The world’s desire for corporate regulation swings like
a pendulum. In the late 1980s, the so-called “Big Bang” freed the
financial markets from all but minimum regulation.
But by the mid-1990s, it was clear that a new, more rigorous
regulatory regime was needed to cope with globalisation, the
changes in the markets and the growing use of technology.
A succession of scandals from Barings Bank, to Enron and
Worldcom, caused the pendulum to swing towards tighter rules, and
since 2000, the list of regulations has grown steadily. It now
includes the US Sarbanes-Oxley Act, the Basel 2 risk management
rules for financial institutions, the International Financial
Reporting Standard (IFRS) and the Market in Financial Instruments
Directive (MiFID).
This is only the start. In Europe alone there are about 50
current compliance directives, and more in the pipeline.
Regulations are, of course, necessary for order and stability. But
they are a burden on business and increase costs – especially in
the finance sector.
Compliance also has an impact on IT systems and their future
development. Market research firm Gartner notes that spending on IT
for compliance is growing at twice the rate of overall IT
spending.
Against this background, companies are looking for the best way
to meet their compliance obligations while keeping costs down and,
if possible, getting the best value from their compliance-related
IT investment.
“Compliance is making people think at a higher level and forcing
them to do things that are good for the business. Estimates on the
cost of compliance vary, but whichever way you look at it, it is a
lot of money and smart companies see they can use the investment to
improve their business,” says John Napoli, global director of
financial services at BEA Software.
“At its simplest, compliance is about bringing data together to
create reports for the regulatory bodies and getting them in on
time. But if you approach it properly – look at the similarities
across different regulations and draw the efforts together – you
can keep the costs down,” he says.
Chris Coggrave, a managing principal in the securities practice
at Hewlett Packard, says that compliance is a long-term project.
“It is back to the simple things – people, processes and
technology. You are looking at your effectiveness so you need to
define key measures and see how good the processes are. Compliance
is not a one-off event – it is a journey.”
Coggrave does say, however, that it can be a positive journey
and can bring benefits too. “If you link back to the improvements
that can be made from a governance programme, compliance becomes
part of the justification for other things such as the potential to
improve processes.”
The main pre-occupation for global companies listed in the US
since 2004 has, of course, been to comply with Sarbanes-Oxley.
Despite some early protests about the impact on company profits,
there is clear evidence that compliance can help to improve
business practice.
A recent survey of 261 US financial executives on the impact of
Sarbanes-Oxley, by financial software specialist Oversight Systems,
found that business benefits can come from compliance. Improvements
in the accuracy of financial reports were cited in 47% of responses
– up from 27% in the previous year. Other benefits included fewer
errors in financial operations and better information for
auditors.
When online bank Egg installed an e-mail archiving system, the
project delivered spin-off benefits. “Egg handles 60,000 e-mail
messages a day, and for Sarbanes-Oxley and Basel 2 compliance,
these must be stored for seven years,” says George Giorgiou,
finance sector marketing manager at communications integrator
Affiniti, who implemented the system.
“The EMC storage system we installed met the compliance goals,
but it has also enabled Egg to save on primary storage costs and
improve the way it manages its e-mail.”
Now that most organisations have complied with Sarbanes-Oxley,
attention has switched to other looming deadlines. The financial
sector in particular has its work cut out. The first phase of Basel
2 comes into force later this year, and MiFID is slated for
November 2007. For those affected, compliance will involve a huge
effort over the next 18 months.
Many organisations have learned valuable lessons from their
Sarbanes-Oxley compliance programmes, and are taking a more
strategic approach to IT for Basel 2 and MiFID.
“If you look at the way the industry has approached compliance
in the past, it was a practical approach. Some started by creating
spreadsheets manually to produce the reports. Some moved on to
point solutions for specific compliance programmes. But both are
costly and many companies are now taking an architectural view,”
says Napoli.
BEA’s approach based on service oriented architecture (SOA) aims
to create a general-purpose foundation for compliance programmes.
“A lot of compliance is about seeing your exposure across the whole
enterprise. Reports are not enough – companies need the data in
real time. We bring data together in a data services layer from
multiple databases and present it through a business services
layer.”
Jonathan McKenna, director of business consulting at BEA, says,
“Most companies have expensive IT systems they have developed over
the years, but they are siloed. SOA enables them to bring these
multiple sources of data together. This is especially important for
MiFID compliance where post-trade data needs to be published to
exchanges very quickly.”
Unlike most other regulations, MiFID will mean significant
structural changes in the way financial markets operate. Michael
Mainelli, director of London-based city consultants Z/Yen, sees
MiFID as a catalyst for significant change to financial sector
IT.
“You are looking at a new model with new regulations and you
have got to build this into IT systems. But there is an opportunity
for those who think ahead and take an architectural view.”
McKenna notes that those who can process data quickly will gain
a competitive edge. “MiFID has so many sources of data to keep
track of. The amount of pre-trade data, for example, is expected to
rise by between four and 10-times. But if you can deal with it
quickly you get an advantage.”
Access to consolidated data brings other potential benefits. The
same data gathered for compliance can be turned into business
intelligence.
“The focus of compliance is giving finance departments an
opportunity to be more proactive. At our Finance Forum earlier this
year, the debate centred on how finance departments can move from a
purely transactional role to deliver business intelligence,” says
Graham Walter, vice-president of UK, Middle East and Africa at
software supplier Cognos.
“They can take the basic reporting capability they have built
for compliance and add value by analysing the data.”
The burden of compliance can then be countered by improvements
in business processes and better IT systems. The ultimate aim of
the regulations is to make companies act properly and be seen to do
so. But in the process they can also gain by using technology to go
beyond simple compliance and provide access to the “intelligence”
hidden in the data.
CASE STUDY: CHUBB INSURANCE UNLOCKS
EFFICIENCIES
Founded in New York in 1882, Chubb Insurance has grown to become
one of the world’s leading insurance companies with about £23bn of
assets and 2005 net income of £957m. It employs 11,800 people in
120 offices, spread across 29 countries.
“There is an awful lot to compliance in our industry and we look
at it in a number of ways. We are putting in some point solutions,
but we are also looking at it in the context of business
intelligence,” says Peter Thomas, vice-president of European
enterprise IT at Chubb.
Chubb had plans for improving its business intelligence systems
beyond compliance. “Insurance is an area where information is king,
so we must have a very good understanding of the numbers. We
identified the need for business intelligence architecture for
commercial reasons. But because we had started on this trip it
meant we could use the same approach to help with compliance.”
Chubb installed Cognos business intelligence software to bring
data together to help meet both its commercial goals and its
compliance obligations. “Data consolidation is one of the main
pillars and we use the consolidated data for compliance. But we can
also use it to monitor our effectiveness.”
Sarbanes-Oxley and Basel 2 are, of course, the two biggest
compliance programmes for Chubb. But its strong presence in the
London markets means it also comes under the Financial Services
Authority (FSA). Changes in FSA rules mean yet more compliance
work.
“The current initiative is towards contract certainty.
Traditionally there has always been a certain informality where
details are established later. The FSA wants to move to a more
rigorous framework for insurance contracts where the contracts are
finalised before they go into effect. This means we have to provide
a lot more information,” explains Thomas.
HOW COMPLIANCE DEADLINES SHIFT
Compliance deadlines suffer from the same disease as IT project
delivery deadlines: they slip. The deadline for the Market in
Financial Instruments Directive (MiFID) was originally set for
October 2006. It then moved to April 2007 and, currently, is set
for November 2007, but there is always the possibility the deadline
will slip again.
The far-reaching nature of MiFID – it not only imposes rules of
transactional transparency, it also fundamentally changes the
financial trading structure – means there is a lot more work to do
than was first thought.
Basel 2, which imposes more rigorous risk management on
financial institutions has been subject to even longer delays. In
2001, it was expected that it would be in place by 2004. The
deadline was shifted to 2005 and now the first phase is scheduled
for the end of 2006, with completion by the end of 2007.
While most European institutions are confident of meeting the
deadline, there is concern that some US banks might not be ready in
time. Further slippage seems a distinct possibility.