We oversee about 20 % of the world’s investable assets, with over a million customers and $52 trillion in assets under custody. This presents a tremendous opportunity to leverage that content, both to help our customers run their companies better and to improve our own operations.

The foundation for this is ensuring we have a strong data strategy and governance in place. All our ambitions, whether driving more efficient operating models or enhancing intelligence with AI, start with knowing the truth. That means having authoritative data sources, implementing solid data governance, and applying a privacy and ethics overlay.

Once these foundations are set, we can fully utilize technological advancements to create better operating models for both ourselves and our customers.

We serve a diverse range of customers, each with unique priorities. Some highly value our commitment to on-premise resiliency, while others seek the scalability of the cloud. To meet these varying needs, we have strategically designed our platforms and practices to align with where our customers want us to be.

That said, we recognize that many new products and services are emerging as cloud-first or cloud-only. In such cases, particularly when working with major vendors and large language models (LLMs), our focus has been on sandboxed models. These ensure we maintain full control over our data assets, regardless of the vendor. These sandboxes play a crucial role in our operating model and our approach moving forward.

It will always be a work in progress. We focused on the modern implementation of our value system in technology.

How do you rethink security? How do you rethink trust, truth, data ethics, privacy? What muscles do you need to develop to understand how data propagates and how data is held in LLMs and other AI technologies? How do you overlay your value system on top of that?

So you continue to move at pace without compromising the outcomes you’re trying to drive and the trust of your customers.

Governance is like bureaucracy. A lot of us grew up seeing it as something we don’t naturally gravitate toward. It’s not something we want more of. But we take a different view, governance is enabling.

I’m responsible for data governance at Bank of New York. We operate in a hundred jurisdictions, with regulators and customers around the world. Our most vital equation is the trust we build with the world around us, and governance is what ensures we uphold that trust.

Relationships are our top priority. What does that mean in practice? It means understanding what data can be used for, whose data it is, where it should reside, and when it needs to be obfuscated. It means ensuring data security. What happens to data at rest? What about data in motion? How are entitlements managed?

It’s about defining a single source of truth, maintaining data quality, and managing data incidents. All of that is governance.

When we get governance right, we can fine-tune it to deliver the best possible outcomes in the most optimized way. For me and for our company, governance is a foundational capability. Do it right. Check it often. But never compromise, because that’s how we ensure better outcomes.

We’ve made mistakes, backtracked, and refined our approach. We believe we have one of the many right answers. Our perspective is that certain data sets and governance routines must be centralized. If you think about entitlements in your company — Who is going to manage permissions for your website? Or consider authoritative data sets like customer master, price master, and product master — these foundational elements are critical to running the company. Centralizing them is the only way to truly establish a single source of truth for both your organization and your customers.

That said, we also have eight different business divisions, each with deep customer relationships, extensive product catalogs, and a global reach. We needed to ensure they had the capabilities to run their businesses effectively while maintaining strong data governance at the edge.

Our approach follows a hub-and-spoke model. We have a strong central team managing enterprise assets, but we’ve also appointed divisional data officers in each line of business to oversee local data sets that drive their specific operations. These divisional data officers report to the enterprise data office. However, they also have the autonomy to support their business units in a decentralized manner.

We’ve built our AI practice in the same way — build a platform once, build it right, evolve it quickly, but do it centrally. Invest once, then train and empower people in the business to leverage prompt engineering and drive outcomes where they operate.