A New York bank is to cut the staff employed on compliance reporting from 365 to 12 following the introduction of a new compliance and IT security monitoring service from Accenture.
The new tool, Security Transformation Service (STS), is the first fruit of the strategic alliances Accenture signed last year with Sun Microsystems and Symantec.
Alastair MacWillson, head of Accenture's global security practice, said compliance with regulatory demands has become a major headache for sectors such as financial services.
STS is the first generation of 'Compliance 2.0' tools, he said. To avoid the huge cost in time and salaries in meeting compliance rules, many monitoring and reporting functions are now being automated.
In the same way that industrial system control and data acquisition (SCADA) systems monitor, alarm and report what is happening in the network, so STS monitors, alarms and reports on actual and potential threats to compliance performance and data integrity.
"We are eating our own dogfood," MacWillson said, adding that Accenture is now using STS to watch what is happening in its internal global network.
The bank, which can't be named for competitive reasons, hired 365 people in less than a year to prepare compliance reports under regulations such as Sarbanes-Oxley. With STS, much of this is now automated, thanks to identity and access control management tools from Sun and threat recognition and mitigation tools from Symantec.
"The headcount for compliance work has dropped to 30 now, and will drop to around 12 soon to monitor the bank's compliance and data security worldwide," he said.
MacWillson added banks in the UK, Germany, the Nordic countries and Australia, which all face similar regulatory demands, are starting to explore services such as STS.
"The regulatory regime is crucial to the rate of adoption," he said. With more countries opting to base their financial regulations on the US Federal Information System Management Act (FISMA), the pressure to automate compliance reporting is likely to grow.
MacWillson said tools such as STS, even when outsourced to firms like Accenture, do not absolve the bank from its legal responsibility for complying.
"What STS does is give them a way to improve their ability to comply through better insight and control of actual activity in their applications and networks."
Comment on this article: [email protected]