Compliance at your fingertips? Wiring up to meet tougher challenges.

Compliance is a discipline known for its density of detail that has, of late, become only more data cluttered.

Sue Bart, an attorney with Wolters Kluwer Financial Services, St. Cloud, Minn., points out that the need for data security and digital identity protections; new stringency

One potential ally in all this are a slew of applications or embedded workflow systems. These tools and techniques can supply meaningful trends or remove manual processing steps. And so, increasingly, those with compliance related responsibilities can let their keyboards--and fingers--do some of the working.

While product write-ups are often featured in the trade press, it also makes sense to draw broader conclusions about these systems and their contribution, which is why we took some time to look the matter over in this department. For starters, are any of the niche systems mature enough to be useful? And, perhaps more importantly, for IT budgeting, is it time to act now?

The short answer is "Yes, and it depends on your pain," says Cubillas Ding, a London-based senior analyst, Securities and Investment group, with Celent. Ding has followed increasing use of applications in specific areas, such as Basel II, but he also has broader opinions about the use of compliance-related technology. His conclusion? Many areas are emerging, with systems that have typical first-generation woes, although some niches (i.e., Anti-Money Laundering) are older and more consistent performers.

As compliance officers seeking IT help, it pays to ask probing questions of your own tech staff (i.e., will it need extensive integration?) and of the vendors you evaluate. Be tough. Find out if the purported solution meets the scope of your need.

To use a metaphor, it can be a very good shoe, but if it doesn't fit your foot or serve your fashion purpose (you need it for work, so that sporty wedge is out), it's not for you.

Not in the Stone Age

Mind you, computers didn't happen to compliance yesterday. Some areas--take lending--have been semi-automated since the 1980s. Also, security and operational risk management have also relied more on applications to help people sift through data. Now, however, the compliance area is getting wired more inventively, Ding says.

"Monitoring systems or reporting technology, for example, that have been traditionally handled by a single purpose system are about to undergo a holistic overhaul," Ding explains. (Some tier-one banks are already getting this consolidation process started.) That is, next generation "leaner" systems will have multi-channel or multiapplication capability packed within their hardware walls, simplifying the computing ecosystem as they do more for compliance officers.

Ultimately, the idea is to tie together the data from all these discrete systems to offer senior execs complex risk management views of all operations with highly accurate drill-down reporting capabilities, although that's more the architectural vision than how most banks work, adds Ding. Certainly, many banks have the motivation to automate. "Compliance experts are hard to come by and even the largest banks don't have an unlimited budget for talent," Ding says, "so the idea is to find new ways to stretch expertise and keep costs down."

But just because banks don't yet have the ultimate compliance set-up, it doesn't mean they aren't making progress-both in the sense of system design and results. In some cases, banks are making existing systems do double duty to keep things simpler and more affordable. Ding has done reports that cover, among other trends, use of IT to engage in risk-based self-assessment for Basel II and Sarbanes-Oxley.

In a situation like that, "Global banks want to repurpose some of the reporting technology developed for SOX to aid in Basel II risk management," Ding says. "The idea is to get systems [that were originally custom-built for a single purpose] to multitask whenever possible."

Some examples

To be strategic with capital outlays and cultivate a more holistic risk measure, U.K.-based internet bank Egg chose Oracle's Regulatory Capital Manager, an application that effectively unifies operational and credit risk data that is actually culled from several operating systems.

In the simplest sense, Oracle's Capital Manager allows the bank to capture and analyze data and use the standardized or internal rules-based methods of determining reserves.

But the application is more than a database linked to a calculator on steroids. It allows the bank to analyze, edit and review calculations, and streamline reporting.

Another technology firm, Cyence, Burlington, Ontario, offers straight-through processing support with a rules engine and "smart" connecting technology. (The app supports customer relationship management and other front-office applications by delivering to them the relevant data.) Playing largely in the commercial loan origination space, Cyence--because of the environment it creates-also supports compliance requirements in a number of ways, explains president and CFO Greg McIntosh.

"One of our clients, Fifth Third, has become Basel II compliant in its lending by use of our technology," says McIntosh. "We are the 'rules-based glue' so to speak, that sits between its warehouse, CRM, and loan origination systems and allows certain kinds of offers, for instance, to be presented in the branch or on the website," says McIntosh.

Likewise, reporting, quality-controlled data entry, and similar capabilities helped Fifth Third stay ahead of its compliance load, not get crushed by it.

Selection important

But the sheer level of automation in the marketplace creates its own gauntlet, not the least of which is sifting through vendor claims and competing priorities in the effort to meet regulation at reasonable cost.

Newbies to the compliance game should take their inherent fine print-reading skills and put them to work in their own selection process.

Rules systems, for instance, are a hot area and thus hyped. "Rules-based engines are ill defined," says Oliver Song, CEO of GlobalVision, which offers the ABA-endorsed Patriot Officer, a monitoring solution, to the marketplace.

"Anti money laundering is global but the U.S. regs are among the toughest out there," he explains. "You need rules that are at once broad and flexible enough to get good results."

GlobalVision has patented technology that combines a risk-based assessment to its rule system. This has the effect of weeding out false positives, lowering compliance costs.

Another company, Netherlands-based NetEconomy, also agrees that not all rules have the same technological prowess. Partnering with Microsoft and Unisys, among other tech firms, the vendor offers the ERASE Crime Suite, which bundles risk assessment, AML and other anti-fraud capabilities. Its approach to curbing false positives has made NetEconomy among the most cost-effective compliance solutions in the market, according to Celent.

"We use a combination of rules and a transaction profiling method that lets banks respond to changing fraud conditions or requirements," says CEO Sebastian Kuntz, CAMS (an anti-money laundering certification). In business since 1993, the newest .NET version of the component-based software has allowed for easier implementation and lets banks "grow into the solution." In the U.S., Kuntz has systems operational in the Bank of Omaha, ING, and Rhode Island's Citizens Bank. One selling point is how the solution works around the data quality issue. "We can have 40% of what we theoretically need [and compensate for it] and still get a bank significant screening capability out of the box," says Kuntz.

Lending made compliant

You don't have to be large or dealing with newest or most complex regs to make technology your compliance companion. Take one lending basic: document handling. Currently, electronic form-based approaches are thought to be the most efficient way to cut back on the time-consuming process of customized forms.

Yet the developers at Wolters Kluwer Financial Services, went on the record with ABABJ to say, "better is coming." Over the last five years, the firm has provided a prototypical version of Expere, a document engine currently being rewritten in Java. The engine acts as one source of content and authoring software (a middle-tier service layer) that individual loan origination systems "call up" whenever a loan officer-anywhere in a bank's network-initiates a document processing transaction.

While the technical details are numerous, the business takeaway is easy to appreciate: lending document changes can be done easily, from a central application, without having to duplicate effort by tinkering with multiple loan origination systems and multiple documents. "It's this kind of do once, change everywhere, and change to adhere to compliance requirements capability that bankers are calling for," says Dan Sanden, project manager with technology solutions.

Thinking globally

Trying to get perspective despite size and complexity is as important with compliance work as it is with strategy development or sales. For instance, with Fair Lending risk, it makes sense to place any deal-associated risk value in portfolio context, which requires tying information together in order to find pricing and decision patterns, notes Todd Cooper, chief product manager at PCi Corp., a lending compliance vendor based in Boston. "The key with compliance, is to find ways to 'operationalize' it, that is, institute business process change in all aspects of the operation," says Cooper. "You need to make compliance the part of the fabric of what IT people, tellers, or other specialists do and not just have it be something the compliance officer takes care of at some discrete point in time," Cooper explains.

Another canon of effective automation is that coordination (among lines of business for monitoring and reporting) counts and irrelevant data are almost worse than too little. "Banks are getting more aggressive in their efforts to 'rationalize' IT," says Mark Coronna, Wolter Kluwer's vice-president of marketing, referencing the buzz around less functional duplication and more streamlined coding in the creation of easier-to-administer, and more relevant, applications. Banks will reduce duplication of effort and manual workarounds.