Case Study: The CDO's Dilemma: Innovation vs. Governance at NovaCorp

"Everyone wants a data-driven culture until the data tells them something they don't want to hear." -- Ray Zhao, CDO, NovaCorp

Overview

Ray Zhao has been CDO at NovaCorp, a mid-size financial services company, for three years. During that time, he has built a data governance program from scratch: a data catalog covering 80% of organizational data assets, a hybrid stewardship model with departmental data stewards, and a data quality initiative that has reduced critical data errors by 40%. But Ray is now facing a challenge that tests the limits of his authority and the resilience of the governance infrastructure he has built.

NovaCorp's VP of Consumer Lending wants to deploy a new AI-driven credit decisioning model that promises to increase loan approvals by 15% while reducing default rates by 8%. The model uses alternative data sources -- including rent payment history, utility payments, and mobile phone payment patterns -- to assess creditworthiness for applicants with thin credit files. The VP is under intense pressure from the CEO to grow the consumer lending portfolio, and the model is seen as a competitive differentiator.

Ray has concerns. This case study follows the governance dilemma through to resolution.

Skills Applied: - Analyzing CDO authority and organizational constraints - Applying data stewardship models to a real governance challenge - Evaluating the tension between innovation and governance - Using data catalog and lineage frameworks to assess data practices

The Situation

NovaCorp's Data Landscape

NovaCorp is a regional financial services company with $8 billion in assets, 3,200 employees, and approximately 1.2 million customer accounts. Its product lines include consumer lending, mortgage lending, small business lending, and wealth management.

When Ray arrived three years ago, NovaCorp's data landscape was typical: fragmented, undocumented, and inconsistently governed. Each business line maintained its own customer databases. The marketing department had purchased consumer data from three external brokers without informing the compliance team. A legacy mainframe system held 15 years of transaction data with no documented retention policy.

Ray's accomplishments in three years:

  • Data catalog: Documented approximately 340 of NovaCorp's estimated 425 data assets, including classification levels, owners, stewards, and retention policies.
  • Hybrid stewardship model: Established a central Data Governance Office (DGO) of eight people, with data stewards embedded in each of the four business lines.
  • Data quality program: Implemented automated quality checks that reduced critical data errors in the lending pipeline from 3.2% to 1.9%.
  • Access governance: Implemented role-based access controls for the data warehouse, with quarterly access reviews.
  • Retention compliance: Identified and archived or deleted 12 terabytes of data that had exceeded its retention period.

Ray reports to the Chief Risk Officer (CRO), which gives him strong alignment with risk management but limited influence over revenue-generating business decisions.

The New Credit Model

The AI credit decisioning model, called "CreditVision," was developed by NovaCorp's Data Science team in partnership with a fintech vendor, AlterScore. The model uses:

Traditional credit data: Credit bureau scores, payment history, outstanding debt, credit utilization.

Alternative data: Rent payment history (sourced from a data aggregator), utility payment records (sourced from utility companies via API), mobile phone payment history (sourced from telecom providers), and employment tenure data (sourced from a payroll data provider).

Behavioral data: Banking transaction patterns from NovaCorp's own systems -- transaction frequency, spending categories, savings patterns, overdraft frequency.

The promise is significant: CreditVision can assess applicants who have limited traditional credit histories -- including recent immigrants, young adults, and people who have historically relied on cash transactions. For NovaCorp, this opens a market segment that traditional credit scoring misses.

Ray's Concerns

When the CreditVision proposal reached Ray's Data Governance Office for review, three issues emerged:

1. Data lineage gaps. The alternative data sources -- rent, utility, mobile, employment -- had not been cataloged. Ray's team could not trace the data's lineage: Where did the aggregators get the data? Did the consumers whose data was being used consent to its use for credit decisions? Were the data sources accurate and up to date?

2. Fairness risk. Alternative data sources can introduce or amplify bias. Utility payment history, for example, may reflect the quality of housing stock in a neighborhood rather than individual financial responsibility. A tenant in a poorly maintained building with disputed utility charges may appear to be a poor payer -- not because of their behavior but because of their landlord's. Mobile phone payment patterns may disadvantage people who use prepaid phones (disproportionately lower-income and minority consumers).

3. Consent and purpose limitation. When consumers paid their rent, utilities, and phone bills, they consented to those transactions -- not to having their payment patterns analyzed by a financial institution for credit decisions. The data was collected for one purpose and was being repurposed for another. The aggregators may have obtained technical consent through terms-of-service agreements, but the chapter's "consent fiction" framework applies: did consumers genuinely understand that their utility payments would affect their ability to get a loan?

The Confrontation

The Meeting

Ray requested a meeting with Priya Mehta (VP of Consumer Lending), the Data Science team lead, and the AlterScore vendor representative. He presented his three concerns and recommended a 90-day pause to conduct a full data governance review, including:

  • Cataloging all alternative data sources with complete lineage documentation
  • Conducting a fairness audit of the model across demographic groups
  • Reviewing the consent basis for each alternative data source
  • Completing an Algorithmic Impact Assessment (Chapter 28's framework)

Priya's response was direct: "Ray, I appreciate the governance perspective. But we have a CEO-mandated growth target. Every month we delay is a month we're not originating loans in a segment our competitors are already serving. The model has been tested. It performs well. The vendor assures us the data is legally obtained. I need this live in 30 days, not 120."

The AlterScore representative added: "Our data passes through rigorous quality checks. We have signed data use agreements with all our data providers. We've deployed this model at six other financial institutions without issues."

Ray's Dilemma

Ray's authority is advisory-with-escalation. He can recommend a pause, but he cannot unilaterally block the model's deployment. If Priya rejects his recommendation, he can escalate to the CRO -- but escalation is a political act. It signals that Ray doesn't trust the business line's judgment, and it forces the CRO to choose between governance and growth. Ray has used escalation twice before. Both times, the CRO sided with him -- but both times were clear regulatory compliance issues, not the more ambiguous territory of ethical governance.

The Resolution

What Ray Did

Ray proposed a compromise: a phased deployment with governance guardrails.

Phase 1 (30 days): Limited launch. Deploy CreditVision for a limited pilot (one product, one geographic region, 5,000 applications) while the governance review proceeds in parallel. The pilot generates performance data that feeds both the business case and the fairness audit.

Phase 2 (60 days): Governance review completion. Complete the data catalog entries for all alternative data sources. Conduct the fairness audit on pilot data. Review consent basis for each data source. Complete the Algorithmic Impact Assessment.

Phase 3 (90 days): Full deployment decision. Based on the governance review, either approve full deployment, approve with conditions (modifications to the model, additional monitoring, consumer disclosure), or halt deployment pending resolution of identified issues.

Key governance conditions for the pilot: - All alternative data sources entered into the data catalog before any data is ingested - The DataLineageTracker applied to track each data source's origin, transformations, and access - Disaggregated performance monitoring by race, age, gender, and geography - Consumer disclosure: applicants informed that alternative data is used in their credit assessment - Monthly reporting to the Data Governance Office on model performance and fairness metrics

Priya's Response

Priya accepted the compromise. "I can live with a limited pilot if it gets us to market faster than a 90-day hold. But I need the governance review to move at business speed, not academic speed."

Ray agreed. "Governance should enable the business, not obstruct it. But it also needs to protect the business -- and the people whose data we're using. If the fairness audit reveals that CreditVision disadvantages a particular demographic group, that's not just an ethical problem. It's a regulatory risk and a reputational risk. Better to find it in a pilot than in a front-page story."

What the Review Found

The 60-day governance review revealed:

Lineage. One of the four alternative data sources -- the rent payment aggregator -- could not provide adequate documentation of its data collection practices. The aggregator obtained rent payment data from property management software companies, but the terms-of-service agreements between tenants and property managers did not clearly disclose that payment data would be shared with financial institutions. Ray classified this source as "consent-questionable" and recommended its exclusion pending clarification.

Fairness. The fairness audit found that CreditVision performed comparably across racial groups for approval rates, but the utility payment data produced a statistically significant disadvantage for applicants in high-poverty ZIP codes -- a pattern correlated with race and ethnicity. The Data Science team proposed removing utility payment data from the model, which reduced the approval rate uplift from 15% to 11% but eliminated the geographic disparity.

Consent. The payroll data provider and mobile phone data provider had consumer-facing consent mechanisms that were deemed adequate. The utility data provider relied on buried terms-of-service language that Ray's team classified as a consent fiction.

The Decision

CreditVision launched at full scale after 90 days with two modifications: the rent payment data source was excluded pending consent clarification, and the utility payment data was removed from the model. The VP of Consumer Lending achieved an 11% increase in loan approvals -- below the original 15% target but above what traditional credit scoring alone could produce.

"I lost four percentage points," Priya told the CEO. "But I also avoided a fair lending lawsuit and a reputation crisis. I'll take that trade."

Analysis Through Chapter Frameworks

Stewardship in Action

The CreditVision case demonstrates how a hybrid stewardship model functions under stress. The central Data Governance Office identified systemic risks (lineage gaps, consent questions, fairness concerns) that the business line's own team had not detected -- because the business team was optimizing for performance, not governance. But the resolution was collaborative, not adversarial: the phased deployment respected the business timeline while providing the governance review needed to protect both consumers and the company.

The CDO's Position

Ray's position was structurally constrained -- advisory-with-escalation, not gate-keeping. He could not block CreditVision unilaterally. But his compromise achieved a governance outcome that a gate-keeping authority might not have improved: the pilot generated real data for the fairness audit, the phased approach maintained the business relationship, and the final product was both commercially viable and ethically defensible.

Data Catalog as Governance Infrastructure

The data catalog proved essential. The requirement to catalog alternative data sources before ingestion forced visibility into the lineage of each source -- and that visibility revealed the consent gap in the rent payment data. Without the catalog requirement, the data would have been ingested, the model deployed, and the consent issue discovered only in response to a complaint or regulatory inquiry.

Discussion Questions

  1. The authority question. Should Ray have had the authority to block CreditVision's deployment unilaterally? What would have happened if he had? Consider both the governance benefits and the organizational costs.

  2. The compromise. Was Ray's phased approach a genuine governance success or a capitulation that allowed a partially problematic product to launch? Could a different compromise have been more protective of consumers?

  3. Alternative data ethics. Is it ethical to use alternative data sources (rent, utility, mobile payments) for credit decisions? These sources can expand access to credit for historically excluded populations -- but they also extend surveillance of financial behavior into domains where consumers don't expect it. Where do you draw the line?

  4. The CDO-business relationship. Ray's relationship with Priya was strained but functional. What organizational conditions enabled this? What would have happened if the relationship had been adversarial?

  5. Consumer voice. At no point in this process did consumers -- the people whose rent, utility, and phone payment data was being analyzed -- have a voice. How should consumer perspectives be incorporated into alternative data governance decisions?

Your Turn: Mini-Project

Option A: Governance Review. Design a complete governance review checklist for alternative data sources in lending. Your checklist should cover: data lineage, consent basis, data quality, fairness risk, regulatory compliance, and ongoing monitoring. Test your checklist against the CreditVision scenario.

Option B: Fairness Audit. Using publicly available data about disparities in utility service quality (EPA data, utility complaint records), construct an argument for or against using utility payment data in credit decisions. Ground your argument in the fairness frameworks from Chapter 15.

Option C: CDO Authority Design. Design an authority framework for the CDO role that addresses the dilemma Ray faced. Your framework should specify: what decisions the CDO can block unilaterally, what decisions require escalation, what decisions are advisory-only, and what criteria determine the classification.

References

  • Bruckner, Matthew A., Jedediah Britton-Purdy, and Christopher K. Odinet. "Alternative Data and Credit Scoring: A Framework for Responsible Innovation." Georgetown Law Journal 108, no. 6 (2020): 1425-1503.

  • Citron, Danielle Keats, and Frank Pasquale. "The Scored Society: Due Process for Automated Predictions." Washington Law Review 89, no. 1 (2014): 1-33.

  • Consumer Financial Protection Bureau. "Using Alternative Data in Underwriting." CFPB Research Brief, 2017.

  • NewVantage Partners. "Data and AI Leadership Executive Survey 2024." NewVantage Partners, 2024.

  • Aiken, Peter, and Juanita Billings. Monetizing Your Data: A Guide to Turning Data into Profit-Driving Strategies and Solutions. Hoboken, NJ: John Wiley & Sons, 2014.

  • Hurley, Mikella, and Julius Adebayo. "Credit Scoring in the Era of Big Data." Yale Journal of Law and Technology 18, no. 1 (2016): 148-216.

  • FinRegLab. "The Use of Cash-Flow Data in Underwriting Credit." FinRegLab Research Report, 2019.