drinks, refreshments and networking

Courtesy of CGI


Doors will open at 3pm for a 3:30pm start. The talks will finish at 5:30pm at which point the networking reception will begin.

The event is free to attend. Expected attendance (based on previous records) is between 60 to 80 people.

If you have any queries regarding the event please email support@edmworks.com.

Andrew Delaney, President, A-Team Group

Chris Collins, Partner, CGI

Dennis Slattery, Chief Executive, EDMworks

Verner Parke, Director of Security Consulting, CGI UK

Colin Gibson, Global Architecture Director, Willis Towers Watson

Tom Dalglish, Senior Integration & Data Manager, HSBC

Dominic Gittins, Risk Information Director, Barclays Bank

Sue Baldwin, Global Reference Data Controls Director, J.P. Morgan

In order to register for the event you will need to enrol on the course that we have set up specifically for the event. Simply click the red button below to be taken to the course enrolment page.

If you have already registered on our website you will need to login then you can enrol immediately. If you have not yet registered on our website you will need to create an account then enrol on the course. Instructions on how to create an account are provided on the subsequent webpage.

Once you have logged in, you will be presented with an enrolment page. Simply click the green "Enrol me" button at the bottom of the page and you will now be registered.

As a registered delegate, you will be able to access the course page where you will find many useful resources including guides and handbooks, videos, more detailed event information and links to download the presentations (after the event) as well as a forum where you can discuss the topics of the event with your peers both before and after the event.

If you have any queries or issues please email support@edmworks.com.




Last modified: Wednesday, 15 June 2016, 10:42 AM