BANKING ON IG
Matthew Bernstein is the founder of MC Bernstein Data. The company helps organizations meet the significant and increasing IG risks they face by changing the way systems and people manage information. They employ a proprietary Information Governance Operating Framework to efficiently assess and remediate IG risks. Their “Information Management as a Service” enables firms to meet their IG objectives by implementing the necessary capabilities without building resources and operations.
IGWorld: Where did you grow up and go to school?
I grew up in Forest Hills, Queens, in New York City, and went to the local public schools. It was a great place to live; a combination of city and suburb. Things got more interesting when I went to Stuyvesant High School and then to Harvard, both of which attract some very smart people. One of my college classmates won the Nobel Prize in Physics for his work on the origins of the universe!
When and why did you become interested in IG?
About twenty years ago I was asked to develop a “system” for consolidating and analyzing investment information for Deutsche Bank’s “opportunistic real estate” investment funds business. The investments were very diverse and there was very little available technology to support the industry, so I wound up both defining our standards and leading our IT development. Subsequently, I led similar efforts for all of Deutsche Asset Management’s institutional business, which was about €400 billion of assets.
Then, in the midst of Deutsche Bank’s most difficult period of regulatory investigations, the COO asked me to address Deutsche’s IG challenges at the enterprise-wide level. That led to my last position with the Bank, where I established and built the global Group Information and Records Management function, covering Records Management, Archiving, and eDiscovery Operations.
This was both the retention of data—including electronic communications and voice, unstructured, and application data—and data retrieval operations for legal and regulatory inquiries. Together with the Bank’s CISO and CDO, I was responsible for IG for an enterprise with more than 100,000 people in over 60 countries in multiple businesses. The progress we made in creating an enterprise-wide operating model that addressed the Bank’s issues was very satisfying.
What developments have you seen in the IG space and what trends do you see emerging?
I think there are two developments that are “trending” and will come to dominate concerns and efforts in Information Governance: a) Data Privacy and b) the rise of the Chief Data Officer.
The head of Records Management at a large bank said to me, “GDPR is the best thing that ever happened to records management,” because it forces companies to engage in IG efforts more broadly and deeply. I understand that perspective, but I’d go further. I think the increased profile of data privacy—now a concern of consumers, regulators, and politicians—will force a fundamental change in expectations of how well companies govern and manage their information.
Managing data privacy issues relates directly to the other trend: as companies are more and more reliant on finding value in their data, and CDO activities proliferate, conflicts between exploiting data and misusing data will arise quickly and pervasively. Effective IG will require the IG professional to work more closely with CDOs, otherwise “business value” drivers will overcome good governance. I think the IG challenge for the 2020s will be enabling the aggregating, manipulating, and analyzing of information, while complying with the letter and spirit of burgeoning world-wide privacy rules.
What are the biggest challenges that companies face when embarking on an information governance program?
There are a lot of good ideas out there already about embarking on an IG program. But, from years of managing operations functions in companies small and large, I think more attention should be paid to building and assuring “sustainable performance.” I see many IG programs launched as “spot solutions,” in response to a problem arising from a business deviating from good IG practices (sometimes because no good “practices” were ever established!). But, after things are ‘cleaned up,’ how do organizations stay in compliance, as people, processes, and technology environments continue to evolve, change, and diverge?
Building “Information Governance” concerns into a company’s “operating model” is as important as incorporating other operating risk issues, such as cybersecurity and business continuity, if a company is to avoid repeat failures. And new kinds of IG knowledge are needed to successfully grapple with diverse data types, sources, and repositories. So the challenge, both for starting and sustaining an IG program, is the breadth of enterprise knowledge and expertise required.
Tell us about your new entrepreneurial venture. What was your primary motivation in founding MC Bernstein Data?
In leading the IG strategy and operations functions at Deutsche Bank, I saw that an integrated enterprise view was necessary and lacking. And I came to realize that this is true for many organizations: responsibilities are fragmented, regulatory intelligence and governance are not a core competency, data is widely distributed, policy communications and controls are inconsistent, and business units are left to fend for themselves.
I saw an opportunity in the market to offer guidance that would incorporate the broad range of expertise necessary to address these diverse issues and create sustainable performance. So, our Assessment and Remediation offerings account for the necessary integration of multiple disciplines, across governance, process, and technology. In addition, many companies prefer not to build out non-core functions, but rather to obtain those on a contract basis. Our Information Management as a Service offering provides resources and expertise to develop and run records and personal data information governance—drawing on our operational experience—and avoid significant infrastructure and operational investments.
What are your firm’s competitive advantages?
Firstly, experience: the senior members of our team have all held senior management positions in information governance operations functions in global financial services businesses. Secondly, we provide a single point of service for governance, technology, and process expertise. And lastly, we provide sophisticated and efficient assessments, remediation recommendations and strategy, and the services to maintain compliance. For example, Lynn Molfetta, who leads our Information Management as a Service offering, was the Global Head of Records Management at Citigroup and then Deutsche Bank and provided services to multiple business lines and operating functions in jurisdictions across the world.
We focus on process maturity, rather than on “outcome” maturity; we know what capabilities are required to deliver the desired long-term results. Our proprietary Information Governance Operating Framework enables us to efficiently assess an organization’s current processes, succinctly describe the current state of information governance risk and business objectives, and then work with management to determine and deliver the desired objectives – whether with internal or external resources.
What are the biggest threats and opportunities?
Massive amounts of available data, commoditized IT infrastructure (storage and compute), and presumed value to be extracted create incentives to keep, store, and process everything, yet the risks associated with not governing this data are growing. Companies are more and more reliant on finding value in their data, while at the same time the public, regulators, and politicians are increasing their scrutiny of how companies use consumers’ data.
What are you most optimistic or concerned about?
I think companies should be much more concerned about the increasing IG risks resulting from the proliferation of “external data.” We see this in acquisitions and divestitures, service providers, “SaaS,” social media, cloud computing, “Bring Your Own Device,” and collaboration tools. I was recently advising a client who provides an exciting new employee feedback tool, delivered as a Slack channel, and hosted on Google Cloud. This raises some interesting challenges around information lifecycle management and privacy.
I’m optimistic about advances in technology that support IG. “Data discovery” tools increasingly enable us to “search, not sort,” tackle the myriad types of unstructured data, and move more quickly than data catalogue development projects allow. “Regulatory intelligence” tools support a knowledge base of retention and privacy requirements, align those to business units, and efficiently distribute this information to systems and business units.
Finally, what hobby or special skill do you have that might surprise your colleagues?
I collect 19th-century photography; images from the “invention” of photography in 1839 until the turn of the 20th century. I find these pictures fascinating because people were trying to understand what this new medium was intended for—art, documentation, journalism? While at the same time, its use was exploding. When you look at the great images of classic photographers from the mid-20th century, say Edward Weston, you know they were intending to create art. But what was Peter Henry Emerson intending when he took his very beautiful photos of fishermen and farmers in Norfolk in the 1880s? There’s a lot to look at and think about.