Why the ‘Data Offense, Data Defense’ Distinction is Outdated

Has the ‘data offense, data defense’ distinction run its course? Panelists at this year’s Data Champions Online Financial Services Europe event argued for a more holistic approach to balancing risk and compliance with data-driven innovation

The concepts of ‘data offense’ and ‘data defense’ have played a key role in shaping conversations around data strategy for decades.

As Harvard Business Review reported in 2017, ‘data defense’ is the data management and governance processes many financial institutions first put in place in the wake of the Global Financial Crash. Meanwhile, ‘data offense’ is any initiative that seeks to apply data to drive value for an organization.

This distinction made sense in the early days of data, before using data to generate revenue was commonplace. But as the industry leaders on a panel exploring the topic at this year’s Data Champions Online Financial Services Europe summit agreed, things are very different today.

“I personally think we need to stop separating out ‘defensive’ and ‘offensive’,” said Andrea Smith, Head of EMEA Data Strategy at investment banking company BNY Mellon. “I think we need to appreciate that data is at the heart of everything we do.”

“We need to think about them together and think about protecting the bank as well as enabling it to grow and to digitalize”

Andrea Smith, Head of EMEA Data Strategy, BNY Mellon

“As a regulated bank, and probably in line with other banks, we started our journey with BCBS 329,” added Gurpit Singh, Director of Group Data Strategy at Credit Suisse. “That’s where the journey started – with much more focus on what were traditionally called ‘defensive’ activities.”

“In the last two or three years, we started focusing on, ‘How do we use that foundation to actually make impact?’” he continued. “We have got to stop differentiating between defense and offense.”

Digitization is Creating New Defensive Challenges

COVID-19 has highlighted the need for rapid data-driven innovation capabilities in the financial services sector. Lengthy approval process for things like getting access to data sources make this data-driven innovation impossible.

In 2020, firms have achieved things in months that would have taken years under normal circumstances. But as Singh noted, this has only been possible for firms that had already invested in defensive initiatives to put the right data foundations in place.

“You need to be able to experiment and fail fast,” Singh said. “It’s all about making data easily available – making it secure and governed but, at the same time, providing that flexibility so people can use it for rapid prototyping.”

“People are saying these few months have done more for their organizations than years and billions spent on transformation products”

Javier Campos, Head of Data Labs UK&I and EMEA, Experian

Javier Campos, Head of Data Labs UK&I and EMEA at credit reporting firm Experian, agreed that the push to digitize services in 2020 has created opportunities for firms to be more efficient, expand digital services or processes and create new products.

However, he cautioned that enterprises must always have an eye on what has historically been called data defense when experimenting and innovating with new capabilities.

“With great power comes responsibility,” he said. “Because there is so much data, fraud, for example, has also spiked.”

Campos warned that Experian has seen huge growth in synthetic datasets this year. For example, criminals are becoming adept at collecting stolen personal data bit-by-bit to avoid detection.

“They create these things called ‘Frankenstein profiles’,” he explained. “Each individual piece of data is real. But the overall profile is a synthetic, Frankenstein dataset.”

“COVID-19 has increased that risk because, obviously, so many more people are working from home,” Smith added. "That’s why the data strategy and security and privacy and all those things really need to be embedded into [business] processes.”

A Holistic Approach to Data-Driven Innovation

Data-driven innovation may be pervasive in the financial services sector. But our panelists agreed that projects geared toward innovation must keep data management and governance in mind from the outset to be successful.

“It’s very important to have innovation and compliance working very closely from the beginning,” Campos noted. “As technology moves ahead (and especially AI), what happens is, the technology goes quicker than the regulations. So, there is a gap.”

On top of the security challenges that come with increased data collection, cloud migration and digitization, enterprises are finding they must continually update their processes to handle higher volumes of data.

“We are trying to automate as much as possible the work that you need to do to control and govern data”

Gurpit Singh, Director of Group Data Strategy, Credit Suisse

Singh said the key to doing all of this is 1) having the right organizational structures in place and 2) ensuring the manual processes data teams must perform to ensure data is controlled and governed aren’t overbearing.

“Even from the beginning, we always structured ourselves looking at both [offense and defense],” he said. “We said we’re going to focus on five capabilities: cloud data governance, quality, security, architecture and also analytics and uses.”

“We are trying to automate as much as possible the work that you need to do to control and govern data,” he added. “[For example], is there a way we can start harvesting that data we currently have on our on-premises systems [and] catalog that automatically?”

Smith agreed that having the right organizational structures in place to facilitate collaboration between data teams and business units is key.

“A lot of the regulations are not very explicit in terms of what you must do to comply,” she explained. “You need to understand the business processes and how the data fits into the business processes to ensure that you look at the two things together.”

For these reasons, data offense should never be considered independently from data defense. The two are fundamentally intertwined. As such, responsible data-driven innovation requires a holistic approach that considers both disciplines in tandem.

This is an exclusive dispatch from Corinium's 2020 Data Champions Online Financial Services Europe virtual summit. For even more insights from Europe's top financial services data and analytics leaders, click here now and access the sessions on-demand.