Home  »  Microsoft Leaders Forum, Special Features  »  Transforming Mandate into Opportunity

Transforming Mandate into Opportunity

Taking on the Compliance Challenge

Compliance is the foundation of the financial institution so managing it well is essential to the health of the business. When a new regulation emerges, institutions need to be super efficient, able to turn on a dime while maintaining full control. That means clear project governance, application anostic compliance platforms, and knowing when to say when: an over-engineered program will only hold back the organization. According to Microsoft, risk management and compliance solutions need to be simple, efficient, and inexpensive. It advocates embedding the execution of compliance requirements in day-to-day activities and consolidating the IT controls environment wherever possible. WFS turns to the industry experts to get their view on the compliance challenges of today and tomorrow and how to stay that critical one step ahead.

Julio Gomez
Chief Executive Officer
Gomez Markets

Welcome to the Leaders Forum Julio. What steps do your recommend an institution take to improve compliance and productivity?

Compliance and productivity are rarely used in the same sentence. The bare truth is that compliance is a burden. The costs and time devoted to compliance are a drag on productivity. But for the first time, firms have an opportunity to turn that on its head. Because of where we are in terms of evolving data management practices and evolving risk management frameworks, firms can now attack compliance requirements in ways that yield benefits like improved business performance analytics and reduced operational risk.

What are common mistakes financial institutions make?

Financial institutions have traditionally maintained discreet silos for the revenue, compliance, and operations sides of the business. The lack of a holistic approach to compliance is probably the single biggest factor you can point to when compliance ‘fails.’ That’s all changing.

How can companies best prepare for the regulations still to come?

The worst way to prepare is to have a ‘band-aid’ approach. Firms need an inter-departmental, proactive approach that inserts compliance activities seamlessly into the workflow.

What do you see as the essential elements of a good enterprise-wide compliance platform?

Enterprise compliance should leverage the work being done in other related enterprise initiatives, such as Enterprise Data Management and Enterprise Risk Management. These efforts need to be integrated. After all, ‘Integration’ is the new ‘Synergy,’ you know.

Dirk De Beule
Chief Executive Officer
Financial Architects nv (FinArch)

Great to have you with us Dirk. What steps should firms take to improve compliance and productivity?

Compliance and productivity go hand in hand; efforts to assemble and align data with external procedures will lead to increased internal operational effectiveness and productivity. Although many institutions still view compliance as a cost and not as a business driver, it is a useful tool for improving business. Compliance and risk officers should also align very strongly with the business to understand common objectives and ways to improve business agility.

Common mistakes that you see?

Over the years financial institutions have invested in building and implementing ‘silo solutions’ to comply and fulfill specific regulatory or external legal requirements. This has created a multitude of interfaces that need to be maintained as well as reconciliation issues between the different solutions. The integration of risk, accounting, performance measurement, and regulatory reporting should be envisaged as we see more convergence between these disciplines.

What is your advice on preparing for regulations still to come?

This is, of course, not an easy problem to tackle, as the unknown is always difficult to prepare for. However, we see clear benefits in bringing together key data from different financial products. Institutions that have invested in a generic solution by bringing together transactional, position, and static data are far better prepared to anticipate and deal proactively with forthcoming compliance requirements.

What makes a good enterprise-wide compliance platform?

Apart from the data requirements and tools to deliver the required output formats, attention should be given to additional functionality. This is very often overlooked when it comes to internal developments or monolithic compliance solutions. Reconciliation between different disciplines and reports, adjustment tools, audit trails, drill through capabilities, history management, and reporting tools supported by flexible business hierarchies should be available to make an enterprise-wide platform sustainable and future proof. ‘Point solutions’ for compliance do not bring the necessary business benefits and will require unnecessary investments going forward.

Sai Sireesh Pachava
Director of Risk and Compliance
Worldwide Financial Services
Microsoft Corp.

Welcome Sai. What are your thoughts on the steps needed to improve compliance and productivity?

Risk management and compliance is a constantly evolving journey. Employee buy-in and empowerment is a fundamental tenet for successful adoption at any firm. Employees need to feel empowered and to be provided with easy-to-use tools. With compliance and productivity so tightly interlinked, Microsoft’s approach to helping our clients execute their governance, risk management and compliance blueprints is focused on embedding risk and compliance best practices in everyday activities and really in the organizational DNA. This enables employees and stakeholders to have a positive experience around compliance and not to look at it as an extra workload or burden.

Common mistakes?

Some of the issues we see financial institutions grappling with are siloed approaches to compliance with more than 25 to 30 different systems existing across any large firm, short-term ROI metrics for compliance spend, lack of a central repository for compliance-related documentation, and poor workflows and processes.

What is your advice on preparing for the regulations still to come?

Microsoft’s Risk Management and Compliance industry solutions team is currently researching on the future state of governance, risk management and compliance blueprints. We believe that a holistic and long-term sustainable view toward building a compliance culture and environment is the best way to prepare for this strategic area. This needs to be augmented by investing in an integrated infrastructure with a focus on usability for the business users.

The key elements of a good enterprise-wide compliance platform?

Microsoft recently commissioned a global risk survey with the Professional Risk Managers’ International Association (PRMIA) that benchmarks the role of Enterprise Risk Management (ERM) in current and future business processes and assesses best practices. Broadly, the global ERM survey covered the following aspects – ERM program and methodology, success factors in ERM rollout and implementation, reporting structure, staffing, costs, and relation to economic capital. In our view, the key elements of a good enterprise-wide compliance platform are based on five distinct but interrelated capabilities: document and records management, regulatory compliance and controls, risk analytics and reporting, security and privacy, and business continuity.

Martin Mannion
Chief Executive Officer
StarCompliance Software

It is a pleasure to have you here with us Martin. What is your advice on improving compliance and productivity?

An institution should look at its business processes and determine how a software solution can be leveraged to provide efficiencies and reduce operational risk. It is common for organizations to try to take their manual processes and force fit these into the software’s workflow. We advise against this approach. Rather, the best practices are to examine current business processes and re-engineer these processes for automated software tools and workflow applications to achieve better operational results. The objective is to focus on the end result of reducing and managing risk while not being beholden to manual paper-based processes.

Your thoughts on avoiding those common mistakes?

It is important for financial institutions to recognize that the quality of their data is an important factor to maximize the benefits of implementing a system. Data is often not given the consideration and level of importance that it requires. Dedicating the time and resources to data management will pay dividends in the end and make the implementation a notable success for the firm.

How should companies best prepare for coming regulations?

Anticipating change and preparing for new regulatory obligations are often cited as best practices. We see many clients that have implemented automated solutions becoming much more proactive in their ability to perform in-depth analysis and forensic surveillance thereby reducing regulatory risk and being in a much better position to plan for change.

What makes a good enterprise-wide compliance platform?

It is essential for an enterprise-wide solution to be scalable, secure, and provide built-in configuration options that makes the platform as flexible as possible. This ensures that the compliance operation is ready for both internal and regulatory changes. The platform should be architected so that it can be managed by business people for business people to minimize the dependency on their technology department’s limited resources while being certified to industry standard. Lastly, it is important for the platform to have a user-friendly interface and meet usability standards. Deploying an enterprise-wide solution impacts every employee at your organization. The system needs to be easy and efficient to use so it minimizes the amount of end-user support and training.

Soheil Saadat
President and Chief Executive Officer
Prodiance Corporation

Soheil, welcome to our Leaders Forum. What advice would you give firms on improving compliance and productivity?

We work with a variety of global banks, insurance companies, and investment firms and roughly 40 percent of their financial data is contained in user developed applications (UDAs) including spreadsheets, access databases, and business intelligence reports. These UDAs are often managed in uncontrolled environments and lack the proper safeguards associated with IT-controlled applications. Although implementing manual controls to satisfy compliance mandates is possible, they often result in one-off projects and almost always break down over time. Leveraging software technology enables the proper controls to be embedded into everyday business processes to make compliance part of doing ‘business as usual.’ Technology also can help automate tasks for end users to drive better process improvements and boost productivity. For example, auditors are now recommending that all organizations apply proper change control to UDAs. Manually documenting changes to a critical and complex spreadsheet used in the financial reporting process forces users to do more work outside their norm to satisfy compliance mandates. However, using Web-based software to automatically capture key changes to all critical and high-risk UDAs (into a relational database) improves productivity by enabling managers and auditors to see what changes were made, by whom, and when, through a Web-based report.

What is the most common mistake you see financial institutions making?

The most common mistake we see financial institutions make is waiting until it’s too late to act. Despite hundreds of well-documented accounting errors caused by uncontrolled UDAs, the reaction we often hear is: “It would never happen here.” Yet when a company is forced to restate earnings because of reporting errors or fraud, the damage has already been done. It requires upfront investment to implement Enterprise Spreadsheet Management software to prevent errors and fraud from occurring, but it’s much more cost effective in the long run, helps avoid any audit points, and preserves shareholder confidence and company image.

What is your advice on preparing for the regulations still to come?

The most successful companies are taking a proactive approach to preparing for emerging regulations. A proactive approach includes understanding the latest guidance from auditors, performing a risk assessment, and evaluating how technology can help bridge any compliance gaps. Most organizations don’t know that technology is available to help them satisfy auditor guidance and drive immediate ROI through audit efficiency. UDA control is already a key component in many SOX 404 audit programs and is emerging as an area of focus for non-accelerated filers and within insurance for Model Audit Rule compliance.

What does a good enterprise-wide compliance platform look like?

Specific guidance from audit firms for effective UDA controls includes a formal inventory and risk assessment to help identify risky UDAs, remediation activities to help improve their accuracy and integrity, a secure environment with versioning and change control (at a minimum), and continuous monitoring to proactively identify the need for review and approval as well as alerting on any ‘unusual’ changes or policy violations due to fraud. The most successful projects we’ve completed also include a combination of new or revised internal policies, application training, best practices, and sponsorship from both IT and the line of business.

Tags: , , , , , ,

About the Author

Nadine Kjellberg is the Managing Editor of Windows in Financial Services.

Write a Comment

« Peer-to-Peer Lending Website Prospers Amid Downturn
Viewpoints: Business Process Efficiency »
Copyright © 2010 Windows in Financial Services. All rights reserved.