Leveraging Data’s Potential in Compliance

MBA (3/13/2008 ) Palaparty, Vijay
The role of governance in financial services institutions’ compliance efforts helps maintain a broad focus while yielding greater returns, says Needham, Mass.-based TowerGroup. Optimizing the use of data and information across compliance requirements also drives efficiencies.
“Governance of both existing and emerging risks provides real value to all stakeholders and assures that tactical compliance requirements are met,” said Rodney Nelsestuen, senior analyst of financial services strategies and IT investments at TowerGroup, in a recent RSA web seminar. “Compliance is not a static state but is driven by multiple constituents. New laws with new requirements, reinterpretation and change of emphasis on existing compliance, political alliances with common standards, industry-driven compliance or business-function alliances drive it.”

Siloed organizational architectures compound the ability to meet regulatory requirements, Nelsestuen said. Data drives all the parts of a financial services instituion, including product systems, inherent business silos such as outsourcing and marketing, delivery channels and internal functions.

“Governance mechanisms help realize the value of all the available data and meeting requirements,” Nelsestuen said. “For example, in delivery channels, with increased mobility, customers are more in control of data than organizations. What this means is an organization has to think through security issues at a higher-level, accounting for all of its delivery channels and potential risks.”

Nelsestuen said governance and risk management efforts are highly data driven in financial services institutions and some are unavoidable for operations, regardless of any regulatory demands. “Information security, policies, procedures and technology are critically important to build customer trust and confidence. Additionally, issues of privacy and disclosure are important to the customer. Customers value how you approach privacy and disclosure—it’s important to them. Without a governance process, risk management becomes a duplicative, confusing and chaotic area because data required in meeting compliance requirements crosses over risk management as well.”

Governance is more of a concept, Nelsestuen said. “It is about understanding what data is needed to leverage to assure compliance and its accuracy. It’s about how organizations pull data and retrieve the right data that would contribute to meeting requirements. Pulling data from the right sources that are true and reliable can assure accuracy, leveraging and improve efficiency.”

Nelsestuen also discussed leveraging broader policy across multiple regulations. “Find an architecture method with multiple purpose, whether for business or governance purposes, to meet compliance requirements. Think about processes too and what you experience in those processes. Compliance is important, yes, but organizations should apply human knowledge to leverage the data they have.”

Monitor, maintain and manage governing compliance initiatives, Nelsestuen said. “First, understand the regulatory requirement—understand the objective of the regulation and its core requirements. Second, know what is flexible and what is prescriptive in management and cross-functional governance. Set internal policies and establish accountabilities.”

In setting control mechanisms in the process, Nelsestuen suggested organizations coordinate with existing internal control processes and advocated reusing elements of compliance across regulations. “Understand and establish unique controls where needed,” he said, also discussing the importance of staff training. “In implementation, assign responsibilities and then review and adjust through internal audits and third-party assessments.”