How to accelerate your financial services compliance initiatives


Published on

This paper talks about ways to accelerate your financial services compliance initiatives. It will help you understand the impact and streamline planning and execution of compliance to financial services regulations.

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to accelerate your financial services compliance initiatives

  1. 1. IBM Software October 2011Financial Services Accelerate your financial services compliance initiatives Understand the impact and streamline planning and execution of compliance to financial services regulations Being compliant and driving growth in an Highlights increasingly regulated world Since the credit crunch in 2008, we have seen a much greater emphasis ● Understand the effect of business changes and the overlap with existing on controlling and regulating financial services (FSS) organizations. compliance mandates This event resulted for example, in the: ● Align your portfolio investment with business priorities ● Passing of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Reform Act) in the United States1 ● Use agility to meet regulatory requirements ● Forthcoming implementation of Solvency II2 in Europe and Basel III across the globe3 ● Leverage compliance changes to ● Establishment of new regulatory authorities in the UK and potentially operate more efficiently and effectively the Eurozone. An increasingly regulated banking and insurance landscape, coupled with changing political priorities, has led to the following challenges for financial institutions: ● New regulations and modifications to the existing regulations come with many sets of clauses and sub-clauses. Each clause contributes to creating a dynamic and frequently changing compliance landscape. ● Few of the regulations are global and there are major differences in different geographies; for example, Solvency II in Europe and insurance aspects of Dodd-Frank. Financial institutions with a global presence are required to adhere to the different regulations in their particular geographic location. For example, any foreign bank that wants to operate in the US needs to comply with the requirements of the Dodd-Frank Reform Act.
  2. 2. IBM Software October 2011Financial Services● Identifying, transforming, consolidating and managing the ● IT refactoring to reduce costs (For example: merging effects of changes to the data is required from core heritage systems). Large initiatives are especially orthogonal to applications and needed for compliance reporting. functionality updates, How can you ensure that compliance is● Simultaneously, financial institutions have to adapt and grow not affected throughout multiple projects or iterations? their business to respond to new competition, new technolo- ● New initiatives and applications (For example: gies, security exposures (data breaches and more) and evolving applications running on mobile technology). How can customer demands. you ensure that a consistent and correct compliance solution● Because the pending regulations are so far reaching, it is is applied? likely that traditional methods of compliance management will most likely be insufficient, requiring a new framework All of these concerns put a great deal of stress on your to incorporate the change. IT organization.Addressing and managing compliance How should IT departments respond?challenges In order to be responsive to regulatory changes,The resultant effects on IT systems of managing compliance- IT departments in FSS organizations need to:related issues is costly and complex, requiring a methodical,integrated and repeatable approach that reduces risk and can 1. Define and adopt new processes. The IT culture andbe completed within a reasonable time frame. Managing process must ensure that compliance is embedded intocompliance and meeting industry regulations and standards in software application projects, as already happens in otherthis environment requires a much more integrated approach industries such as pharmaceuticals. Much stronger gover-for FSS organizations, starting with business planning and nance and review of artifacts and deliverables are required,continuing throughout the application life cycle. including packaged applications 2. Establish new organizational structures and reinforceNot only is it becoming increasingly expensive for financial existing organizational structures. These structures areinstitutions to implement and manage compliance, but it is also required in order to review and monitor application develop-a struggle to keep up with the changes required. How will your ment projects to ensure that they are meeting complianceorganization cope with scenarios such as these: requirements. These functions are also responsible for educa- tion and ongoing advice on new regulations and changes to● Changes in regulation. How do you ensure business existing regulations functions are not affected? 3. Establish change and configuration management. As● Updates to source systems for strategic business compliance has to be proven at a point in time, it is also functions. How can you ensure that compliance is not necessary for IT departments to have strong change and affected or seen as a secondary priority? configuration management processes and technologies in place to be able to show the historical content of an application, as well as the associated requirements and test cases. (For example, the Sarbanes-Oxley Act requires IT departments to keep seven years of historical data.) 2
  3. 3. IBM Software October 2011Financial ServicesIdeally, your organization can address compliance from a Additionally, IBM offers other compliance solutions, capabilitiescomplete life cycle approach, as this approach drives the most and services including:benefits and reduced risks. However, we have to recognize thatnot all organizations choose to or have the capability to adopt ● IBM Global Business Services® (GBS). GBS has developedthis approach. an “Inventory of Obligations” (IoO) to enable them to assist financial organizations to meet specific regulations. GBSUsing Rational solutions to accelerate uses IBM Rational RequisitePro® software to host the IoOyour compliance initiatives IBM asset, manage defects and change requests and manageIBM created the IBM Rational Compliance Accelerator test cases and testing resultsfor Financial Services to help financial institutions organize, ● IBM OpenPages®. Acquired in late 2010, the OpenPagesunderstand and use sophisticated tradeoff analysis and financial platform allows a company to unite an organization’s riskmodeling to plan and execute responses to changing regula- and compliance initiatives into a single management systemtions. The adoption of this IBM accelerator can help dramati- on the business side.cally reduce the costs and risks of compliance management,while improving enterprise-wide collaboration and visibility Planning for complianceas well as audits and reporting. As part of the IBM Rational Compliance Accelerator for Financial Services, Rational software provides planningThe IBM Rational Compliance Accelerator for Financial capabilities for compliance. The Rational approach toServices provides the following key focus areas: planning for compliance includes two different levels of planning and decision-making:● Planning for compliance● Collaborative compliance remediation ● Enterprise compliance planning. Helps organizations● Runtime testing for compliance. decide what investments to make, which initiatives to fund, and prioritize the various initiatives / projects.The IBM Rational Compliance Accelerator for Financial ● Project execution planning. Enables organizations toServices is modular (so you can implement only what you manage and monitor compliance projects. Through repeat-need and grow as you are able), flexible supporting multiple able processes, organizations can manage time, cost, quality,methodologies, open and integrated. change, risks and issues.The Rational offering specifically focuses on key newregulations such as the Dodd-Frank Reform Act,Basel lII and Solvency II. 3
  4. 4. IBM Software October 2011Financial ServicesThe Rational planning for compliance approach focuses on Collaborative compliance remediationthe use of IBM Rational Focal Point™ software to support the As part of the IBM Rational Compliance Accelerator forenterprise compliance planning effort by managing compliance Financial Services, Rational software enables organizationsinitiatives prioritization and cost estimation along with other to define the detailed requirements associated with a specificbusiness needs. regulation, such as the Dodd-Frank Reform Act. Using a collaborative approach, organizations can design, build andRational Focal Point software is integrated with test a solution to that meets those requirements.IBM OpenPages. IBM OpenPages is a key IBM solutionsupporting corporate-level Governance, Risk and Compliance Real-time status, visibility and tracing between life-cycle(GRC) management. Mandates, GRC requirements and/or artifacts help ensure that the compliance remediation iscontrols are some of the key elements that may be imported completely and effectively implemented and tested. Dashboardsinto Rational Focal Point software from an OpenPages export. provide role-based views into life-cycle artifacts as well asTypically, controls are the key data requiring gap analysis. cross-cutting compliance-based views. Additionally, visibility into the remediation projects is provided back to Rational FocalRational Focal Point software is also integrated with Point software—providing the traceability to/from planning forIBM Rational Team Concert™ software to provide collabora- compliance.tion support and visibility to project execution planning. Thespecific compliance tasks that are identified for implementation Many Financial Services institutions rely heavily on mainframe-can be exported from the OpenPages solution and imported based solutions and therefore must implement compliance intointo Rational Team Concert software to support the governance those solutions. The Rational Enterprise Modernization (EM)of the requested changes. Accelerator for Developers (Rational Developer for System z® Unit Test) is well-positioned to fill that gap. The RationalIBM Rational System Architect® software contains the enter- Team Concert component of that accelerator also helps provideprise architecture and can be used to offer a complete enterprise a consistent way to manage the remediation life cycle acrosscompliance planning and decision domain. Rational System projects implementing different technologies.Architect would be used to map not only business and IT rela-tionships, but also to map existing assets to the requirements. 4
  5. 5. IBM Software October 2011Financial ServicesRuntime testing for compliance IBM has highly skilled experts with broad knowledge and deepAs part of the IBM Rational Compliance Accelerator for technical skills, including:Financial Services, Rational software provides a solution fortesting compliance that incorporates IBM Rational AppScan® ● Governance, risk and compliance management in anand IBM Rational Policy Tester® software functionality. FSS environment ● Financial services-specific regulationsIBM Rational Policy Tester software provides automatic ● Deployment of Rational software solutions to support“regulatory-view” compliance reports that cover, for example, your compliance initiatives.the Electronic Funds Transfer Act, Sarbanes-Oxley and thePayment Card Industry Data Security Standard (PCI DSS). For more information To learn more about the IBM Rational software solutionsSummary for compliance and how IBM can gelp you gain deep insightThe IBM Rational Compliance Accelerator for Financial into your GRC initiatives, please contact your IBM marketingServices can help you to: representative or IBM Business Partner, or visit the following website:● Maintain a clear picture of the initiatives required, along with their costs and effects on the enterprise Additionally, financing solutions from IBM Global Financing● Reduce the risk of compliance failure can enable effective cash management, protection from● Reduce the cost of complying with regulations globally, technology obsolescence, improved total cost of ownership and reduce risk management of complex systems and return on investment. Also, our Global Asset Recovery● Use the business process changes made for compliance to Services help address environmental concerns with new, potentially operate more efficiently and effectively. more energy-efficient solutions. For more information on IBM Global Financing, visit: 5
  6. 6. © Copyright IBM Corporation 2011 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America October 2011 All Rights Reserved IBM, the IBM logo,, AppScan, Focal Point, Global Business Services, OpenPages, Policy Tester, Rational, RequisitePro, System z, and Team Concert are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at Other product, company or service names may be trademarks or service marks of others. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. 1 The Dodd-Frank Wall Street Reform and Consumer Protection Act (Public Law 111-203, H.R. 4173, 21 July 2010) in the US is defined in a 2,223-page document.2, 3 Solvency II is described in a 155-page Official Journal of the European Union directive 2009/138/EC, containing 312 “Articles” (rules). Please Recycle RAS14085-USEN-00