view in browser
Data Integrity: The 'Movable' Pillar of Discovery and Substantiation

Dangelo, Mark
(Mark Dangelo is managing principal and creator of Innovative Relevance® (www.Innovative-Relevance.com), including books, industry reports and articles. He is a known as a strategic management consultant, outsourcing advisor and analytics specialist with extensive process, technology and financial results. He is a frequent contributor to MBA NewsLink. He can be reached at m_dangelo@innovative-relevance.com or at 440/725-9402.)

Integrity: a character-defining word that ranks with ethics, morals and principles. Its denotation affirms exceptional personal conduct, while its business implications suggest repeat customers, market status and brand durability. 

More to the point, who can argue with the need for integrity, authentication and chain of custody when it comes to financial and personal data that must be examined under scrutiny, forensics (e.g., fraud, transactional) or penalty of law? 

Whereas integrity principles are accepted as beneficial, it is in the achievement of these goals where money is lost and legal cases won--or lost. There are cascading and hidden risks within, which are only surfaced when misfortune (e.g., delinquencies, foreclosures, class-actions, securitization failures) is internally recognized. 

Yet, for many individuals and organizations, the realization of integrity for data is something more mysterious. It is commonly pushed deep into the enterprise--to the technologists in the back office. Data integrity has little relevancy or correlation with today’s corporate strategies, operations, quality conformance, and profits. Right? 

Fallacy and Reality
It seems every five to seven years, industry specialists and business leaders declare victory over the “Hydra” of data integrity--classically defined as having three components of entity, referential and domain. With “victory” achieved, the organization and its focus shifts to the next problem or market challenge vexing its bottom line. Data integrity requirements and regulatory mandates (e.g., business rules, data life-cycle, fail-safe controls) fade into the realm of IT myth and folklore.

However, with the steady advancement of technologies and practices (e.g., guaranteeing of data integrity in public cloud computing environments), the acceptance of demise for data integrity requirements creates false security--and lurking liabilities. Like the Hydra of mythology, requirements compound and grow back (like the heads of the legendary beast gaining ferocity), becoming a menace to operational sustainability and business viability. 

With litigation and due diligence surrounding data elementals of handling, storage, authenticity, durability, touchpoints and isolation on the rise, it appears that Hydra of integrity has found new life.  Some common data integrity misconceptions are frequently voiced as:

• “Since our organization has structured application systems for our finance and mortgage group operations, isn’t it a given that we have the data integrity we are required to have for regulatory compliance?”

• “We have standards for data entry fields, so why should we be concerned about the elements within the data repositories, marts, applications and storage farms? Isn’t data integrity really just about standards and field capture?”

• “Data integrity is only about old application systems and approaches (e.g., flat files, VSAM, spreadsheets, point-based systems). We have a commercial database and have spent years creating robust functionality in our origination and servicing systems. Data integrity was taken care of years ago in our organization. Sounds like much ado about nothing--like the IT department looking for a budget increase.”

Some of you reading this are probably just about ready to find another article that is more “edgy” or “important” to your organization. Some would argue, this topic is old and stale and has very little to do with three-plus years of housing turmoil and the current challenges facing financial and mortgage group survival? Let’s take a quick look at just a few of the realities documented by various organizations.

• Annual price tag for bad loan data in the U.S. financial markets was as high as 7.3 percent of revenue--QAS Research (a unit of Experian);

• The Federal Deposit Insurance Corp. reported that more than 83 percent of the mortgages they audited contained violations;

• More than 50 percent of data corruption and integrity issues reside outside of technology--IBM, Transforming Enterprise Information Integrity; and

• With more than 90 percent of all records stored electronically (or scanned into electronic formats), the ability to maintain integrity over the life of the financial product (and for compliance) is material.

Moreover, with existing and pending legislation, additional concerns arise for the integrity of historical data stores and for future databases. A very small snippet of these include (depending upon your business and model):

• Consumer financial protection agency and its proposed charter;

• Rule 803(6), U.S. Federal Rules of Evidence (see Info Law Group, Privacy, Security, and Intellectual Property Law, January 29, 2010);

• “Skin-in-the-game” implications of Congressional financial bills (i.e., consequences of “cradle to grave” data life-cycle demands for definition, discovery, and defense); and

• Existing and proposed state-sponsored “breech” legislation--and consequences.

To believe that the guarantee of data integrity has been “met” across financial markets that are redefining rules of operation and conduct is fraught with peril.

A Principle-Driven Data integrity Approach
For experienced enterprise architects, use of principle-driven approaches is familiar--and represents stability and consistency for ever-increasing technological options. Made famous in the IT Paradigm Shift by Don Tapscott and Art Caston, the use of PRI (i.e., principle, rationale and implication) architectural framework has gained global acceptance, especially with deployment of specialized technologies, layered outsourcing arrangements and application compartmentalization. 

With estimates currently ranging from 4 percent to 9 percent of an IT budget directly or indirectly being consumed by information discovery, due diligence and defense, the life-cycle challenge of data integrity cannot be left to chance. 

Table 1 provides an illustrative example for IT and business leaders of the granular and interdependent PRIs, which are needed for the next decade. So before you purchase the next origination system, sign up with a servicer or restart private securitization efforts, ask yourself, “How are we addressing these areas, at what cost, and with what exposure?”

After reviewing this lengthy table, some will ask, “Where’s the technology? Where are the explicit standards?” How can you have data integrity architecture without solutions?” 

If we could add additional columns to the right, we would then add in the technology and discrete solution sets needed to deliver the principle-driven architecture that has been rationalized with its interdependencies. So far, we’ve aligned organizational need, identified processes, and touched on the need for personnel and skills.

Perhaps questions that make more sense for business personnel using this approach include, “What technologies are required to satisfy the business needs and operational requirements (inherent in the business and operational needs of the first three columns)? What solutions best fit our ‘As-Is,’ ‘To-Be’ and gap implementation programs of work for minimal capital costs and maximum return ensuring data integrity rigor/discipline?”

So yes, data technology and standards are very important--but only after the operating parameters have been articulated and approved. They will vary for nearly every financial mortgage group driven by their management team, markets and current challenges. The interesting aspect of this proven approach is that once defined and maintained, it works in concert with numerous development or provisioning methods, applications needed, or outsourcer selected. 

In summary, data integrity principles outlast technologies, promote non-linear decision making and “hold up” under the scrutiny of review. For business leaders signing the checks of new solutions, it gives tremendous business case justification to “why IT does matter.” And, when it comes to legal and regulatory challenges, preparation and anticipation are always cheaper than intrusive discovery and evidence gathering.

Challenges Within Cloud Computing, Virtual Data Provisioning
Last but not least are data integrity challenges materializing within cloud solution sets. Since cloud computing and associated data storage options are one of the fastest-growing offerings (e.g., Amazon, IBM, Dell), we cannot neglect the evolving issues of data integrity within the clouds. (For an extensive discussion of cloud computing challenges and deployments, see The Alchemy of Creating Intelligence in ‘The Cloud’, by Mark Dangelo, October 2009). 

Data routing and storage within the cloud are among leading concerns facing publicly provisioned cloud computing environments. As data are routed via a host of third-party and country-controlled telecommunication services, it can be exposed to fraud, corruption, sequencing challenges and of course, privacy constraints. 

Additionally, given the types of interfaces and security mechanisms deployed across disparate computing platforms, the ability to introduce error and fraud has also increased when the flexibility of “pay-as-you-go” cloud computing is added. Bottom line, there are exceptional benefits and values with cloud computing--but for today, organizations must consider exposure, risks and consequences before placing mission critical or financial transactions over them.

The good news is that there are standards and practices that are being developed, which should be mentioned. These include multiple standards from Object Management Group, Storage Network Industry Association, Organization for the Advancement of Structured Information Standards and many others (for a comprehensive list see http://cloud-standards.org/wiki/index.php?title=Main_Page).

* * * * * * * *

As you can see, data integrity is a complex discussion that incorporates many horizontal and vertical disciplines in mortgage groups, within computer science, auditing and legal professions. The final question to be asked is “How do I know if my organization has a data integrity problem?”  Well, if this is the first time you have asked that question for your enterprise…

For additional information and discussion on data integrity, please attend the How Much Is Data Integrity Costing You? session on April 26, 3:00 p.m. CT, at the Mortgage Bankers Association’s National Technology in Mortgage Banking Conference & Expo. For a complete list of session panelists and topic discussions, click http://events.mortgagebankers.org/tech2010/default.html.

(The views expressed in this article do not necessarily reflect the views or policies of the Mortgage Bankers Association. MBA NewsLink welcomes your contributions; articles or inquiries should be submitted to Mike Sorohan, editor, at msorohan@mortgagebankers.org.)