Missed Opportunity

Despite increasing compliance demands, many banks still overlook enterprisewide solutions.

Though Sarbanes-Oxley, Basel II and revisions in state and federal banking laws continue to increase the time and cost commitment banks must make for compliance, there are ways to mitigate the burdens of regulatory requirements and even improve operations, according to Virginia Garcia, research director for Needham, Mass.-based TowerGroup. She estimates that financial services firms will waste 25 percent of the money they spend on compliance in the next five years due to a siloed approach to compliance processes.

Garcia points out that banks often develop compliance processes and technology for individual laws and lines of business. But to manage costs better and improve compliance, financial institutions must identify compliance systems and process that they can reuse across the entire enterprise. "Financial institutions with resources to invest in enterprise compliance have the opportunity to leverage compliance IT spending as a strategic investment in improved efficiency, not just a means to meet short-term requirements of new or revised legislation," she says.

"The technology exists to do this, but there are huge cultural barriers," Garcia continues. "Business line managers are used to making these [compliance technology] decisions," rather than having the decision made for them.

Automation technology is critical to address the growing compliance burden, Garcia adds, "because banks can ill afford a group of clipboard toting employees to monitor compliance." Sarbanes-Oxley and Basel II both require that banks report figures generated from clean data across the enterprise, Garcia relates, adding that a bank can best create that clean data by using enterprisewide technology. Additionally, some regulatory requirements - such as Sarbanes-Oxley section 409, which requires public companies to disclose information on material changes in their financial condition or operations within 48 hours - demand nearly real-time reporting. That's virtually impossible without enterprisewide automation technology, she asserts.

Michael Rasmussen, principal analyst with Forrester Research (Cambridge, Mass.), agrees that bank compliance technology efforts have been fragmented to date, but he expects more financial institutions to migrate to enterprisewide risk management technologies in 2005. Rasmussen notes that new regulations are expected to be introduced to ensure that banks have adequate safeguards in place to secure customer information. An interagency ruling under Gramm-Leach-Bliley already requires that financial institutions disclose to customers and regulators any unauthorized access to information, he says, but current discussions in Congress and in state legislatures could mean additional regulations in this area.

Top-Down Enforcement

Both Garcia and Rasmussen stress that technology alone isn't enough for banks to stay in compliance. They emphasize that comprehensive, well-enforced policies supported by top management also are critical to compliance efforts. Rasmussen notes that in addition to adding enterprisewide compliance technology, banks are appointing more full-time C-level executives to ensure organizational compliance.

According to a Deloitte Touche Tohmatsu (New York) survey on global risk management, the number of large (65 percent of respondents had more than $10 billion in assets) financial institutions with chief risk officers has increased to 81 percent from 65 percent since 2002. The survey, released in January, also shows that 75 percent of chief risk officers in financial services firms report to their chief executive or the board of directors and that there has been a 25 percent increase in board-level oversight of risk management over the past two years.