Master Data Management

Master Data Management in a Multi-Entity Life Insurer:

Perspective: Lead Data Architect in a fast-moving life insurer consolidating multiple lines of business—Freedom 55 Financial (advice/retirement), Quadrus Investment Services (mutual funds), London Insurance Group (holding company), GWL Realty Advisors (real estate asset/tenant management), and GLC Asset Management (institutional/retail asset management)—into a single, enterprise-wide MDM program.

Executive Summary

If you ask ten people in a large insurer who the “customer” is, you’ll get twelve answers: the policyowner, the life insured, the annuitant, the beneficiary, the advisor’s client, the group sponsor, the member, the tenant, the investor, the intermediary, the guarantor… and all of them are right in their own context. That’s precisely why Master Data Management (MDM) exists: to establish durable, governed, and shareable truths about core business entities—people, organizations, relationships, locations, and products—so that every line of business (LoB) can execute confidently, and the enterprise can operate as one.

These are the step we took to create a step-by-step MDM strategy for a life insurer integrating heterogeneous customer masters across advice/retirement (Freedom 55 Financial), mutual funds (Quadrus), an insurance core (via London Insurance Group), real estate (GWL Realty Advisors), and asset management (GLC). It covers target architecture, operating model, identity resolution, survivorship, data quality, consent/Privacy, and the failure modes that repeatedly derail programs—and how to avoid them.

Why MDM Now (and Why It’s Hard Here)

Business drivers

  • Client 360 for growth and retention: Unified view of households and relationships (policyowner ↔ insured ↔ beneficiary ↔ advisor) to personalize offers, reduce churn, and drive cross-sell (e.g., mutual funds to policyowners; annuities to investors approaching retirement).
  • Regulatory confidence: Accurate KYC/AML, FATCA/CRS classifications, Canadian privacy compliance, do-not-contact enforcement, and auditability across entities.
  • Operational efficiency: Fewer returned mails and failed payments, faster onboarding, reduced call handling and rework.
  • Risk & financial clarity: AUM/IFRS17 impacts by household, counterparty hierarchies, exposure by corporate tree.

Why it’s hard

  • Multiple customer definitions: Retail policyholders vs mutual fund investors vs institutional accounts vs tenants vs advisors.
  • Heterogeneous masters and codes: Different keys, dedup rules, and address standards across LoBs.
  • Complex relationships: One person may be a fund investor, a policy beneficiary, an annuitant, and the spouse of an advisor’s client—plus primary contact for a group plan.
  • Legacy entanglement: On-prem cores, departmental solutions, and “shadow” data stores that resist change.

Target Scope and Principles

Scope for phase 1–2

  • Party (Person & Organization) Master: Individuals, households, and organizations (employers, advisors, distributors, property companies).
  • Intermediary/Advisor Master: Agents, brokers, distributors, with licensing, appointments, and compensation relationships.
  • Relationship Master: Party-to-party (household, spouse, dependent), party-to-agreement (policyowner, life insured, annuitant, beneficiary), party-to-product (investor-of-fund), party-to-property (tenant-of-unit).
  • Location & Contact Master: Address, email, phone, contact preferences, do-not-contact flags, language.
  • Reference & Code Master: Normalized countries/provinces, product codes, advisor types, reason codes.

Guiding principles

  • Canonical “Party” model with roles: Separate the entity (person/organization) from its roles (investor, policyowner, beneficiary, tenant, advisor).
  • Survivorship by attribute: There is no single “system of truth.” Attributes have source-of-truth precedence and time dependency.
  • Coexistence style first: Federated MDM that reconciles and publishes golden IDs while allowing source systems to continue transacting; move to centralized create/update later where feasible.
  • Privacy-by-design: Consent, purpose, and retention embedded in the model and APIs.
  • Product-agnostic core: Party/relationship master must serve insurance, investments, and real estate without product bias.

The Canonical Data Model (What We Mastered)

Core entities

  • Party (Person): Names (legal/preferred), DOB, SIN/Tax IDs (if collected per policy), gender, language, risk flags, KYC attributes.
  • Party (Organization): Legal name, registration numbers, LEI (if used), industry codes, hierarchy (parent/child, ultimate parent).
  • Party Role: Investor, Policyowner, Life Insured, Annuitant, Beneficiary, Advisor, Distributor, Employer/Sponsor, Tenant, Property Owner, Guarantor.
  • Household: A soft grouping of parties (spouse/partner/dependents) with roles and shared communications preferences.
  • Location: Standardized address, geocode, mailability indicators; email and phone contact points with verification status.
  • Agreement/Account (registered in source): Policy, contract, fund account, tenancy, investment mandate—referenced by the master to bind relationships.
  • Relationship: Party↔Party (spouse, advisor-of-record), Party↔Agreement (owner-of, insured-on, beneficiary-of, investor-of, tenant-of), Party↔Organization (employee-of, representative-of).
  • Consent & Preference: Contact channels, marketing opt-in/out with timestamps and source proof; purpose restrictions (e.g., treatment/payment vs marketing).
  • Identifiers: Cross-references to each source (Quadrus Client ID, Policy Number, Investor ID, Tenant ID, Advisor Code).

Reference domains

  • Name/address standards: Canada Post addressing, ISO country subdivision codes.
  • Product taxonomies: Insurance product families; fund families/classes; property types/units.
  • Risk & compliance: PEP/sanctions flags, FATCA/CRS statuses, KYC tiers.

Identity Resolution: Matching and Merging That Worked

Match inputs by LoB

  • Freedom 55 (advice/insurance): Name, DOB, address, policy numbers, advisor code, email/phone, life insured vs owner roles.
  • Quadrus (mutual funds): Name, DOB, address, SIN (if present and permissible), fund account numbers, dealer/rep code, KYC risk level.
  • GLC (asset management): Institutional accounts—legal entities, LEIs, corporate hierarchies; sometimes segregated mandates linked to beneficial owners.
  • GWL Realty (real estate): Tenants and property companies—organizational legal names, CRA numbers, lease IDs, guarantors; individuals as tenants/co-signers.
  • LIG (holdco): Corporate hierarchies, historical identifiers.

Deterministic + probabilistic

  • Deterministic signals: Exact match on government ID (where captured), policy/account numbers cross-referenced to parties, confirmed email/phone hash matches, address + DOB.
  • Probabilistic features: Phonetic name variants (Double Metaphone), nicknames, edit distance on street/city, transpositions, nickname dictionaries, trans-literations, household co-residence.

Golden ID regimen

  • Assign a Party Master ID (PMID) to every consolidated party and maintain Cross-Reference IDs (XREFs) to all sources. Never delete XREFs; mark them inactive when superseded.

Survivorship matrix (illustrative)

  • Legal Name: Preference order: GLC (institutional legal) > Freedom 55 (verified KYC) > Quadrus (KYC) > GWL (lease) > Old CRM; time-aware (most recently verified).
  • Preferred Name: Latest self-declared across any LoB.
  • Address: Highest Canada Post DPV score + most recent effective date; retain historicals.
  • Email/Phone: Verified status trumps recency; keep multiple with ranking.
  • DOB: Deterministic—only merge when fully consistent; otherwise send to steward queue.
  • Tax IDs: Store per purpose, encrypt/tokenize; never fill from a less-trusted source.

Human-in-the-loop

  • Steward workbench: Queue for uncertain merges/splits with explainable match features and audit trails.
  • Merge/split operations: Reversible merges; downstream change events; relationship re-binding with history.

Data Quality: Contracts, Rules, and KPIs

Data contracts by domain

  • Each source publishes schemas, allowed values, SLAs, and validation rules. Consumers subscribe; MDM enforces the contract and rejects/flags violations.

Quality dimensions & examples

  • Completeness: Mandatory attributes per role (e.g., DOB required for individual investors).
  • Validity: Address, postal code format, province code; email format plus domain existence.
  • Uniqueness: No duplicate active PMIDs; no duplicate XREFs.
  • Consistency: Names don’t exceed length constraints; DOB not in the future; parent/child hierarchies.
  • Timeliness: Change latency within SLA (e.g., 5 minutes for advisor changes, 24 hours for address updates).

KPIs

  • Duplicate rate, false merge rate, steward queue aging, average time-to-resolve, DQ rule pass rates, downstream NPS/complaint reductions, returned mail rate, payment failure reductions.

Privacy, Consent, and Regulatory Controls

Consent & purpose binding

  • Store consent at the Party-Channel-Purpose level (e.g., Person X: email marketing = opt-out; phone servicing = opt-in). Each consent has source, timestamp, evidence (e.g., UI screen capture ID).

Rights & retention

  • Support subject access, correction, and deletion (where legally permissible) with data lineage and policy-driven retention. Maintain legal holds for ongoing claims or audits.

Data residency & encryption

  • PHI/PII encryption at rest and in transit; field-level tokenization for high-risk attributes; separate keys per LoB or region when required.

KYC/AML

  • Integrate screening (sanctions/PEP) and store risk profiles; feed MDM changes (name/address) to screening engines automatically.

Operating Model and Governance

RACI

  • Data Owner (per LoB): Accountable for data correctness and policy decisions.
  • Data Steward (central + LoB): Operate merges/splits, resolve DQ issues.
  • MDM Product Owner: Prioritize backlog, coordinate releases, measure value.
  • Architecture & Security: Approve changes, enforce standards, run design reviews.

Governance forums

  • MDM Council: Monthly prioritization, policy decisions, cross-LoB escalations.
  • DQ Working Group: Biweekly rule tuning, KPI reviews, remediation.
  • Steward Community: Weekly clinic, knowledge sharing.

Change control

  • Versioned schemas; deprecation windows; blue/green releases for APIs; communications to downstream system owners.

Integration Patterns and Services

MDM services

  • Search & Match API: Find potential matches; used in onboarding to prevent duplicates.
  • Get Party API: Retrieve golden party with attributes, consents, identifiers, and relationships.
  • Create/Update Party API (operational MDM): Optional in later phases to centralize updates; initially, changes originate in sources and flow via CDC.
  • Event topics: PartyCreated, PartyUpdated, RelationshipChanged, ConsentUpdated—published to Kafka/Event Hubs for downstream sync.

Source integration styles

  • Batch backfill: Historical extracts from each LoB into a staging/landing zone.
  • Streaming CDC: Transactional changes (name/address/contact) into MDM within SLA.
  • Synchronous calls: Real-time dedup checks during onboarding (advice desk, fund account opening, tenant setup).

Downstream consumers

  • CRM/Advisor Portals: Unified client/household view.
  • Policy Admin & Fund Systems: Address/contact/consent updates fed back reliably.
  • Billing & Claims: Reduced returns; consistent reachability.
  • Marketing & Analytics: Only receive purpose- and consent-filtered views.
  • Compliance: Complete audit trails of identity/consent changes.

Step-by-Step Implementation Plan

Phase 0 – Mobilize

  • Establish executive sponsorship and a transparent business case: revenue lift (cross-sell), cost takeout (returned mail), risk reduction (regulatory).
  • Staff the core team (product owner, lead architect, data modeler, match engineer, steward lead, integration lead, privacy/security).
  • Approve architecture principles, privacy stance, and target scope for phase 1.

Phase 1 – Discover & Design

  • Inventory sources: Data dictionaries, sample extracts, change data mechanisms.
  • Build entity-relationship drafts: Party, role, relationship, location, identifiers, consent.
  • Define survivorship rules by attribute and match rules (scored features).
  • Baseline data quality (profiling) and quantify expected duplicate burden per LoB.
  • Agree on event topics and API contracts.
  • Select platform/tooling (buy vs build): e.g., Reltio/Semarchy/Informatica/IBM—or a cloud-native approach with custom match layer if org maturity supports it.

Phase 2 – Foundation & Backfill

  • Stand up MDM environments (dev/test/prod), secure networking, secrets, CI/CD, policy-as-code.
  • Implement reference data and address standardization (Canada Post).
  • Load historical data from Quadrus, Freedom 55, GLC, GWL, and LIG into staging; run match/merge dry runs; tune thresholds; define steward queues.
  • Generate golden PMIDs and XREFs; validate with LoB SMEs; iterate.

Phase 3 – Real-Time & Coexistence

  • Enable CDC from key sources (customer/contact tables); publish to MDM.
  • Deploy Search & Match API in onboarding screens (advice desk, fund account openers, tenant setup) to block duplicates at entry.
  • Begin event publishing to downstream systems; implement idempotent upsert patterns.

Phase 4 – Relationships & Households

  • Ingest and normalize roles and relationships (owner/insured/beneficiary; investor/account; tenant/lease; advisor-of-record).
  • Build householding logic (spousal ties, co-residence, dependents) with steward oversight.
  • Deliver Client/Household 360 UI for advisors and call centers.

Phase 5 – Operational MDM (optional, ongoing)

  • Where feasible, shift create/update of certain attributes (e.g., contact info) to MDM as the system of entry; otherwise continue coexistence with strong CDC feedback loops.
  • Expand into intermediary master: advisor licensing, appointments, territory hierarchy, compensation splits.

Phase 6 – Optimize & Scale (ongoing)

  • Extend to institutional hierarchies (GLC), property company trees (GWL), group sponsors, and complex corporate trees.
  • Add consent orchestration across channels, integrate preference centers.
  • Continuous DQ improvement, cost tuning, and functional expansion (e.g., party risk scoring, life-event triggers).

What to Watch Out For:

1) Fuzzy “customer” definition → incoherent model
Countermeasure: Canonical Party + Role model. Force every use case to express which role (policyowner, investor, tenant, advisor) it needs.

2) Over-centralization too early → business revolt
Countermeasure: Start with coexistence style. Publish golden IDs and attributes; keep source systems transacting. Earn trust before moving create/update.

3) Match rules that over-merge
Countermeasure: Conservative thresholds; deterministic anchors (DOB + verified email/phone); steward review for risky merges; reversible merges with full audit.

4) Ignoring address standardization
Countermeasure: Canada Post standardization, DPV scoring, and apartment/unit parsing; never use free-form address as a match anchor alone.

5) No consent lineage
Countermeasure: Consent captured with purpose, channel, source evidence, timestamp; enforced at API and event layer; downstream consumers subscribe only to consent-filtered topics.

6) Weak stewardship capacity
Countermeasure: Resource stewards from each LoB; measure queue aging; provide explainable match features; automate simple cases; escalate only the ambiguous.

7) Tool-driven design
Countermeasure: Lock the logical model and rules first; only then implement in the chosen platform. Avoid shaping business semantics to tool quirks.

8) Performance ignored until late
Countermeasure: Scale-test Search & Match at expected onboarding peaks (e.g., RRSP season), with latency SLOs (<200 ms P95).

9) Eventual consistency misunderstood
Countermeasure: Educate on coexistence semantics; publish SLA for update propagation. For critical use cases (fraud, AML), add real-time paths.

10) No executive air cover
Countermeasure: Tie MDM KPIs to revenue, risk, and cost; review monthly at the executive steering committee.

Technology Blueprint

Core layers

  • MDM Hub: Commercial IBM MDM providing match/merge, survivorship, stewardship, versioning, APIs.
  • Streaming/CDC: Kafka/Event Hubs; Debezium/GoldenGate/HVR or managed services.
  • DQ & Profiling: Built-in rules engine + custom Python/SQL checks; scorecards in the catalog.
  • Address & Identity Services: Canada Post address validation, phone/email verification, name parsing, sanction screening hooks.
  • API Gateway: OAuth2/OIDC; rate limiting; schema versioning; fine-grained authorization (ABAC).
  • Data Catalog & Lineage: Automated harvesting; column-level lineage; policy tags; business glossary.
  • Observability: Logs, metrics (latency, throughput), tracing; PII-safe telemetry.

Security

  • Field-level encryption/tokenization; HSM-backed keys; JIT admin; session recording for elevated access; least-privilege service principals; private connectivity.

Adoption, Change Management, and Value Tracking

Training

  • Advisors/call center: using Client 360, household navigation, consent handling.
  • Stewards: match reasoning, workbench actions, merge/split policy.
  • Engineers: APIs, event consumption, idempotent processing, schema versioning.

Communications

  • Publish release notes, data dictionary changes, and downtime windows.
  • Maintain a self-service portal for schemas, API docs, lineage, and consent policy references.

Value tracking

  • Report quarterly: duplicate reduction, returned mail drop, payment success improvement, cross-sell conversion lift, AML/KYC exception reduction, complaint rate movement.

Cutover and Coexistence Playbook

Before cutover

  • Backfill loaded and reconciled; variance reports signed off (e.g., email match rate, address deltas).
  • Search & Match API load-tested at peak (RRSP season).
  • Downstream subscriptions validated in pre-prod with production-like data.
  • Roll-back paths and message replays rehearsed.

Cutover day

  • Activate CDC and event topics; switch onboarding UIs to call Search & Match first; monitor duplicate rate and latency.
  • Stewards on hypercare; real-time dashboards for match confidence distribution and DQ spikes.

Stabilization

  • Tune thresholds; triage false positives/negatives; communicate quick wins (e.g., 30% drop in returned mail in 4 weeks).

Risk Register and Mitigations

  1. False merges create regulatory exposure → Conservative thresholds; steward approval; reversible merges; full audit.
  2. Consent violations (marketing outreach) → Purpose-aware data products; consent filters at API/event layer; evidence capture.
  3. Source system pushback → Coexistence style; thin adapters; clear SLAs for feedback loops; joint governance.
  4. Under-resourced stewardship → Size stewards by expected queue; automate low-risk cases; report queue health.
  5. Scope creep → Phase gate; backlog triage; enforce “party core first”.
  6. Tool lock-in → Keep logical model independent; use open formats for exports; avoid proprietary only-features for core semantics.
  7. Latency surprises → Private connectivity; API caching where safe; asynchronous patterns; clear SLAs.
  8. Security gaps → Policy-as-code; DLP scanning; secrets rotation; zero-trust endpoints; red-team tests.
  9. Data contract drift → Contract testing in CI; schema registries; versioned topics; deprecation policy.
  10. People change → Cross-train stewards and engineers; document SOPs; retain institutional knowledge.

Data Architect’s Observations

MDM is not a tool you buy; it’s a capability you build. In a life insurer with multiple customer masters and product lines, the winning pattern is consistent:

  1. Model people and organizations once, apply roles liberally.
  2. Make identity resolution explainable and reversible.
  3. Embed consent and purpose into the data fabric.
  4. Start in coexistence; earn the right to centralize later.
  5. Resource stewardship as seriously as you resource platforms.
  6. Measure value in business terms every quarter.

Postnote: This was the capability we aimed during planning

You might also like:

Data Migration

Data Governance

Data Modeling

Leave a Reply

Your email address will not be published. Required fields are marked *