PODCAST | Western Union, Chief Data Officer: Domestic Data Regulations Create Complex Operating Models

Nick Halsey: Hello, and welcome to CDO Magazine’s Tech Talks. My name is Nick Halsey and, in my day job, I'm the CEO of Okera software that provides secure data access for large enterprises. Today I'm delighted to welcome Tom Mazzaferro as our guest. He's the Chief Data Officer at Western Union. Tom, great to see you.

I'd love to talk a little bit about your history and background and how you wound up CDO at Western Union because you come out of the finance space. You originally started in banking and that's a little bit of an unusual twist on the path to a chief data officer role. So, could you tell us a little bit about your first few years at JPMorgan Chase and how that sort of set you up for this path toward being a data leader?

Tom Mazzaferro: Sure. You're absolutely right. I was educated in finance and accounting and then my first role was at Morgan & Chase. I had a great opportunity to actually be within their corporate strategy team, doing technology strategy, actually, even with my finance and accounting background. At first, I was also a bit surprised with the placement, but it was a great opportunity for me to actually learn about technology, data, and strategy from one of the leading banks in the world. As I grew, I held different roles across operations, or across security, lending, across finance operations and then, I actually landed in the enterprise data warehouse group. We actually managed and drove all the enterprise data warehouse strategy and vision for the future. I was the CFO there. I also supported our enterprise call center technology teams as well as our digital and our mobile app teams.

I also was able to be within our risk department there, helping to lead our BCBS 239 program, and I got a great opportunity to learn operations, technology and banking. It actually helped me have more of a well-rounded background about how to apply data and technology to the business going forward.

Halsey: And did you intentionally try and route yourself into that hybrid role with tech and finance or did this sort of fall into your lap?

Mazzaferro: It's a combination of both. When I came out of university, I thought that I wanted to be a finance and accounting professional throughout my career. But as I started to get involved in some of it, the technology work,  data, and so forth — that's all the direction the industry is going.

It really is something that I truly enjoyed doing when I saw the opportunity for the company and the industry going forward. So, I thought that it'd be great to have the opportunity to learn more about technology and data for the future to actually help my finance and accounting career. But as I got into it, I actually enjoyed it more than my finance and accounting background. I actually started to change my overall track at Morgan & Chase more down the IT route. I had that overall domain background of banking, finance, and accounting that actually helped pull the two different worlds together.

Halsey: And you wound up being the executive director for credit risks for almost a year and a half. Was that perceived purely as sort of a defensive strategy to make sure the bank was protected against credit risk and fraud, or were you also trying to build products to monetize in that area?

Mazzaferro: Within the credit risk division, we actually did quite a few things. Number one is, at that point in time, the Committee on Banking Supervision came out with their credit risk reporting criteria where you have to have full lineage, full data quality and info governance around the data that's being used for your reporting.

So, part of that was a big shift to how we made sure we had  this under control and we provided the right kind of solutions going forward. That's why they asked me to actually take on that role. On top of that, we also had a big focus on our models and our model risk, making sure we had the right kind of controls over what goes into those models and also control over what's being used in the models, and what different algorithms are being used, different logic, and so forth.

Halsey: Yeah, that's fascinating. And, that Basel regulation, which isn't widely known outside of finance, has been widely credited with sort of driving the digital transformation of many banks because of that lineage requirement. How impactful was that to the bank and to the industry?

Mazzaferro: How we did it at Morgan & Chase was we actually used it to set the foundation going forward. We actually looked to modernize our entire platform and our technology stack to support some of these things. And in turn, it actually helped to pull the company forward so that I had better control of the data, of the infrastructure of its platforms, and how it was being used and why it was being used. And it actually helped to drive decisions based upon facts.

I look back on what we put in place there, and I think it was a great stepping stone for Chase overall and helped to move things forward for the bank.

Halsey: And from there you moved over to HSBC. Did they see what you had built at JPMorgan Chase and say “We need that sort of digital platform to run our credit risk and how they operate?”

Mazzaferro: It was a combination of a few things. They had so much information on so many products. How can they best use that information, that database, going forward? A part of that move over to HSBC, from my standpoint, was trying to do two things. One was, how do we take that information that we have on our customers, our products, our transactions, and how do we use it to improve the overall customer experience and our products going forward? Two, how do we improve controls and understand what's happening within the bank, in our overall customer experience? And three, how do we then take that and actually monetize it?

Halsey: HSBC (Hong Kong Shanghai Bank) originated outside of the United States. A very international bank, as  you say — did they have a different approach than JPMorgan chase? I mean, all banks are global, but just given their origin, was there a different perspective or is it a kind of a common framework?

Mazzaferro: It wasn't as common as you would think. At Morgan Chase, we took that opportunity to basically create the new foundation. At HSBC, we actually didn't create that new foundation. We actually weathered through what we had and just improved upon it. Because of the size and scale and complexity of HSBC, we had data across many areas. And in some countries, we were unable to consolidate because of local data, privacy regulations, and laws. So, we had to actually have data stored in different places across the world. And in turn, we couldn't create that overall new foundation because of some of these different data, privacy laws and regulations. Therefore, it was a slightly different approach because we had to make sure we were working compliant with those laws, but also supporting and compliant with the new regulations. 

Halsey: And this is a really important point we should poke into a little bit because more and more of the privacy regulations and data protection goals that are coming out —  the new ones just rolling out in Brazil, for example — require domestic domiciles of data. Does that distributed architecture for data bring to mind strong implications about the best architecture, or does it drive one to more of a cloud strategy where you could move data into different cloud regions, depending on those requests?

Mazzaferro: It's a combination of both. What AWS and GCP have done is, they've obviously had quite a large breadth, and could expand where they had data centers domiciled. The ones here in North America, the ones in South America, now opening up in South Africa, Asia, Europe, and obviously also the Middle East — It has created a great opportunity to leverage that cloud architecture so that you can basically build a framework and that foundation once and basically replicate across the world. That,  in turn, allows us to have the right framework controls in place going forward, but also have the right tools and technology to support our business, our customers and overall products.

That being said, there are also some countries that don't allow those types of providers. So, in that sense, we actually need to look at other alternatives. How can we create our own private cloud environment or our own infrastructure to support that? And then, how do we take those tools and those frameworks and apply that to a more proprietary-based implementation because, based upon those different data privacy laws or domicile laws, we’re required to have it in those countries. But some of those cloud providers, like IE, AWS, and GCP, aren't available in those different regions.

So, these very complex operating models obviously put on a bit of pressure to put it all in place the right way so that from a business standpoint, a product standpoint, a customer standpoint, they feel customers have the same experience no matter where they go in the world. But to do that, the work has to happen with the plumbing behind the scenes.

Halsey: Does that imply that those regulatory differences around the globe mean we're bound to be a multi-cloud and hybrid-cloud and on-prem world for the foreseeable future? Or do you think fine tuning regulations will allow for a more integrated data platforming strategy?

Mazzaferro: In the short term, I definitely foresee the hybrid environment. And it's not just because of regulations. A lot of companies today are still on the journey to modernize. Within Western Union, we're still on that journey. During the next one to three years, I see that continuing. Companies that are global or that operate across multiple countries are going to have to live in this hybrid environment due to some of these data domicile regulations, which makes some of the backend systems on the backend architecture a bit more complex. But in turn, it's crucial to make sure you have the right processes and the right standards, and are delivering the right experience, the right products,  to your customers. 

Halsey: That's fascinating, Tom! In our next segment, let's dig into what that implies in terms of what architectural strategy should be adopted. Perhaps you can share how you're doing that at Western Union. Thanks everyone. I hope you'll come back and join us for segment two of CDO Magazine Tech Talks