It is a foggy morning in Bologna, Italy as I awake after a 24-hour marathon trip from New York to Milano by plane, and Milano Malpensa to Bologna by train. The weather here in Italy is unseasonably warm and humid and the Italians are caught by surprise. My hotel overlooks the train station where I watch Italians dressed in down winter coats exit on a balmy 71F October Saturday searching for a crosswalk, a taxi, the bus. It is an irony I am reflecting on as I read about another irony half a world away, where the newspapers in America report this morning that JP Morgan Chase has agreed to pay a $5.1 billion fine to to th FHFA for mortgage fraud during the credit crisis. This comes just a week after the same bank agreed to pay the SEC $13 billion for mortgage securities fraud.
You might wonder why I find these news reports ironic and I will tell you that the irony here is that in 2008, JPMC acquired Washington Mutual and Bear Stearns, both of whom had mortgage units. WaMu was a member of the IBM Data Governance Council and had a Data Governance program. JPMC created a new Data Governance program shortly after the Bear Stearns acquisition to handle bad loan origination data. Both programs had well defined strategic objectives, Data Governance Councils, funding mandates, and were deemed successful at the time. Yet neither program obviously prevented the business misdeeds government prosecutors discovered in subsequent audits.
Why? Because Data Governance Councils solve business problems in data without knowing how the business uses data in the first place. And if you don’t know the context for how the data is used, improving the content only makes misdeeds more effective. Many people in data management assume that business leaders seek the best interests of customers, shareholders, and employees. But continuing press accounts of leadership fraud, embezzlement, and even racketeering in many aspects of American life seem to demonstrate that leaders in many spheres seek their self-interest above others, and its time that effective Data Governance programs take account of human nature in modern life. You can hide misdeeds in data if no one is reporting the data to those who take an interest in finding misdeeds.
I believe that Data Governance programs should be statutory. Every public company should be required, by law, to have a Chief Data Officer, whose role is independent and accountable directly to the Board of Directors, who represent shareholders. The Chief Data Officer should be accountable for the compliance with all Data Regulations – Quality, Privacy, Security, and (a new one) Integrity. Data Integrity means that the data represents the integrity of the firm – that the company complies with all public regulatory expectations. Data Integrity should be validated by the Open publishing of company data in common Open Formats for public review by regulators, universities, public watchdogs, and other firms. Public firms, who are owned by shareholders, and trade in public exchanges should demonstrate their Integrity through transparency and Open Data publishing.
Since Enron, we have learned that we can’t trust financial auditor firms to discover evidence of fraud in financial audits. Internal audits also seem unable to discover fraud and abuse. In fact, most banks are far better at discovering customer fraud than in identifying leadership fraud. It is human nature to commit crimes when no one is looking and regulatory threats of jail time seem to be toothless since firms can commit crimes and get off with large fines and no criminal penalties.
In an age in which cities, states, and other public entities are increasingly publishing their operational data in Open Data formats, we should insist that all publically traded firms be required, under law, to publish all their operational data (excluding trade secrets, patents, and business strategies) to the public in Open Data formats for rigorous scrutiny.
It is time to hold the Chief Data Officer accountable for the reporting of Open Data to the public so that the public can trust the Integrity of the company and its statements. Without Accountability, Transparency is just posturing. Without Transparency, Accountability is unobtainable. With both, Data Governance can achieve its potential of improving trustworthy business operations articulated in trustworthy data.
Congress should consider new legislation requiring public firms to have independent and accountable Chief Data Officers, an inventory of Data Assets, and live reporting of operational data to Open Data repositories for public review and scrutiny.
If we fail to learn this lesson, and regulate Data Governance, I predict more ironic Data Governance failures reported via regulatory fines in the future.