The basic goal of regulatory compliance is simple: Stay out of trouble. Likewise, the main criterion for compliance technology has been to reduce a bank's compliance risk -- including the risk of legal or regulatory sanctions, financial loss, or damage to reputation and franchise value. But banks are beginning to view compliance initiatives more strategically -- with an eye on future regulatory requirements as well as the bottom line. As a result, they are looking for ways to leverage their compliance programs and technology in ways that will maximize their investments.
As compliance pressures continually increase, they have become a business issue more than just a technology issue. And banks' business leaders are starting to demand more holistic and cost-effective approaches to compliance. According to industry experts, in addition to saving money, an enterprisewide compliance platform can help banks become more responsive, accurate and forward-thinking in their compliance and risk-management activities.
Compliance Tech Tips
1. Start by defining your governance, risk and compliance (GRC) vision.
2. Develop your long-term strategy for GRC.
3. Be selective about the platform you choose.
4. Get your feet wet first -- don't try to swallow the ocean.
It is essential to have the right enterprise systems in place to mitigate the cost of complying with future requirements, says Miles Everson, a partner with New York-based PricewaterhouseCoopers. Traditionally, he notes, banks have used a Band-Aid approach to compliance technology, waiting until they have a compliance mandate and then slapping a solution in place to address that particular issue. But eventually, Everson adds, it will dawn on bank executives that there is a better way of deploying compliance solutions.
Banks also are starting to get the message from regulators. "Regulatory expectations are quite clear," Everson says, noting that regulators -- and customers -- view financial institutions as one company, not separate business units. As a result, they expect banks to implement enterprisewide systems, he says. >>
Federal Reserve Gov. Susan Schmidt Bies, for example, has been a vocal proponent of an enterprisewide approach to compliance and risk management, although she stops short of endorsing any particular technology. In October, Bies, speaking at the American Bankers Association's (ABA) annual convention, said that such a program should be "dynamic and proactive, meaning it constantly assesses evolving risks when new business lines or activities are added, or when existing activities and processes are altered."
Federal regulators have said that they expect a bank's compliance/risk management program to adequately identify, measure, and monitor and control the compliance risks involved in its organization. Further, a bank's compliance technology should add an element of automation to such a program.
However, experts and bankers alike warn that, for an enterprisewide compliance/risk management platform to work, both business and technology leaders must see beyond established silos. "We have seen organizations silo critical compliance information rather than share it with all levels of the organization, which can handicap an organization's ability to identify systemic risks," observed Federal Reserve Gov. Mark W. Olson in a June 2006 speech to the ABA.
A 'C' Change
To ensure a holistic approach, many banks have elevated authority for compliance and risk initiatives to the C level. As chief risk officer for Cherry Hill, N.J.-based Commerce Bancorp ($39.5 billion in assets), James L. Gertie oversees a team of 140 people divided into audit, consumer/deposit compliance, AML, credit risk review, analytics and operating risk. The team helps Gertie handle the demands put on the bank from its many regulators, including its principal regulator, the Office of the Comptroller of the Currency, as well as the Federal Reserve, the FDIC, the state of New Jersey, the NASD and the SEC.
Commerce Bank developed an overall compliance framework that is based on an in-house-developed middleware system, according to Gertie. In searching for an enterprise compliance platform, he relates, the bank failed to identify an off-the-shelf solution that would serve all of its compliance needs. "We're using a combination of Excel workbooks and Access databases effectively, but there are no great technology solutions for a central, organizationwide compliance and risk management function," Gertie contends. "More often you go to consultants who will develop a solution that hooks into what you do have. If you are going to do that you may as well do it yourself," he says.
"We work with the business units, educate them, make sure they design processes that ensure compliance, then we test them to make sure those processes are effective," Gertie continues. "We are not sitting back here with some 'ta-da' system in the middle, saying we've got all the answers."