28.02.2020

EBA Publishes Final Report on Big Data and Advanced Analytics

The European Banking Authority published a Final Report on the Development, Implementation, and Adoption of ‘Big Data and Advanced Analytics in the Banking Sector.

The Report identifies recent Trends, Challenges and Possible Approaches in the Regulator’s efforts to maintain Technological Neutrality giving Firms the freedom to choose their own Tools and Technologies when pursuing ‘BD&AA’; the EBA does not wish to impose a single technological standard on all Firms.

The Report identifies four ‘Key Pillars’ that must be reviewed by Institutions to support the roll-out of BD&AA:

Data Management (i.e. the Control and Security of Data, including issues surrounding Data Protection, Data Quality, and differing Data Types/Sources)
Technological Infrastructure (i.e. The underlying Technology Platforms/Services needed to carry out ‘BD&AA’ activities)
Organisation and Governance (i.e. The appropriateness of Organisational and Governance Structures, including the development of Skills and Knowledge to support responsible ‘BD&AA’)
Analytics Methodology (i.e. The Formal Methodology to facilitate the Development, Implementation, and Adoption of an Advanced Analytics Solution)

Alongside the ‘Four Pillars’, the EBA identifies ‘Areas of Trust’ that must also be addressed:

Ethics: Any solution should adhere to Fundamental Ethical Principles in an ‘Ethical by Design’ approach
Explain-ability and Interpret-ability: A model should either have Internal Logic that can be directly understood by humans, or produce outputs that can be adequately justified to a human – This is a critical aspect of transparency Fairness and avoidance of bias: Models must protect Groups (e.g. Minorities, Vulnerable People) against Direct and Indirect Discrimination – i.e. Models should be free from bias against such Groups
Trace-ability and Audit-ability: Models should be fully auditable, likely facilitated using traceable solutions that enable repeated tracking of all Steps, Processes, and Criterion
Data protection: Data should be adequately protected within a System that complies with Data Protection Regulations (e.g. GDPR)
Data Quality: Data Quality must be considered throughout the ‘BD&AA’ Life cycle
Security: Firms must be aware of new Attack Techniques and ensure that Governance Arrangements and Technical Infrastructure facilitate effective Information and Communications Technology Risk Management
Consumer Protection: Any ‘BD&AA’ should respect Consumers’ Rights and Interests, with Consumers entitled to file a complaint and receive a response in plain English

Firms conducting ‘BD&AA’ activities should review and assess this Report, with input from Information Technology, Operations, Risk and Compliance, Change Management and Internal Audit Functions, ensuring that updates are made to Policies, Procedures and Processes and Business Models in accordance with Internal Governance Procedures, reflecting incorporating changes into their development, implementation, and adoption processes.

Senior Management/Executive Teams, Board Members, Risk/Compliance and Audit Committees should be appraised and maintain oversight.

Firms may wish to review existing controls and procedures to ensure that Data-Driven Initiatives are in alignment with the ‘Four Pillars’ identified by the EBA – e.g. Ensuring that Governance Structures effectively support the responsible use of Big Data, Machine Learning, and Advanced Analytics.

The Report signals a desire from the EBA to achieve a co-ordinated response across Supervisory Agencies. Firms should closely monitor future developments in this space.

Further information:
To read more, please follow this link:
https://www.europeanpaymentscouncil.eu/sites/default/files/kb/file/2019-12/EPC302-19%20v1.0%202019%20Payments%20Threats%20and%20Fraud%20Trends%20Report.pdf