01 July 2004 Features

 

Counting on compliance

Compliance and risk systems can actually provide the platforms and incentive firms need to go out and win business. Georgina Stanley finds out how to get a competitive advantage

Depending on whose research paper you’re reading today, IT spending for 2004 is either up or down. One thing that everyone does agree on is that IT spending on compliance is up, and it is costing banks a lot of money.

HSBC announced, in its May results, that its total compliance cost for this year is going to be in the region of £400 million. Barclays, meanwhile, said that 40% of its annual IT budget was going on compliance.

Granted, the figures will not be of the same dimension for smaller banks but with so many regulations to comply with — Basel II, Sarbanes-Oxley, FSA and Anti-Money Laundering to name a few (see table page 26) — whatever the size of the bank, compliance still means significant expenditure.

Though budgets are not as tight as a few years ago, IT spending is still coming under intense scrutiny. But with strategic thinking it is possible to transform compliance into a competitive advantage rather than simply a costly, administrative burden.

Virginia Garcia, a senior analyst in Tower Group’s financial services strategy and IT division in the US, explains: “Compliance and risk management can contribute directly to the bottom line by cutting operating losses associated with fraud and basic risk. But they can also create top line revenue growth by providing institutions with the necessary technology upgrades to actually go out and win the business.”

Obviously IT is not the only compliance expenditure but it is a sizeable chunk. According to Garcia all compliance initiatives rely on technology because business processes in the financial services sector are linked to IT systems.

A survey by Gartner and the Economist Intelligence Unit, sponsored by IT governance and business process automation company Changepoint Corporation backs this up. It found that the financial services industry will invest billions of dollars on compliance initiatives in the next few years, with IT being the primary target.

It predicted that 59% of companies will invest heavily to adapt their existing IT systems while 34% will buy entirely new systems to achieve compliance.

A Forrester report predicts spending of €115 million per large European bank to comply with Basel II. A separate survey of 97 of the world’s 200 biggest banks by Accenture, Mercer Oliver Wyman and SAP also concentrated on IT spending for Basel II compliance. Two-thirds of the sample provided spending estimates and of these most of the bigger banks predicted spending of more than €50 million with nearly one third expecting costs of at least €100 million.

Those banks with assets under $100 billion were expecting compliance spending for Basel II to hit a maximum of €50 million.

Tellingly, nearly a third of the survey respondents were still unsure of the total costs despite the fact that the compliance deadline is January 2006.

One small bank demonstrating the difficulties of budgeting for compliance initiatives is Anglo-Romanian Bank. With only 19 staff in London, the bank’s IT budget is relatively small.

“We have no agreed budget,” says Colin Janes, the bank’s head of IT. “We tend to work on the basis that if we have to get it we’ll get it.”

At the moment Anglo-Romanian is using software from STB for its reporting and returns and has not yet started to look at its IT needs in relation to regulations such as Basel.

“This has to change I guess,” says Janes. “Once it’s been decided what we need to monitor, in addition to what we’re already doing, then we’ll have to go to an outside vendor to provide a new software suite to look at it. But in a bank of this size you tend to try not to spend money on this sort of thing if possible.”

Janes believes that when they do start to look at Basel II compliance they are likely to bring in software specifically for this purpose.

With multiple compliance deadlines looming many banks are doing the same thing. But taking a piecemeal approach to compliance spending, despite the immediate cost benefits, may not necessarily be the best way to deal with it.

“If you look at Basel or IAS and so forth you’ll find there’s quite a lot of overlap,” says Laurence Leyden, head of banking at SAP. “If you exclude some elements there’s a chance you’ll put in a solution for one area but you could have used a generic solution across the whole infrastructure which would have given bigger cost savings going forward.

“People tend to talk about a database or a toolset for analytics or a repository warehouse but it’s a combination of all of these areas. People need to be careful. They may have a tool that does a bit of it but they need to think of it as a whole subject.”

Ian Cohen at consultancy group the Buttonwood Tree shares the same view. “Looking at these regulations in isolation is a very poor thing for a bank to do. All regulatory drivers affect some of the same underlying services and behaviours.”

Demonstrating the need for an aggregated approach to compliance, the Butler Group consultancy created a matrix mapping correlations between systems requirements for various regulations.

According to its compliance report, which came out in June this year, complying with Basel and Sarbanes-Oxley, for example, requires the same business process management, discovery, disaster recovery, network security, policy management, retrieval and search tools.

But even the big banks are struggling to combine their compliance efforts. Speaking at a SAS user conference in June, John Spence, director of policy coordination and risk at Lloyds TSB’s said: “I would say we’re behind in bringing Sarbanes Oxley and Basel together. Yes we are bringing it together, are we leading? No.”

“The challenge is to comply and leverage value but also to be cost efficient and not to duplicate,” says Devesh Mehta, head of regulatory at Nomura in London. “There are so many regulatory developments that it is vital for the firm as a whole to understand them all and the way they overlap. Effective communication and project management is our way of addressing the challenge”

Nomura uses a mix of in-house and vendor designed technology for its compliance efforts, including Cartesis’ SECAM+ for its broker dealer activities.

Lloyds TSB is using SAS software for its Basel II compliance efforts. Shahram Sharifi, credit risk director at Lloyds TSB, says: “We’re involved in a couple of projects with SAS to develop analytic and diagnostic tools. Ideally we also want to develop a platform to build an infrastructure for data and intelligence so that we’re not duplicating the same data several times.”

In order to avoid duplication and potentially turn compliance into a cost advantage banks should think strategically and create a plan that is flexible enough to be adapted as regulations change in the future.

Though banks have traditionally dealt with compliance in each business division this means that IT investments in one business silo may not be leveraged across the bank. It also makes it more difficult to achieve real transparency across the organisation. Running the business better should be the first priority rather than simply compliance for the sake of it.

“We’re seeing many organisations struggling with the multiplicity of regulation and control demand,” says Cohen. “But everything we see in the world of compliance is only a codification of business best practice anyway. It’s obvious that every bank would want to assess all its risks and aggregate them together to get a single view so what’s wrong with going for Basel II?”

“Management is about understanding how you take the different threads that appear mutually exclusive and weave a tapestry from them,” says Lloyd’s Spence.

The difficulty is with so many regulations to comply with and under a lot of time pressure, some of the systems decisions taken to comply will inevitably be tactical rather than follow a long-term strategy.

Lloyds’ Sharifi has the following advice: “Try and embrace compliance. Don’t take it as a burden and do it as an exercise. There’s business value to be had and I would say 80-90% of banks will find true value from this.”

According to Beatrice Rogers, head of private sector at UK IT, telecoms and electronics trade association Intellect, the cost savings from compliance will reveal themselves in better interest rates for customers as a result of Basel and better customer relationships as well as cross selling opportunities.

“If you just implement systems thinking ‘we must comply’ then you’re missing a huge opportunity to actually get a business benefit back. By implementing joined up systems and complying you’ll have a better understanding of the customer, of their accounts and improved relationships with them. You need to set up the compliance project to reap the best benefit from it,” she says.

And with IT playing such a vital role in compliance making sure that IT is involved early on in compliance planning is crucial.

“Compliance is about information storage and retrieval. The only person who has a handle on all of the systems in the company is by definition the CIO or CTO.” says Mike Davis, author of the Butler Group’s compliance report. “If I were a CFO and I didn’t have a close relationship with my CIO at the moment I’d be taking him out for a drink. IT handles the company’s most vital asset — the information.”

Garcia at Tower Group adds: “I think it’s the difference between success and failure that the CIO be involved in compliance. There’s likely to be a lot of IT waste that ensues because the CIO isn’t invited to the table earlier on to influence the compliance project.”

In Davis’ opinion, it is not just the company that benefits from having the CIO involved. He believes that CIOs should view compliance as an opportunity to raise their profile within the company. At the very least compliance can be an opportunity to get new systems in place that will help the business run well while producing compliance as a by-product. At most it could provide a way for the CIO or CTO to get on to the board.

Compliance is not something that banks have a choice about. Abbey and Royal Bank of Scotland have already faced fines and there will no doubt be more fines and more regulations in the future. Where they do have a choice is how they approach compliance.

Improving IT systems strategically to meet compliance demands could mean greater transparency, improved customer relationships, cost savings and a stronger reputation as well as a way to avoid fines.

“Banking is the one industry that has exposed the issues of non-compliance,” says Davis. “Compliance solutions will save you money. The monitoring systems you have to put in place for Basel II would have identified Nick Leeson doing his trading deals and should have identified Allied Irish Bank. The benefits are there and it’s good business practice.”

Solutions for Compliance

Click here to view the table

Bookmark with:   (What is this?)

• Delicious
• Digg
• reddit
• StumbleUpon

Social Bookmarking

Social bookmarking allows users to save and categorise a personal collection of bookmarks and share them with others. This is different to using your own browser bookmarks which are available using the menus within your web browser.

Use the links below to share this article on the social bookmarking site of your choice.

Read more about social bookmarking at Wikipedia - Social Bookmarking

Close