As financial institutions become increasingly data‑driven and reliant on artificial intelligence (AI), the consequences of poor data quality and weak governance are no longer confined to IT. Data failures now affect strategic decision‑making, regulatory credibility, operational resilience and senior accountability, making data risk a clear board‑level concern.
In their article Data risk: a strategic enterprise challenge that requires a holistic board‑level offensive, published in the Journal of Financial Services, Scott Beange and James Halcomb argue that data risk has evolved into a core enterprise risk. As AI adoption accelerates across financial services, weaknesses in data quality, data integrity and data governance increasingly translate into business‑critical exposure, rather than isolated technical issues.
Data risk is no longer limited to system outages or missing records. The authors frame it as an enterprise‑wide risk that directly shapes decision quality, regulatory standing, organisational resilience and personal accountability for senior leaders. As AI scales across financial institutions, shortcomings in data quality and governance rapidly become business‑critical.
Data risk is the flip side of data quality. Defects, gaps or unavailability in data directly undermine pricing, credit, liquidity, capital and anti‑money laundering decisions across the value chain. The impact extends beyond individual errors to include operational disruption, remediation costs, regulatory enforcement, reputational damage and loss of customer trust.
Crucially, the most severe data failures often occur “in the seams”. Rather than originating within individual systems, they arise where platforms fail to interoperate, manual workarounds proliferate and ownership of data is unclear. These risks are harder to detect and manage using traditional control approaches.
At the same time, personal accountability is intensifying. Frameworks such as GDPR, DORA, NIS2, BCBS 239 and senior manager regimes increasingly link data failures to individual executive responsibility. Data risk is therefore closely tied to leadership accountability and governance.
The authors stress that isolated fixes are insufficient. Sustainable progress requires structured, enterprise‑wide capabilities, supported by recognised frameworks such as DCAM and the Cloud Data Management Capabilities (CDMC), which illustrate what robust governance, control and automation look like in practice.
As AI scales, data risk scales with it. Weak data foundations quickly become enterprise‑wide exposure.
AI risk cannot be separated from data risk. Generative AI amplifies the familiar “garbage in, garbage out” problem, increasing the scale and speed at which poor data can cause harm. Moving towards “gold in, gold out” depends on stronger data foundations, including clearer data structures, shared definitions and reusable data products.
For boards and executive committees, data risk now sits alongside credit, market and operational risk. Leaders need clarity on which datasets are truly critical, who owns them, how they are governed and how failures propagate across products, processes and customer journeys.
The article calls for a holistic, leadership‑led approach to data risk management. This includes identifying critical data, embedding effective governance, investing in automated controls, strengthening resilience and explicitly managing third‑party exposure. Cultural change is essential, shifting from treating data as an IT issue to shared responsibility across business and technology.
As regulatory expectations tighten under DORA, NIS2 and the EU AI Act, tolerance for “good enough” data continues to shrink. Regulators, investors and customers increasingly interpret data failures as signs of weak governance and poor leadership, rather than technical misfortune.
At the same time, AI initiatives depend on trustworthy, well‑governed data. Institutions that treat data risk as a strategic capability are better positioned to scale AI with confidence, while those that do not risk stalled programmes, higher costs and reputational damage.
The Projective Group Institute’s Journal of Financial Services (JoFS) provides structured insights on developments in the European financial sector. Each edition brings together contributions from practitioners, academics and regulatory experts to help readers understand key changes in the industry.
This edition examines how data and Artificial Intelligence are influencing financial services. It looks at how modern analytics and evolving regulations such as GDPR, DORA and the EU AI Act are raising expectations for data quality, governance and oversight. Through concise, thoughtful articles, the edition highlights the practical implications for decision‑making, risk management and operational resilience.
