I am a CIO in financial services. We all know that a new
wave of post-crisis regulation is heading our way. What is it
likely to look like? And what should we be looking for from our
suppliers?
Risk measurementwill have to be
reviewed
In these unprecedented times, there is no room for a
business-as-usual approach or "we are too large to fail" attitude.
Companies are taking acute actions to protect their businesses,
customers and shareholders given the financial market turmoil, and
CIOs should be looking ahead to ensure they can comply with the
anticipated wave of post-crisis regulations.
Historic or statistical measures of risk and exposures are
proving increasingly inadequate and regulators are likely to apply
a new set of rules across business activities affecting executive
compensation, depositor protection, risk management and control,
capital adequacy and liquidity, valuations, accounting policies and
disclosures to name but a few.
The regulatory landscape is a blend of principles, guidance and
rules-based approaches. Post-crisis regulations may require rapid
implementation, be targeted and prescriptive. This means greater
emphasis on IT governance, the existence of good practices and
robust controls to ensure the integrity of information systems,
data quality and privacy, and effective resilience, capacity and
disaster recovery capabilities.
Although reducing costs is a key factor in the current climate,
CIOs will need to achieve regulatory compliance while achieving the
right balance of IT risk, cost and control.
This is a time to increase the value provided by suppliers,
strengthening and harmonising IT control environment issues that
address local, international and EU regulatory requirements.
Management should tighten up preventative and detective measures to
tackle information security and data privacy concerns and improve
management of outsourced functions through independent third party
reporting.
Fundamental change will be required by many financial service
organisations to comply with new regulatory requirements.
Organisations that manage to balance the effectiveness of their
internal controls to meet regulatory requirements alongside cost
reductions could gain competitive advantage in these economically
challenging times.
Erol Mustafa, financial services partner in technology and
security risk services, Ernst & Young
Find the best way to manage information
transparancy
All commentators agree more regulation is on its way and the
majority of taxpayers are very much in favour of this happening.
The cost of the rescue of large banks is, as everyone knows, many
billions of pounds. Some strong views have been expressed about who
is to blame for this situation including regulators, the
government, banking executives and consumers. The general consensus
seems to be that many organisations and individuals have not been
able to understand and manage risk.
The question for CIOs, given this scenario, is what is the
opportunity to be proactive in designing potential solutions. It
can be argued that where problems have been caused by information
transparency, the CIO has a key role to play. There are some key
challenges in this area. Many financial services organisations make
money as a result of exploiting information asymmetry, where one
party has more or better information than others.
It appears some financial services companies opted for
information ignorance, choosing not to understand the risk of
certain securitised instruments prior to selling them on. One would
like to believe that regulators will be addressing these types of
issues but equally that financial organisations will be opting for
good practices in information management and business
intelligence.
Perhaps the bottom line is to discuss with the board and your
suppliers the best way to manage information transparency and risk
in a financial services company. This will of course depend on
whether you are viewed as a key player in managing information in
addition to technology. If you do succeed, hopefully the regulators
will adopt a similar approach, positioning you ahead of the
game.
Sharm Manwani, Henley Business School
Anticipate changes initiated by your
suppliers
Physician heal thyself! What did you think has gone unregulated
that ought to have been avoided or at least ameliorated the
financial crisis? To a layman (me!) it strikes me as completely
daft that mortgage lenders were quite happy to lend 120% mortgages,
or six times applicants' combined salaries, offers which most
ordinary people would say would have a very high risk of failing.
So to me, some regulation in this arena would seem likely. You, in
financial services, in discussion with your user colleagues will, I
am sure, be able to produce a "most likely" list. Discuss with your
user colleagues what might be needed so you can plan reasonable
timetables to ensure compliance: you cannot get into a position
where changes that may be very significant are thrown at you with
impossible deadlines to meet.
What can you expect from your suppliers? Increased charges are
almost a certainty as they invoke variation clauses for the work
done, to ensure you meet changing compliance requirements. Not
unreasonable if what they currently provide meets the specification
you gave them originally. An underwriting that they will always be
able to change their provision to you to meet changing compliance
requirements? Not so likely: no one is going to commit to an
unknown future, so you could just find yourself with applications
or services that cannot be changed and significant work becomes
necessary to develop applications that will comply. The earliest
possible awareness of this is needed as this may dictate the speed
with which you can conform. So regular, constructive meetings with
your suppliers to discuss intelligence about what might be looming.
There are benefits to collaboration with those in the same market
as you, having to meet similar changing compliance requirements, as
was done by many during the millennium change requirements. There
is no point in everyone doing the same work over and over
again.
Robin Laidlaw, president, CW500 Club
Return to Strategy Clinic >>