The impact of the recent global financial crisis is sure to be a lasting one, resulting in a variety of fundamental changes in the financial services sector from a change of philosophy on credit and investment risk management to a host of new government regulations. For decades, the government has tilted in favor of deregulation, particularly as it pertains to the financial services sector. However, existing regulatory approaches and methodologies that may have worked well under benign financial conditions, such as the international Basel II rules, can break down during a major market disruption.
In October 2008, the Group of Thirty, an international body composed of central bank governors, leading economists and private financial sector experts, released a report providing insights into current challenges facing the global financial system and information to inform future banking regulation reforms.
"The financial turmoil that has unfolded over the last year has tested the ability of regulatory authorities to respond effectively to financial crises. It is evident that a number of countries need to revise and reform financial regulatory structures," said Paul Volcker, chairman of the Group of Thirtys Board of Trustees and former chairman of the U.S. Federal Reserve Board.1
Ensuring compliance with the continuous stream of new regulations that will appear over the next several years will prove both complex and onerous for most financial services organizations. But while burdensome, compliance is not an issue that can be side-stepped. Failure to demonstrate compliance can severely damage a financial services business, its reputation, its balance sheet and even the liberty of company officers who are called upon to affirm that their organization adheres to the new rules and regulations.
These threats have raised the issue of compliance to an unprecedented level on the financial services agenda. Gaining the attention of the board has perhaps been the easiest part. Actually implementing the technology and processes required to demonstrate that a bank meets the strict rules of numerous mandates demands a significant level of control over its processes and the way they are monitored and audited.
BPM in Financial Services
Since the earliest days of commercial computing, no industry has been more adept in using IT to improve performance and cut costs than the financial services sector. Historically, it has poured huge sums of money into systems and applications designed to support numerous functions and departments.
The emergence of business process management (BPM) tools has done much to remove cost/performance barriers. BPM technology provides an independent process layer to the complexity that underpins a business procedure such as processing an insurance claim or providing a new customer with a current account, coordinating activities across people and systems and giving a complete view of all the activities necessary to execute it.
The attractions of BPM to financial services companies are clear, and some of the leading companies in the industry have been pioneers of the technology. BPM takes much of the complexity out of achieving a process-centric view of the organization, protecting existing investments in technology and allowing new supporting applications to be introduced with minimal disruption to business processes.
Often, initial BPM deployments have been focused solely on addressing specific process problems. Broken processes, inefficient processes and manual processes often lurk behind poor customer service and unsatisfactory business performance. BPM enables financial services companies to address these problems, leading to better overall business execution.
Those financial services companies that have adopted BPM as an overall strategy rather than in response to a particular point of process pain, however, increasingly find that it offers solutions to tackle more complex business problems. Not least of these is the issue of conforming to the stringent requirements currently being placed on financial services organizations by a host of legal and regulatory authorities.
The Compliance Challenge
At times, achieving compliance can seem like an exhausting and endless uphill struggle. As soon as one set of rules and regulations is satisfied, new ones emerge and existing ones change. The pressures that todays changing regulatory environment imposes are clear, and many companies find that their compliance efforts impose a significant and unwelcome drain on company resources, taking up money and staff time that otherwise would be spent on revenue-generating activities.
The chief complaints that financial organizations have about compliance is that the effort that goes into achieving it is:
Compliance costs are a key concern of financial services organizations. According to a 2007 PricewaterhouseCoopers study of nearly 400 senior finance executives, cost of compliance was the most immediate concern, followed by the risk associated with regulatory compliance.2 Once the additional costs of auditors and consultants have been factored in, financial services organizations are looking at a potentially eye-watering bill.
At many organizations, compliance is largely a manual effort. Much time is spent painstakingly gathering information from different people, departments and systems, inputting data, and distributing findings to those charged with ensuring that business processes comply with the relevant rules and regulations. Managers must then extensively test the controls they have in place in order to identify and tackle areas of risk. This effort is typically played out against a backdrop of shrinking compliance windows and ever-shorter reporting deadlines.
Regulations change, and to remain compliant, business processes need to change with them. As a result, companies that take a quick-fix approach to a particular compliance problem frequently find themselves revisiting their efforts.
The BPM Response
Implemented well, BPM provides an opportunity for financial services companies to eliminate many of the pain points associated with achieving compliance on an ongoing, long-term basis. BPM achieves this in two ways: through process definition and process monitoring.
Process definition and monitoring are at the heart of compliance. Combined in BPM, they can improve time to compliance and help counteract a banks tendency to reinvent the wheel if it has to launch a project for every set of new regulations (and every time an existing set is revised).
BPM technology allows businesses to automate and standardize on processes that are both auditable and consistent. Acting as an orchestration layer to myriad disparate IT systems that are used in the course of a single business process, BPM applies business rules, enabling cross-silo automation of processes across the entire organization. In this way, financial institutions can enforce processes so that all required steps are performed. Built-in authorization and control mechanisms, meanwhile, ensure that only authorized personnel are able to perform certain actions within a business process.
Using BPM, maintenance of processes is simplified, because the overall view of processes that BPM offers makes it possible to change one rule governing a process in one place - rather than in multiple IT systems - in response to a new regulation.
Visibility into what is going on across a process is the key to controlling and managing it. BPM automatically captures information on a companys processes, as required by a number of regulatory mandates, and creates an audit trail. Reporting and analysis tools can be used to explore that information, making it possible to get an overall perspective of how processes are running as well as more granular detail about a specific process or even a specific transaction. That information provides evidence of what was done by whom at what time, which can prove invaluable during an auditors review or simply to flag potential areas of improvement to internal managers. The audit trail includes not only process flows and actions taken, but also electronic copies of the documents and signatures at each stage in the process.
The more mature BPM packages, meanwhile, make it possible to monitor key real-time activities via a dashboard. Continuous monitoring features allow users to set alerts or timed actions to ensure that critical issues are made visible for immediate action. When a process fails to complete and this failure poses a potential compliance risk, for example, that problem will be immediately flagged to managers.
BPM is helping many of the worlds leading financial services companies to make their core business processes compliance-friendly and to satisfy external auditors that they have sufficient process control and monitoring in place. But the most forward-thinking companies are looking at leveraging those efforts to drive, valuable process changes in their companies. In effect, the improved visibility and development of controls that compliance-focused BPM brings, they say, has helped them identify further areas for process improvement and increased efficiency.
For a majority of congressional members and the president, reregulation of the financial services industry has become a huge priority. Many, like Christopher Dodd of Connecticut, the Senate Banking Committee chairman, would go further than the Federal Reserve has proposed. The current system will be overhauled to incorporate new compliance regulations, consolidate overlapping regulatory agencies and perhaps create a new government entity to monitor the whole system. Banks need to be prepared for the choppy regulatory waters ahead, and process automation and monitoring can be a valuable IT solution to steering their business functions in line with the new regulations.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access