Get aggressive with suppliers to help meet financial regulations

Companies may need to get "more aggressive" with their IT suppliers to ease the burden of complying with a growing list of...

Companies may need to get "more aggressive" with their IT suppliers to ease the burden of complying with a growing list of corporate governance regulations, delegates at last week's CityIT forum were told.

Preparing systems to comply with regulations such as Basel 2, Sarbanes-Oxley and money laundering legislation has become the prime concern of many IT directors in financial firms.

Challenges include collecting data from disparate systems and subsidiaries in different countries, retrieving information quickly when requested to do so by regulators, and keeping an audit trail of millions of transactions.

Speaking at the gathering of financial services IT directors on the cruiseship Aurora, Mark Turner, a partner at law firm Herbert Smith, said IT directors should consider how suppliers could help them with their compliance projects.

"You may want to be more aggressive with your suppliers in ensuring that what they are delivering can meet your current and future requirements," he said.

Turner said compliance with regulations had become a "life or death" matter for financial firms. He said contracts needed to state the requirements of the supplier in the event, for example, of a system failure that could result in the user organisation failing to comply with a regulation.

Turner recommended that to achieve compliance with regulations, IT departments should work closely with legal and accounting departments and senior managers, with monthly meetings for larger companies.

He also advised firms to develop an "early warning" system to highlight emerging regulations that may have implications for IT.

Some regulations will require firms to collect data for compliance before the regulations actually come into force.

For example, although international accounting standards are not due to come into force until next year, companies need to collect information from the 2004 financial year for comparison with 2005.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.