Building a data-driven future through trust, governance and defence

TBK: Episode 33

This episode features an interview with Mayank Goel, VP of Financial Crimes Compliance, Data Management and Governance at MUFG. MUFG is one of the world’s leading financial groups, with over 360 years of history and a global network.

As a data governance risk manager, Mayank works in a second line of defence to mitigate risks and solve data problems. With over 13 years in the industry, he can make data tell a story that helps clients make decisions.

In this episode, Mayank describes the three-line defence model for bank risk. He also emphasises the importance of trusting data, defining policies and procedures, and knowing your business objectives.

Headshot of Mayank Goel, VP of Financial Crimes Compliance, Data Management and Governance at MUFG

About the guest

Mayank is an MUFG VP and Data Governance risk manager with over 13 years of experience in bank risk management. He currently works in a second line of defence Financial Crimes Compliance risk management function at MUFG Bank. Before joining MUFG Bank in 2017, Mayank was a Data & Analytics (Financial Services Office) Manager at EY, where he worked with large US and European banks. He has extensive experience working with businesses to mitigate risks and solve complex data problems.


“Most banks operate under the three line of defence model. The first line is, generally, what people know as the business or the revenue producing side. The people who make sales and services and interact with our customers on a day-to-day basis. They produce the data the rest of the bank generally uses for their work. The second line is the independent risk management function, consists of various risk disciplines, such as credit risk, market risk, financial crime risk, and so on. Both first and second line generally roll up to the chief executive. The second line provides the policies and procedures framework under which the business is expected to operate under. The third line, which is internal audit, is independent. It provides independent oversight to the first and second line, and generally reports directly to the board. As you can imagine, it’s a human and regulated industry. All this is a very formally documented and understood governance structure with each line playing their own role and having their own set of responsibilities.”

“Trusting data is probably the most important thing that we have worked towards. If you don’t trust the data that you are using, you’re not gonna be able to trust the analysis, defend our decisions, and satisfy our mandates that we have. Trust in data is, in fact, the most important.”

“I’d say in my experience, essential components would be having documented and agreed upon policies and procedures. That includes frameworks for establishing accountability, consequence management, pros and responsibilities, having ways to escalate matters as needed. Second would be well-defined business objectives, with the right messaging from the key stakeholders as to why they need governance or why they feel governance is important. The third would be having ways and means to measure and monitor your data quality, and then putting the right set of controls, then going back to the previous question around establishing that trust in data and then making it fit for purpose. And last, I’d say is the change management aspect. How you keep up with the changes in your infrastructure, in your piping of the data and then making sure it’s always trustworthy. I’d say those could be the four most important things.”

“One way to think about the BCBS framework of aggregation and reporting in banking is: you have a data production layer, right? People who originate a loan for a customer. Then you have your aggregation systems such as your warehouses, or maybe a data lake, where you bring everything together. Then you pick what you need and transform it in various ways. Then you make it relevant for any sort of reporting and consumption based decision that happened in that consumption layer. So, in a risk-based approach, each of these layers has controls that they’re responsible for implementing and that are relevant for them.”

“The subjective measure of success, in my opinion, is things such as, ‘Were you able to improve your data culture? How successful were you in bringing along the key stakeholders? To close off the project or to get a win.’”

“Who do I need to bring along for this journey and how do I bring them along? Knowing who you need, and then secondly, knowing what they need. Knowing their problems and then tying them to your objectives.”

“Overcommunicate. Don’t make assumptions of what you said, and what the other side understood. Be very transparent and open. Just lots of deep breathing when things are going wrong. And then try to keep yourself calm and if you do yoga, maybe do that, or whatever keeps you calm… You try and control what you can control.”

“In my early career, I was quite hesitant to learnt about the audit world. I fought a lot to not be part of the world. But everything I do today has some foundations in what I learnt in my early career. And I think it’s made me quite successful because of that. So don’t be afraid of doing something that you have very little idaea of.”

Time stamps

[01:17] Mayank’s start in data
[03:06] Mayank’s role at MUFG
[03:33] The three line defence model
[05:01] Breaking down financial crimes
[06:03] The importance of trusting data
[06:31] Essential components of governance
[08:10] Where self-service is heading
[09:31] What is the BCBS framework?
[11:45] Obstacles to becoming more data-driven
[14:08] How to prioritise data projects
[15:12] How Mayank measures success
[19:26] Handling pressure when stakes are high
[21:22] Mayank’s career advice
[23:12] Staying on top of your game


Connect with Mayank on LinkedIn | Cheque out MUFG

Connect with Faisal on LinkedIn

← Previous episode | Next episode →

Related articles