Underdeveloped Data & Reporting Blindspots

Background:

As mid-sized listed companies scale, their risk landscape grows more complex. Many still operate with fragmented data systems and ad hoc reporting frameworks. Unlike large enterprises with mature infrastructures, or smaller firms with manageable oversight, mid-sized companies often fall into a blind spot: “too complex to run manually, too constrained to modernize decisively.”

The result? Data exists but is scattered across systems, spreadsheets, and silos. Unstructured, unsurfaced, or untrusted. Risk visibility becomes partial, reporting cycles are reactive, and decision-making is shaped more by instinct than insight.

In this article, we unpack the top root causes behind this challenge. We also outline five strategic remediation moves; practical, scalable steps that mid-sized firms can take to build integrated, resilient, and insight-driven risk data ecosystems.

Because today, risk management is a data problem and solving it is a competitive advantage.

Top Root Causes of Underdeveloped Data & Reporting Frameworks

1 – Absence of a Strategic Data Governance Framework

Most under-developed data environments can be traced to the absence of a robust data governance strategy. Data governance encompasses the policies, standards, and processes that ensure data is accurate, secure, and available. In many mid-sized companies, it is either ad hoc or entirely missing. There’s no centralized framework assigning ownership or standardizing how data must be managed.

How it manifests: Different business units define and handle data independently. For instance, a single counterparty (customer/vendor/partner) may have multiple IDs across systems, distorting their true profile. These inconsistencies stem from the lack of enterprise-wide data definitions, taxonomies, and data catalogs.

Why it persists: Instituting data governance is challenging. It requires cross-functional coordination and often a cultural shift. Mid-sized firms may not necessarily have dedicated a Chief Data Officer or equivalent, leaving IT teams to enforce standards without executive clout. Moreover, some firms perceive governance as bureaucracy that slows down operations. If leadership is unconvinced, they won’t allocate time to build a governance committee or policies.

Impact on risk management: Without strong governance frameworks, companies struggle to aggregate and report risk data effectively leading to poor risk assessments and decision-making. A mid-tier bank without clear data ownership might find that its finance and risk departments use different definitions of “exposure,” resulting in conflicting risk reports. In manufacturing, lack of governance might mean safety incidents or quality defects aren’t logged uniformly, obscuring critical risk trends.

2 – Siloed Systems and Fragmented Data

Mid-sized companies often grow through business silos, each department or subsidiary implementing its own framework, models and structure to suit their maturity curve. The result is fragmented data architecture: customer data in one platform, sales in another, risk metrics in a spreadsheet, and so on, with poor integration between them.

How it manifests: Data silos hinder enterprise-wide visibility.

Attempts to create a “single source of truth” fail if systems don’t talk to each other. A bank’s lending unit and treasury unit might use separate reporting tools, making it laborious to compile an integrated risk report. Or consider a manufacturer where procurement and production each maintain separate inventory records. Without integration, the company cannot accurately assess supply chain exposures or working capital at a consolidated level.

Why it persists: Ironically, despite years of trying to build interfaces, the problem has in some cases worsened – over 40% of companies report that the number of data silos has actually increased, while only ~10% have improved company-wide information access.

Teams might resist sharing data (protecting their turf), and technically it can be challenging (or expensive) to connect legacy systems lacking modern APIs.

Impact on risk management: Data silos are kryptonite for risk oversight. If risk data is scattered, it’s difficult to get a holistic view of the organization’s risk profile. Correlations between risks may go unnoticed as seen in some recent bank failures. In summary, fragmentation undermines any robust risk management framework by preventing timely, accurate data consolidation.

3 – Legacy IT Systems and Technical Debt

The burden of legacy technology, outdated core systems or homegrown solutions that have been patched over time is nothing short of an industry norm. Legacy systems are often inflexible, incompatible with modern data tools, and prone to failure, collectively contributing to underdeveloped reporting frameworks.

How it manifests: A bank might still rely on a decades-old core banking system that wasn’t designed for today’s data demands, requiring batch processes to produce reports (meaning no real-time insight). A manufacturing company could be running an old version of an ERP that lacks modern analytics modules, forcing employees to export data into spreadsheets for analysis.

The prevalence of legacy tech is notable. Nearly 96% of IT professionals in one 2023 survey said they still need legacy applications in their environment, and only 4% reported not using any legacy applications.

Why it persists: Replacing core systems is often viewed as risky, expensive, and disruptive. The classic “if it isn’t broken, don’t fix it” mentality.

Technical debt (the cumulative cost of quick-fix IT decisions) accumulates because the company opts for short-term patches over long-term rebuilds.

Impact on risk management: Outdated technology directly impacts risk monitoring and reporting. Legacy systems may not capture the level of data granularity needed for advanced risk analysis (for example, a legacy manufacturing system might not log each production anomaly needed to predict equipment failure risk). They often lack audit trails or modern security, elevating operational and cyber risks.

4 – Cultural Resistance to Change and Data Sharing

Organizational culture plays a pivotal role in the success of data initiatives. Long-standing habits and attitudes create resistance to adopting new data practices or sharing information freely.

How it manifests: Front-line managers may cling to their known and used ‘excel spreadsheets’ and gut-feel decision making, viewing new data systems with suspicion. In many ways, new data systems also expose known but unaddressed failures to the limelight.

Some departments also treat data as a power source to hoard. For instance, the sales team might be reluctant to input detailed client data into a central CRM if they’ve historically managed relationships personally. The XPLM industry survey highlights that two-thirds of respondents said their corporate culture actually favors the emergence of data silos, and 71% admitted that departments “do not want to share their knowledge” across the organization.

This culture can doom data projects; employees might refuse to adopt a new reporting tool, or deliberately bypass official processes (keeping shadow records) because they don’t trust or understand them.

Why it persists: Cultural change is one of the hardest challenges in any organization. Mid-sized companies often have veterans and legacy practices deeply ingrained – “this is how we’ve always done it” can be a mantra. If leadership isn’t actively driving a data-centric culture, middle management is unlikely to enforce it.

Additionally, without adequate training or clear communication of benefits, staff may genuinely fear that new data systems could make their roles redundant or expose their mistakes, thus resisting involvement. There’s also the issue of incentives: if performance metrics don’t reward data sharing or accuracy (and instead only reward short-term results), employees have little motivation to change their behavior.

Impact on risk management: Cultural resistance can sabotage even well-intentioned risk data initiatives. If, say, the risk team implements a new enterprise risk management (ERM) system but business units don’t feed it with timely data, the system becomes an empty shell. An unsupportive culture can nullify the best tools and keep the organization in a reactive stance, where data is seen as a threat or burden rather than a shared asset for informed risk-taking.

5 – Increasing Regulatory and Reporting Complexity

The external environment is raising the bar on data and reporting, and many companies are finding their frameworks lagging behind these evolving requirements. Whether it’s financial regulations, data privacy laws, or sustainability reporting standards, the complexity and volume of reporting expectations have grown exponentially – and mid-sized firms are struggling to keep up.

How it manifests: A regional bank might face new stress-testing data requirements from regulators that its current risk systems cannot support, resulting in frantic efforts to pull the right data. Manufacturing companies now encounter detailed ESG expectations, for instance, European mid-sized listed firms will soon need to comply with the EU’s Corporate Sustainability Reporting Directive (CSRD), tracking metrics from carbon emissions to supply chain due diligence. Many are unprepared.

Why it persists: Unlike large corporations, mid-sized companies typically do not have big compliance departments or the latest Reg-Tech tools. They may be caught off guard by new regulations or find them disproportionately burdensome.

Impact on risk management: Compliance risk becomes a top concern. But beyond compliance, the spirit of these regulations (be it transparency in risk or sustainability) is to drive better decision-making. If a mid-sized firm is only doing the minimum, it likely isn’t leveraging the data to actually improve risk management.

6 – Talent and Skills Gap in Data Analytics

Even with the right tools, organizations need skilled people to build and maintain robust data frameworks. Mid-sized companies often face a talent crunch in this area. They may lack experienced data architects, analysts, or risk data specialists on staff.

How it manifests: The IT team might be small and generalized, without a dedicated data engineer or data scientist. Mid-sized firms often cannot offer the same compensation or career trajectory as large tech firms or banks, leading to a smaller talent pool.

Why it persists: The demand for data and analytics talent has exploded in recent years (with the rise of AI, big data, etc.), and supply has not kept up. Mid-sized companies often have to “grow” their own talent internally, which takes time. Hiring experienced professionals is competitive and costly. Additionally, some mid-tier companies are located outside major tech hubs, making recruitment harder. There’s also the issue of retention.

Impact on risk management: A skills gap can severely hamper risk oversight. Insufficient talent leads to heavy reliance on a few key individuals or external vendors; this concentration is a risk in itself. If those individuals leave or contracts lapse, the organization’s data capability could collapse. Risk professionals in such settings often find themselves doubling as data cleaners and report builders, diverting them from higher-value risk analysis.

5 Strategic Remediation Moves for Mid-Sized Organizations

Mid-sized companies can turn these challenges into opportunities by proactively strengthening their data and reporting frameworks. Below are five strategic remediation moves spanning technology, governance, and people to help resolve or mitigate the above root causes. These strategies are interrelated and can be pursued in parallel:

1 – Establish a Robust Data Governance Framework with Executive Ownership

Firms should formalize a data governance program that defines clear roles, responsibilities, and policies for data management. This also means appointing accountable data owners/stewards in each domain. To succeed, governance cannot be an IT-only initiative.

It needs top-down endorsement and enforcement. Leadership should treat data as a strategic asset, regularly reviewing data governance progress just as they would financial results.

The key is also continuous improvement: governance isn’t a one-time project but an ongoing program that adapts as the company grows and regulations change.

2 – Invest in Modern, Scalable Data Architecture and Tools

A strategic upgrade of technology can pay huge dividends. Mid-sized organizations should evaluate and invest in scalable data infrastructure that could involve moving to cloud-based platforms, implementing a unified data warehouse or lake, and deploying business intelligence (BI) and reporting tools that automate data aggregation and visualization.

Modern cloud solutions are increasingly accessible to mid-market companies (often offered in modular, pay-as-you-go models), lowering the barrier to entry. Key considerations would be to prioritize integration-friendly solutions and adopt tools that reduce manual work, such as ETL for moving and reconciling data

3 – Strengthen Data Talent and Literacy Across the Organization

People are the linchpin of any data strategy. Companies should invest in their human capital by both acquiring and developing data skills. If hiring full-time is difficult, engaging external consultants or service providers on a project basis can jump-start initiatives while transferring knowledge to internal staff.

On the development front, companies should launch data literacy programs so that employees at all levels become more comfortable with data and analytics tools.

A focus on talent and literacy sends a message that data isn’t just the IT team’s job, it’s everyone’s responsibility.

4 – Foster a Data-Driven Culture with Strong Change Management and Incentives

Leaders should consistently communicate the importance of data in achieving the company’s goals, and celebrate data-based decision making.

Some firms establish cross-functional teams or “communities of practice” around data, which break down silos by design. It can also help to start with small wins. Pilot the new framework in one department, refine it, and then expand, so people see proven benefits.

A data-driven culture also means employees become more likely to report issues or anomalies when they occur, rather than hiding them, because they know management wants to hear the data even if it’s bad news.

In essence, technology and processes might provide the tools, but culture is the soil in which a data-driven enterprise either withers or thrives.

5 – Align Data Initiatives with Risk Management and Compliance Objectives

Lastly, mid-sized organizations should explicitly try and link their data framework improvements to their broader risk management and compliance goals. In practice, this means using risk-based criteria to drive data projects: focus on the data that matter most for the company’s risk profile and regulatory requirements.  

Some mid-sized firms establish a Risk and Data Steering Committee that meets regularly to ensure data initiatives are evaluated in terms of risk reduction and compliance impact. Additionally, keep an eye on upcoming regulations and proactively build capability to meet

Ultimately this alignment creates a virtuous cycle: good data feeds into good risk management, which identifies areas for improvement, which in turn drives further data enhancements. By making risk management a key outcome of data strategy, companies ensure their data framework upgrades truly fortify the organization’s resilience and not just its operational efficiency.

Conclusion

Transitioning to a mature data and reporting framework is undoubtedly a journey, not an overnight fix. However, by understanding the root causes behind their current shortcomings, organizations can target their efforts more effectively.

The challenges outlined often interact, but the good news is that the remediation moves are mutually reinforcing as well. With committed leadership, smart investments in technology, empowered people, and a culture that values information, companies can evolve their data practices significantly. The payoff is more than just better reports. It is improved risk foresight, stronger compliance, and enhanced decision-making agility.

Sources:

• Basel Committee on Banking Supervision (BCBS 239) progress reports (2023)
• BIS reports on supervisory expectations for risk data frameworks
• Case studies: Silicon Valley Bank collapse analysis, 2023 U.S. Senate testimony and Fed reviews
• Sero Group: Implementing Data Governance for Small and Medium-Sized Businesses
• XPLM (2023): Study on Enterprise Data Silos and Cultural Resistance to Data Sharing
• Gartner, Forrester, and IDC insights on enterprise data architecture adoption
• QBE Global Risk Index (2023): Mid-Market Risk Prioritization and Preparedness Survey
• Hyperproof GRC Benchmark (2024): Risk and Compliance Operations in Fragmented Environments
• Sage (2023): SME Cloud and Sustainability Technology Trends Report
• IDC SMB Tech Pulse (2023–24): Cloud adoption rates and tech spend forecasts for mid-sized firms
• McKinsey Digital: The Value of a Scalable Data Architecture for Mid-Sized Enterprises
• World Economic Forum: 2023 Global Talent Outlook
• Udemy for Business: Skills Gap in Data Literacy 2023 Report