05:15 PM
Connect Directly

Compliance Doesn't Have to Be Painful for Banks

Facing an ever-intensifying regulatory environment, banks are expected to spend more on risk management than ever before. But there is a silver lining: Many of the new standards with which banks must comply can help make their operations more efficient.

Following the financial crisis and global economic meltdown of 2008-2009, banks have been thrust into an ever-intensifying regulatory environment and face a whole host of new compliance requirements pertaining to risk management. And a seemingly endless string of new regulatory guidelines means the compliance baselines a bank must meet are almost a moving target.

The Dodd-Frank Wall Street Reform and Consumer Protection Act, drafted as a direct response to the financial crisis, and other, similar U.S. laws designed to strengthen the way banks manage their risk in order to prevent another global economic catastrophe contain hundreds of provisions. On the international front, banks will be navigating the new standards implemented over the next few years by the Basel Committee on Banking Supervision known as Basel III.

But there is an opportunity amidst the crush of new regulations. The technology used to help banks meet these new compliance requirements can help mold their organizations into more efficient machines, according to experts. With so many of the new regulations still lacking clarity, however, many banks have been cautious about investing in systems intended to ensure compliance.

Undoubtedly, the Dodd-Frank bill has driven the biggest risk management changes for banks; Dodd-Frank's 2,300-plus pages contain hundreds of new rules and spell out dozens of studies and reports that regulators are required to conduct. But many of the law's new regulations have yet to be implemented or, in some cases, still remain undefined. And many of the new rules don't have a set implementation date.

That -- along with factors such as the pending retirement of the bill's co-sponsor, Barney Frank, and the uncertainty around which political party will control the White House and U.S. Congress in 2012 -- has led many banks to take a wait-and-see approach to implementing some of the changes, according to Michael Versace, global risk research director for IDC Financial Insights (Framingham, Mass.). "It's given them further cause for pause," he says.

Versace estimates that just 38 of the bill's 400 or so specific actions have been implemented thus far. And the uncertainty around when the remaining requirements will go into effect, he says, is keeping many banks in a planning stage.

Concerns about keeping their capital positions defensible per the requirements of Basel III also are keeping banks in a holding pattern, Versace adds. The Basel III Accords were designed to strengthen bank capital requirements and create a new global regulatory standard for liquidity. Among other things, it increases the minimum common equity requirement for banks from 2 percent to 4.5 percent. In addition, banks will be required to hold a capital conservation buffer of 2.5 percent to withstand future periods of stress.

Despite the uncertainty, though, most banks are setting aside cash to pay for new technology for when the regulatory picture does clear up, Versace says. "We are fairly confident that money is being set aside in budgets for regulatory initiatives for when they do go into effect," he comments.

In fact, an IDC report written by Versace predicts that financial services IT spending pertaining to risk functions will reach more than $74 billion by 2015. Further, growth in IT spending on risk management will outpace the growth of overall IT spending and will top 15 percent of total IT spending in financial services in 2012, the research concludes.

According to Versace, that figure includes money spent on the entire scope of risk management, not just on compliance specifically. "Although our macro-economic assumptions continue to point to downward pressure on overall IT spending in financial services, in our estimation, the risk technology market is large and still growing at a good clip," he says.

Get Your Data in Order

So what risk management technology will banks be spending all this money on? Versace says data quality and data governance technologies are "really in full swing," especially as many new regulations that have already gone into effect deal with market and reference data reporting and reducing cycle times. "The industry is moving away from traditional business intelligence and ETL [extract, transform, load] technologies, and is building more operational data stores," he notes. "This will produce more timely and accurate reports."

Daniel Simpson, CEO of Cadis, a financial enterprise data management (EDM) vendor based in London, also believes that quality data monitoring and retention are key to meeting the new and varied compliance standards. But they are a good business practice to boot, he adds. "We are seeing that data is in fact really what most people mean when they refer to regulation," he says. "It's about, 'Can you demonstrate that you know X?' -- whether that is your exposure to counterparty risk, liquidity risk or whatever it might be. You have to measure your exposure in real time."

Many financial institutions, however, have different reporting standards across different divisions and lines of business, which can be detrimental in achieving this task, Simpson says. "Firms need to be more integrated in their data reporting, but usually the case is that each division takes a best-of-breed approach," he contends. "Just the simple act of understanding counterparty risk sounds easy, but most firms are struggling with that. People still don't have that information right at hand. In some cases, you're looking for paper in a filing cabinet."

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.