Most risk and compliance functions work with enormous amounts of data, but very few work with and have access to relevant intelligence. But, you may ask, what is the difference? Surely data is intelligence? And intelligence consists of data? Any recognised dictionary, thesaurus or encyclopaedia would disagree and would provide very different definitions for each of data and intelligence.
Data essentially is raw and unprocessed facts and figures, dates and amounts, numbers and scores. Intelligence is the analysed and contextualised insights gained from such data, which is used to drive business and strategic decisions. Data tells you what happened, while intelligence explains why it happened and what to do about it.
So while data abounds within the firm and is available in large volumes of mainly uncontextual external data, how does the firm convert data into intelligence? With internal data, intelligence can be derived through contextual analysis, by combining different data sets with contrasting contexts together, by deriving intelligence from specific signals or reference material. Intelligence can be derived from external data by applying the firm’s context and by co-mingling external and internal data.
Intelligence can also crucially be derived by securely sharing the firm’s own data with an independent third party who can comingle the firm’s data with peer data, then derive benchmarks and intelligence from the aggregated data, returning the intelligence to all of the participating firms, who can then each apply their own unique context to the intelligence to further enhance its usefulness.
Science fiction, some may say, there is no way that firms will share sensitive risk or compliance-related data, there is too much potential for reputational damage by doing so, or we may give our competitors too much insight into what we are doing or what happened to us.
The reality is that financial services firms have actually been sharing confidential data on an anonymised basis for decades – the British Bankers Association established the very first operational loss/non-financial risk events database, GOLD, in 2000. A group of international financial institutions and multilateral development banks established GEMS, a credit risk consortium sharing emerging markets credit data, in 2009. A number of countries’ information commissioners established cyber incident reporting consortium in the early 2020’s….
Drawing on over 15 years of industry data collection, quality assurance, aggregation, benchmark development and intelligence provision, and recognising industry demands for quality risk intelligence, RiskBusiness launched a proof of concept with 15 internationally active firms in September 2025, focussing initially on emerging risk intelligence, whereby RiskBusiness sourced and provided intelligence on newly identified emerging risks, which each participant considered internally, then assessed their exposure to the emerging risk, then submitted their assessments back to RiskBusiness, where the assessments were aggregated and benchmarks derived for publication back to the participants.
The proof of concept was expanded early in 2026 to include intelligence on top risks, with RiskBusiness providing twenty separate top risks reports from public sources to the participants, along with an aggregated top-risk report derived from the twenty source reports. Participants then documented their own internal top risks and submitted these to RiskBusiness, where the reports were anonymised and aggregated, resulting in the establishment of a participant peer group benchmark top risks report, capable of drill-down and segmentation based on contributing region, organisation size and business nature.
Actual benchmark intelligence from peer firms, comingled with industry data and the firm’s own perspectives on emerging and top risks, is the first stepping stone to far greater data sharing and intelligence derivation, two essential components of the forward-looking, modern risk management framework.
For more on this topic, read our blog, “From Loss Experience to Emerging Risk: Why Risk Teams Need a Wider Field of View” >>>





