The Basel 2 code on risk management, which is due to come into force at the beginning of 2007, is widely viewed as the most challenging forthcoming corporate governance regulation for IT departments.
The code, which requires firms to better assess and manage the risks faced by their business, will necessitate wide-ranging changes to IT systems across subsidiaries worldwide.
Under Basel 2, firms that can demonstrate an advanced approach to managing risk will be able to reduce the amount of capital they have to set aside to cover business risks, such as customers defaulting on loans.
Speaking at the CityIT Forum, DKW's Hans Christoph Classen said the initial challenge for IT departments lay in collecting data from systems and checking that it is of good quality.
Classen said DKW's IT spending on Basel 2 compliance would peak next year at between £7m and £13m.
"Basel 2 is not an IT problem, it is about business processes, data ownership and data quality," said Classen. "You have to touch many systems, but that is not to say that you have to buy all new systems."
Financial firms should consider writing software functions (based on component-based architecture) to run separate systems, such as credit and booking systems. These systems can then be linked using an "integration layer" of software, said Classen.
Once the systems are linked and the data is accurate, it is then possible to build a portal which will allow, for instance, a credit analyst to get a quick overview of the various risks facing their part of the business.
To assess day-to-day operational risks, a firm should agree "key risk indicators" and use workflow technology to collect and distribute information about the faults, losses and failures experienced by a business.