With compliance spending expected to reach US $28 billion in 2007, financial institutions need to make sure that their compliance efforts are not just a necessary evil but an investment for the long term.

There are a range of business benefits to be gained from sound compliance practices, including streamlined business processes, quality improvements, business intelligence, risk mitigation, and yes, lower costs.

We asked industry experts for their POV on how to tap into the business benefits of compliance and achieve that strategic edge.

Cubillas Ding

Senior Analyst

Celent, LLC

Thank you for joining our forum, Cubillas. What do you see as the top business benefits of compliance for financial institutions?

Let’s be frank. For many institutions, the purpose of compliance is twofold: avoiding fines and protecting reputations. For me, the immediate benefit of regulation is that it creates a mandate and timeframe for institutions and, therefore, acts as a catalyst. The other benefits you cited – better, faster, and cheaper processes – are valid, but they are not automatic, and they depend on how well compliance initiatives are executed.

What do you see as the most common pitfalls?

First, fragmented and labor-intensive activities that drain costs, resources, and efficiencies of core business operations. Compliance activities need to be managed as a fixed cost. Second, aiming to satisfy the regulation rather than developing good practices. Third, dealing with requirements as a ‘bolt on’ to existing processes rather than reexamining processes and risk factors in light of multiple regulatory requirements. These are the most common but by no means the sole pitfalls.

How should firms best approach differing regulations and anticipate regulations of the future?

Establish a formal assessment function to serve as an early warning mechanism and develop the capability to discern the competitive implications of a piece of legislation. In many firms, this function sits within the legal department, which may not have the necessary operational foresight.

What would you say are the current measures of success for good compliance practices?

There are soft metrics and hard metrics. Institutions need to ensure that risk-based thinking is embedded into an employee’s day-to-day activities. Staff members, especially those on the front line, need to consistently ask themselves how each action impacts compliance requirements and to be clear about what these requirements mean for the firm. I would term this ‘compliance IQ.’ How one gauges this varies but it may include feedback from operational audits, performance appraisals, trends related to compliance breaches, etc. Hard measures include efficiency of activities in the context of end-to-end processes; reduction in breaches, loss incidents, and repeat occurrences; as well as customer satisfaction measures. I include customer metrics because I believe embedding compliance requirements in day-to-day business processes needs to be done in the context of how end customers react to it. Of course, the key to metrics is keeping them simple, manageable, balanced, and correlated.



Hollinsworth Auguste

Chief Technology Officer

Cyence

Hollinsworth, it is great to have you here with us. Top business benefits?

The advanced approaches and governance requirements for compliance provide an organization with best practices in risk management. Fully implemented compliance solutions provide the methodology, data, and information technologies to fully and consistently assess risk across the organization. Secondary benefits, based on the nature of the regulation, include the widespread use of risk-based pricing and new capital allocation models, a better alignment of regulatory capital with economic capital, and minimized market risk from a significant, one-time, noncompliance event.

Most common pitfalls?

The most common pitfall is to view compliance initiatives as just more operational costs and overhead. Without political will and clear vision from the executive, compliance initiatives will be under-funded, under-resourced, and will be assigned a low priority. Another misstep is to take a departmental approach to compliance issues. To rise to the occasion and implement a solution that not only addresses yesterday’s problems but is able to help forecast, predict, and improve business processes and efficiencies in a truly profitable way, compliance must be considered enterprise-wide and then distilled into the necessary departmental requirements.

What about differing and future regulations?

Firms that take a reactionary approach to compliance will invest more in what will end up being a lesser solution over the long run. Firm and strict regulatory compliance is not a passing fad; it is here to stay. Although regulatory compliance may differ by geography, size of organization, and other factors, the foundation for compliance remains the same: well-defined business processes and workflows throughout the entire product lifecycle and across the product suite. A proactive business process management solution will provide a firm with the necessary tools to address new regulations cost-effectively.

The current measures of success?

How quickly can I leverage my current compliance infrastructure to address new regulations? If the answer is designing and implementing another expensive, non-reusable solution to meet new requirements, the organization will always be playing catch up. To be considered successful, an organization must leverage its investment in common processes, rule engines, integrated systems, best practices and real-time analytics, all of which provide the foundation for an effective compliance infrastructure.


Francis Lambert

Compliance Advisor

Zantaz, Inc.

Francis, welcome. What in your opinion are the top business benefits of compliance?

Perhaps the greatest potential benefit is improved processes around electronic discovery. Organizing data and making it more reliable and retrievable has immediate cost benefits when litigation occurs and document production is ordered. From an IT perspective, cost benefits accrue from lowering storage management costs. Without compliance enforcement, the firm might not be motivated to implement the more efficient centralized management and single instance data storage that modern compliance archiving systems offer. Benefits also occur from increased user productivity because of easier access and searchability of legacy information. This greatly reduces helpdesk costs.

Most common pitfalls for firms?

One pitfall is not properly implementing a compliance system for the inevitable audit response or electronic discovery event. Sometimes a firm will only observe basic retention requirements and minimize the search and retrieval functionality, but that is where many of the real benefits are found. Another possible pitfall is building a sound compliance system without adequately training and enforcing user policy around compliance. Cultivating an auditable culture of compliance in a financial services firm is potentially the best risk-management dollar a firm can spend.

How should firms best prepare for regulations of the future?

Much of what regulations call for from IT systems is an easily examined audit trail of documents and communications. Anticipating future regulations is helped by maintaining this audit trail by adhering to a well-designed and well-enforced electronic records management program that includes email and instant messaging. It is also helpful to understand and comply with general standards such as ISO 17799 and ISO 15489. These provide high-level insight into the governance of data, and it is unlikely that any future regulations will go against the requirements embodied in such standards.

What about the measures of success for good compliance?

Success in a firm’s compliance program can be gauged by how quick, accurate, and inexpensive the audit response is and whether audits are intrusive on core business activities. Another key indicator is whether electronic discovery production for litigation activities is efficient and inexpensive (relatively). But perhaps the most important measure of success is the firm’s reputation for integrity in the marketplace.


Cheryl McKinnon

Industry Manager, Government Sector

Hummingbird, Ltd.

It is a pleasure to have you on our forum, Cheryl. What are the top business benefits of compliance?

Forward-looking financial institutions can and should look at the inherent productivity enhancements that well-executed and well-communicated compliance programs can deliver to their knowledge workers. Users that are responsible for creating and capturing data that may be subject to external scrutiny can greatly benefit from the automation of repetitive tasks, better use of approved contract templates, and seamless capture of key customer correspondence. These time-saving and error-minimizing activities can be easily translated into measurable productivity gains for high-value knowledge professionals while fully supporting risk mitigating compliance programs.

What are the most common pitfalls?

Organizations that focus too heavily on the end output of business systems and view compliance purely from a record-retention perspective risk losing the opportunity to streamline their activities and better serve the needs of their clientele. End user buy-in is critical to a successful deployment of any technology intended to capture, secure, and preserve the key information that is the lifeblood of a services organization. Appropriate training on best practices, technology systems, and the obligations users face when dealing with protected information is critical and often is not given sufficient emphasis.

How can financial institutions best prepare for the regulations to come?

With hundreds of new and amended regulations affecting the complex world of financial services, organizations need to be agile and alert to externally driven information management mandates. Documentation of processes, awareness of where records and information flow, understanding the tools used by knowledge workers to communicate with their peers and customers: these activities must come together creating an information framework across business units. New audit, security, or retention rules can be quickly adapted to the changing pressures of this regulated market space.

How do you measure good compliance practices?

Successful compliance practices not only meet the letter of the law, but also the greater social purpose of such regulation – better protection of client data and enhanced visibility into core practices. Creating structured and consistent information capture and tracking its use as it flows through the business helps firms better achieve top-line revenue growth as well as bottom-line cost minimization.



Dennis Maroney

Industry Manager – Financial Services

Worldwide Commercial Sector

Microsoft Corp.

Welcome, Dennis. Top business benefits?

The highest risk for any institution that needs to be beyond reproach such as those in financial services is their corporate image – particularly trust in the brand. This ‘reputational risk’ is followed closely by the high cost of noncompliance, and we are all familiar with the multi-million dollar fines that regulators have assessed. But there are two other values that are often overlooked in the operational and strategy areas.  An enterprise in good control of its business processes creates a structure that results in lower operational risk for the institution, providing easier access to capital than its competitors. A board and the executive team with such a strong corporate governance culture can then focus on strategy execution. At compliance-challenged institutions, on the other hand, attention is continually focused on remedial controls and oversight.

The most common pitfalls?

A siloed approach to risk and compliance will result in 30 percent waste and duplication, according to the TowerGroup. A holistic approach where corporate strategy is dictated across the enterprise and embedded in all business processes avoids this trap. Other common areas of trouble are a ‘fig leaf’ approach where procedures and policies are not embedded in the DNA of an enterprise, where compliance is an extra reporting step outside of normal processing or where compliance programs are under-funded until a crisis emerges.  

Dennis, how should firms best approach the slew of regulations out there and anticipate those to come?

With the myriad of regulatory requirements, firms should take a holistic approach to integrate and leverage common threads of differing regulations while anticipating regulations of the future, e.g., don’t create policies for HIPPA and the Patriot Act but create one corporate policy for privacy that covers both. You can then monitor this policy by leveraging tools like Office DRM, TWC, and BI across all your document servers.

And what’s your view on measuring good compliance practices?

A firm needs to reach a point where compliance and risk management has evolved into a series of transparent business practices that are clearly visible to shareholders, regulators, employers, and suppliers. This enables the firm to run a true business scorecard across the enterprise. Ultimately, a successful compliance program should not be a burden but should speed overall business processes and unlock the full potential of a People Ready business.


Margaret Brooks

Vice President, Strategic Solutions

CA

Thank you for joining us, Margaret. What do you see as the top business benefits of compliance for financial institutions?

One of the top business benefits is to protect reputational risk – keep the firm’s name out of the negative spotlight. Internally, one of the top benefits is to run the business better with a clearer understanding of risks and controls, improved implementation of effective controls to mitigate risk, and enhanced enterprise governance. ‘Compliance awareness’ has raised the level of accountability in the organization to all affected employees, which in turn will help with continued support and improved business practices. As the manual cost of compliance controls escalate, some of the regulatory requirements have encouraged organizations to automate controls that mitigate risk. Although a cost of technology is initially incurred, the benefits go beyond the specific purpose of the technology to a more sustainable solution. Compliance efforts are encouraging firms to strive toward greater transparency, improved visibility of risks and controls, and a more risk-centric approach to business operations.

The most common pitfalls?

With regulations that span a broad spectrum of an enterprise, the negative impact of being reactive verses proactive and working in organizational silos is being realized. The implementation of Sarbanes-Oxley created a reactive mode of operation that did little to benefit the business. Firms are now looking at ways to reduce cost and get operational efficiency from compliance, moving instead to an enterprise risk management program.

What about preparing for future regulations?

Financial institutions should consider taking an enterprise approach using a central repository for risk and controls that will enable them to deal more efficiently with new regulations. For each existing regulation, firms should understand the controls needed to meet the necessary compliance and record the applicable regulations for each control. When a new regulation comes along, if the applicable controls are not addressed, measures then need to be taken for only the additional controls. This will enable the firm to accept and implement new regulations efficiently.

The current measures of success for good compliance practices?

By implementing good compliance practices, management should have visibility to the state of compliance and remediation and see a reduction in testing time and the cost of sustaining a compliance program. Overall, there should be reduction in risk for the firm.

Jeffrey Green

Director of Compliance

Laserfiche

Jeffrey, welcome back to another forum.  What is your view on the top business benefits?

Many organizations approach compliance negatively, driven by a fear of being noncompliant combined with a reluctance to spend more funds to streamline compliance processes. Forward-thinking organizations have begun to realize the potential benefits of replacing time-consuming, manually driven processes with a digital document and content management solution. Such a digital environment will streamline business operations across the entire organization and provide a large return on investment. This holistic view of compliance allows organizations to reduce the cost of doing business, get closer to clients, uncover trends, and ultimately improve competitive advantage.

What do you see as the most common pitfalls?

By far, the most common pitfall is the lack of a common language between the various stakeholders in an organization. When organizations take a tactical approach to meeting the challenges compliance issues pose, they miss the big picture and fail to get the appropriate stakeholders properly invested in the solution. Recent industry studies show that most organizations consider the IT department most responsible for implementing compliance mandates. While most IT departments are more than capable of evaluating and deploying a digital compliance solution, it is essential that IT works closely with the operations department, corporate counsel, and compliance officers to ensure that a solution addresses all the needs of an organization. A lack of communication can result in an incomplete or unreliable solution. Compliance responsibilities cut across many departments and roles. The importance of making compliance a team effort can’t be stressed enough.

Anticipating regulations of the future?

An initial holistic approach to compliance allows for perpetual compliance in the future. Once content has been digitized, automated procedures can be used to replace almost all manual processes. This allows firms to provide an unprecedented level of privacy and operational transparency while also keeping track of all events related to content using auditing tools. Since everything is managed digitally from a central location, it is easy for organizations to quickly adapt their systems to changing regulations.

What are the current measures of success for good compliance practices?

Measures of success vary widely among financial services firms. Despite more than five years of scandals within the financial services industry, most organizations do not have even a basic approach concerning how to address compliance issues. This is because in large part, organizations do not approach the challenge of compliance in a positive, holistic manner. When carried out correctly with the best technology, adhering to regulations is not only good for business, but allows firms to get closer to clients and improve customer service. The resulting overall improvement in competitive advantage is the ultimate measure of success for compliance practices.