Compliance: The Right Way Drives Profitability
Compliance is set to become a key differentiator among financial services institutions. Already some forward thinking FSIs are starting to taste the profits of an integrated compliance management strategy while others are struggling with the costs of more fragmented Band-Aid approaches that result in high levels of waste and duplication. This gap will only widen as regulatory requirements increase and as the cost and complexity of compliance swells. By all counts, it is the more holistic approach that will not only enable compliance in the future but result in improved speed-to-market, decreased costs, reduced risk, an enhanced customer experience, and bottom-line benefits to the business. We ask industry experts for their POV on the challenges to achieving an enterprise-wide compliance platform and to weigh in on profitability.
Robert M. Hegarty
Managing Director, Securities & Investments
TowerGroup
Hi Rob, welcome to our forum. Please tell our readers how compliance relates to a firm’s profitability.
The most important thing to consider is that the cost of compliance can quickly get out of control. Compliance initiatives can eat into your budget very quickly if you don’t have the right plan and prioritize correctly. Without a strategy, a financial services firm risks spending valuable time and money and ending up with something that was not the goal in the first place. The right compliance strategy, on the other hand, will control costs, and will increase your profitability. With a good strategy in place you also, of course, are mitigating the risk of violation.
What are the biggest challenges to achieving an enterprise-wide compliance platform?
Clearly the biggest challenge is internal politics at the firm. It is critical to get buy-in from the most senior business line executives as they each tend to have their own agenda which sometimes are at odds. As far as other potential pain points, I would say first is finding the right technology to achieve firm-wide compliance as it encompasses such a broad array of objectives, whether portfolio, regulatory, operational, etc. Trying to assemble all that under a single platform is a challenge, especially when you add to that the fluidity of today’s regulatory environment.
What are some of the steps that can be taken to make the process run more smoothly?
Compliance is about good, solid project management. It requires clear project governance, including setting up the right governance structure and putting the right committees in place. The Steering Committee needs to have a good mix of senior management from the technology, compliance, risk, and business sides of the enterprise.
Compliance should not be driven primarily by the IT department; senior business management is critical as they need to interpret the regulations and translate the necessary guidelines into actionable IT initiatives.
What is your advice to FSIs on the policies and best practices that they should adopt?
Financial services firms should first segregate their compliance initiatives. This allows them to get a central handle on everything that impacts compliance. It is then easier to manage all initiatives rather than respond to individuals within the enterprise. It also helps to maintain cost controls, which as I stated earlier can easily get out of hand. Firms should set up a separate group within the organization and staff it independently so that they have a group of people working strictly on compliance initiatives. Governance is also key. Nothing should be done without having buy-in from senior management and the head of enterprise risk management.
Todd Stone
President and CEO
ProcessUnity, Inc.
Welcome, Todd. How does the right compliance strategy increase profitability?
If you are first to meet an emerging standard, compliance can be a differentiator that drives market share and top-line revenue. This was true for the first stock plan service providers to support FAS123 equity compensation expense rules. But being in compliance is no longer optional, and with the annual tab now running at $30 billion, compliance costs are not trivial. Every dollar saved here is a dollar added to profit. There are two aspects to compliance costs: doing the right thing and proving it. Clearly, dollars spent protecting your systems, assets, and data add real value; dollars spent on presenting evidence add very little. It makes no sense to cut corners on activities that add real value. It makes complete sense to look for cost savings on the proving end. Ultimately, firms with efficient compliance management processes should be in a better position to innovate and change, while minimizing risks and costs.
What do you see as the biggest challenge to achieving an enterprise-wide compliance program?
In two words: stove piping. The SOX team documents, tests, and assembles evidence of IT compliance. So does the ISO 17799 team and the PCI program office. The compliance costs are tripled while the IT folks are busy fulfilling uncoordinated audit requests. At the other end of the spectrum, corporate compliance mandates a top-down, global GRC program but progress is slow because of its scope and complexity. Meanwhile, immediate compliance requirements must be met, so stove pipers keep on stove piping.
What steps would you advise firms take to make the process run more smoothly?
If you are starting out, define, implement, and test controls for a single pilot compliance issue or business area. Add additional programs, reusing as many pilot controls as possible. If you have a compliance program in place, create a common controls structure to eliminate duplicate effort and cost. Coordinate corporate-level compliance with a high-level business process model to ensure that critical business operations and risks are covered. Finally, automate compliance management and control reuse.
And your advice on policies and best practices?
Leverage industry-standard control specifications and regulatory libraries, establish clear ownership and accountability, and conduct regular testing. Automate the end-to-end controls management process, enhance management reporting, and streamline audit support. Apply the same rigor to all critical business processes to create a super-efficient business that can turn on a dime, without losing control.
Greg Haislip
Managing Director – Banking
Microsoft Corporation
Hi, Greg. Great to have you with us. What are your thoughts on compliance increasing a firm’s profitability?
The right strategy balances the cost of the strategy with avoiding the cost of adverse compliance incidents. Firms that use a regulatory compliance framework strategy can streamline the management of the IT controls required to support compliance and also may gain more insight into their business processes and customers. Many common regulations and standards that organizations must apply significantly overlap in the IT controls. Often you can implement a single IT control to help address the compliance requirement for a number of regulations and standards. The result is increased efficiency, reduced costs, and greater profitability.
On the biggest challenges?
The biggest challenge is aligning all the stakeholders to an enterprise strategy. Firms have to comply with a myriad of rules and regulations that have evolved over time. As new obligations arise, firms deploy a compliance solution for the new rule or regulation to solve the problem in advance of a deadline. In many cases this is done without regard to legacy compliance solutions because the objective is to solve the new business problem as quickly and inexpensively as possible.
Some of the other pain points?
New support and training requirements as well as new activities for employees to engage in to achieve compliance increase the challenge of accomplishing primary business objectives. The requirements, when implemented in the absence of a unifying compliance framework, can actually reduce the efficiency of employees’ daily mission to provide excellent customer service and drive business value. For example, if an employee has to leave his everyday information worker environment to engage a document management and records retention system, you are placing a tedious burden on the staff person in order to achieve compliance.
And your thoughts on making the process run smoothly?
Microsoft advocates making risk management and compliance simpler, more efficient, and less expensive by embedding the execution of compliance requirements in day-to-day activities and consolidating the IT controls environment wherever possible.
On policies and best practices?
Evaluate your compliance obligations holistically. This will allow you to maximize and extend your existing technology tools to align IT and businesses processes and enable an integrated approach to risk and compliance that saves time and money, improves efficiency, and drives business value.
Kamel Shaath
Chief Technology Officer
KOM Networks
Hi Kamel. Pleasure to have you with us. Explain how the right compliance strategy increases profitability.
First and foremost, companies want to reduce the cost of acquisition and deployment of compliant solutions. A universal archive platform that can manage both retained and normal files in one single environment and is application independent will increase operational efficiencies. A solution that is Windows-based will leverage existing Windows administration talent and expertise within the organization, saving more costs. The right compliance strategy will simplify the audit process as all files are in digital format and can be easily verified, validated, and accessed. This will also, of course, minimize the risk of stiff penalties and fines.
The biggest challenge to achieving an enterprise-wide compliance platform?
The biggest challenge is integration: how to add compliance platforms while minimizing the impact on the existing processes and applications. The compliance platform has to be application agnostic. FSIs do not have the luxury of continuously starting over each time a regulation changes. They need to adhere to these requirements on-the-fly and with minimal costs. A significant number of FSIs have custom-built applications as well as off-the-shelf packages. This makes deploying a compliance solution and rolling it out no small task. Another key challenge has to do with administration. You need the right team that can support the compliance solution.
The steps that can be taken to make the process run more smoothly?
Transparency is the key advantage to archiving. The process will run more efficiently if companies are able to store and access files transparently without impacting their day-to-day operations or having to retrain their users and administrative staff. They should be able to use their existing applications, regardless of whether they are off-the-shelf or in-house, without having to worry about integration.
And what about the policies and best practices that they should adopt?
Companies should define disaster recovery strategies and processes and validate them. The solution the FSI picks should provide it with flexibility and simplicity to grow at its own pace with the freedom to choose the hardware vendor of choice. Corporate policies should be applied all the time, transparently to all of the company’s data. Companies should also avoid expensive and time-consuming audit exercises, instead utilizing resources to focus on the growth of the organization.