Can citizen data scientists improve risk management?


The rise of citizen data scientists—business users who are able to do at least some of their own analytics—has been touted as many things. Some have suggested that it is a very good way to address shortages of dedicated data scientists. Others, more cynically, have suggested that it is simply a business reaction to this issue, because business users cannot wait until the few data scientists available have time to turn their attention to the problem.

I see it as partly a response to the shortage of data scientists, but also a reaction to the increasing availability of really good self-service analytics tools. In other words, this was a role waiting to happen, but was not possible until suitable tools arrived.

But has the reaction been the same across all sectors? Or are some sectors ahead of, or behind, the game? And do some sectors face unique risks that mean that they are either more likely or much less likely to embrace the role of citizen data scientists and the use of self-service analytics?

risk management

Finance and risk

The financial sector is in some ways extremely risk-averse, especially with recent changes to regulation following the financial crisis. A shortage of credit has resulted, reportedly especially for particular groups: younger and self-employed people, or new businesses. This conservatism has also been reflected in the slow take-up of technology to provide banking and financial services. It seems likely that without new fintechs threatening the market, the banks would not even have moved as far as they have.

Many have cited the risk to consumer data of electronic banking services and the like. The arrival of the General Data Protection Regulation (GDPR) POPI in South Africa is unlikely to make anyone less risk-averse.

However, there is another issue: the increasing need for decisions to be evidence-based and transparent to be compliant with regulations. In practice, this seems likely to mean a rise in the number of so-called citizen data scientists working in banks and financial institutions, and the increasing use of self-service analytics packages to support decision-making about credit and other financial issues.

The implications of GDPR

This raises some interesting questions. Data science naturally pushes organisations towards collecting more data, and then trying to extract insights from it. Indeed, many insights have emerged from data that was previously regarded as innocuous or even useless. Data protection legislation, on the other hand, tends to push organisations away from data collection. Instead, it emphasizes the importance of collecting and holding data only when necessary, and only for defined purposes for which consent has been given. Organisations also need to understand exactly what information they are holding, and where.

In other words, the purposes of data science and data protection are in direct opposition. While this does not necessarily mean that there will be a clash, it does mean that financial organisations will need to think carefully about the use of self-service analytics, and how to build compliance into processes and culture.

In the first place, GDPR is likely to bring a new dimension to the concept of knowing your data. Business users, who are often the primary data owners, and may now also be the primary data users, will need to understand the GDPR implications of holding and using personal information. Organisations that fail to get this right—which, to my mind, means embedded in the culture—risk hefty fines for non-compliance.

Organisations will also need to understand what their own staff and others may be able to do with data. There have, for example, been some serious issues around anonymised data that could be de-anonymised, at least to a certain extent, using data science tools. Personal data can therefore be inferred using data science, and its boundaries are not as clear as might be ideal. Again, this means that users need to understand the requirements of GDPR, and be responsible for their own data governance as well as analytics.

None of this is easy. But to my mind, the risks of not adopting self-service analytics far outweigh the risks of increasing the number of people handling data. The key is to get the culture right: business users need to understand the implications of what they are doing, both for the business, and for its ability to comply with regulations. Only then can the risks of self-service analytics in financial services be fully managed, and organisations gain the full benefits.

Learn more

The risk and compliance agenda is more crowded than ever. Financial institutions continue to feel pressure from regulators, auditors, boards and investors to manage risk more proactively and comprehensively. Model risk governance is becoming more and more critical. As a result, financial institutions must operate their risk and finance functions in a more unified, cost-conscious and transparent manner that requires tighter organizational integration and more informed reporting.

Register now for the 2017 SAS EMEA Risk Executive Forum, where you’ll hear from industry experts about how these trends and changes will affect financial organizations, and from your peers about the lessons they have learned during the implementation of key risk initiatives.


About Author

Colin Hill

Colin is a reputable banking professional with 25 years of valuable working experience in internal audits, credit, fraud and operational risk management environments. He enjoys being in front of people at all levels of an organization, assisting them to solve their business problems and spreading useful knowledge concerning risk management, fraud detection and fraud management. Being a confident communicator he has made numerous contributions to national and international publications and appeared on television and radio. He has made integral contributions to organisations by conducting accurate audits using innovative strategies and implementing SAS Enterprise GRC and OpRisk Solutions systems. He has provided a range of consultation services to diverse organisations and subsidiaries, and has performed due diligence for a variety of businesses in Africa.

Leave A Reply

Back to Top