Banking and Financial Services


After all, financial services as an industry is all about money. It includes banking (savings and loans, commercial banks, mortgage banks, credit unions), securities and exchanges (brokerages, investment banks, investment advisors) and international finance (currency exchange, foreign investment).

The recent economic crisis was triggered by a variety of factors including faulty assumptions, greed, malfeasance, ineptitude, lack of oversight and a host of other causes is not surprising in retrospect. In his speech to the Council on Foreign Relations on March 10, 2009, FRB Chairman Ben Bernanke highlighted the significance of managing the systemic risk of the global financial system. Traditional assumptions around financial institutions once considered “too big to fail” or “too interconnected to fail” are being challenged in light of the enormous cost of the recent crisis to society as a whole. We are quickly understanding how difficult it is to apply traditional risk management practices, paradigms and assumptions to a highly interconnected and increasingly co-dependent world community view.

If the global financial system were characterized as a living organism, the recent crisis would be depicted as a series of rapidly forming blood clots that disrupted the life force and risked the mortality of the patient. The fact that such clots were triggered by a number of interconnected participants (government, banks, consumers, etc., etc.) illustrates the chain of ripple effects that not only disrupted the flow of capital but actually reversed the flow of capital out of the system.

As we begin to pick up the pieces and rebuild the global economy, it is clear that we cannot go back to doing business in the old way, and yet we cannot take advantage of the situation by gaming the system through a combination of management practices, new business models, changes in accounting rules and other short-term quick fixes.

While we’ll find new controls that will provide some degree of comfort, we cannot depend on governments to come up with effective solutions that protect taxpayer dollars when we’ve seen billions in bailout funds disappear before our eyes. Even after spending millions on SOX, Basel II and other initiatives, individuals and institutions still found a way to exploit weaknesses in controls that resulted in the clotting of our global financial system. While it is likely that such problems will occur again in the future, we clearly cannot continue on the present course.

Risk and Compliance

Since the adventof Basel, Sarbanes Oxley, MiFID, USA PATRIOT Actand Solvency II, a whole sub-industry has surged into the marketplace. With annual information technology(IT) budget spending for risk and compliance running 15 per cent to 21 per cent of the whole, the total annualspend is well into the billions of dollars – hardware,software, specialised tools and solutions, consulting services, outsourcing services, not to mention the internal costs of each institution in terms of time, energyand effort spread across hundreds of employees in atypical institution.

The result overall has been good for investor confidence and the global markets. However, the challenge of exactly how to respond to an ever-changing legal and regulatory environment still exists for most institutions. In many of the largest global banks, they are even starting over from scratch designing completely new risk management solutions because the structures of the original efforts do not allow them to evolve and adapt as their regulatory and compliance requirements change.

Like the famous sword hung by a single hair over the head of Damocles, in the world of risk management there is a huge amount of uncertainty. Uncertainty exists regarding changes in current regulations, new regulations, new interpretations, fallout within industries(for example, the sub-prime market), and stolen customer information among others. The challenge to institutions is to deploy information technology tools that provide protection against these risks, but which are still cost effective and can adapt to evolving regulations.

The regulatory environment for all companies has been dramatically affected by two major pieces of recent federal legislation: the USA Patriot Act and the Sarbanes-Oxley Act of 2002.

A section of the USA Patriot Act (Section 326) requires companies to verify the identity of all company customers. Companies must also verify the identity of non-customers added as signatories on accounts. In addition to verifying identification, in some cases companies must also keep copies of the documents used to verify each customer's identity. Financial services organizations must be able to reconcile all customer information to create complete and accurate profiles of customers. In addition, they must be able to compare these profiles against lists of specially designated nationals and blocked people (known drug dealers, terrorists and other enemies of the state) distributed by the Office of Foreign Assets Control (OFAC) and report matches to the federal government. Also, financial services organizations must set up anti-money-laundering training programs and independent audit functions to test these programs. Clearly, this level of identification and accountability for knowing customers and, in certain cases, their affiliations is unprecedented.

The Sarbanes-Oxley Act of 2002 was a direct response to the financial and accounting scandals that emerged in 2001 and 2002. The law requires public companies to implement procedures that ensure their audit committees can document underlying financial data to validate earnings reports and meet demands for accuracy in pro forma numbers. The Act raises the maximum penalty for securities fraud to 25 years and to 10 years for destroying key financial audit documents and e-mails. It also requires CEOs and CFOs to certify that financial statements fairly represent the financial conditions of the company.

Complying with this regulation requires solutions that enable visibility into financial transactions and the accounting and operational details needed to ensure accuracy and consistency.