Financial services

Commentary:

Business rules management for banks

29 April 2008

A business rules management system can bridge the gap between IT and the business, says Jean-Baptiste Dezard, senior marketing director for EMEA at ILOG.

Business and regulatory environments for banks are moving fast, and for business leaders, this poses the challenge of dealing with increased complexity in their operational decisions. Since operational decisions must be transparent, compliant and executable, faster implementation of strategies in processes becomes a key capability.

The current sub-prime and liquidity crisis, which occurred despite increased regulation, shows how quickly market conditions change and why firms should review business policies, such as credit decision making, that govern key processes.

Policy makers and regulators respond to systemic risks and bad practices with rules and regulations. Banks have never faced such a large number of new regulations aiming to enforce competition, reduce transaction costs, increase consumer protection, and provide market transparency and reporting on risks. IFRS/IAS accounting standards, Basel II for capital requirements and risk management, UCITS III amendments, the Single Euro Payments Area, and the Markets in Financial Instruments Directive are some examples, and further regulations are on the horizon: Solvency II for insurance, the EU Credit Directive and Basel III.

The requirement to adhere to compliance mandates is further complicated by the current pace of business. Competition is fierce and margins are thin in mature markets, while many market players use their cash to buy assets in Eastern European countries where the demand for financial services is growing fast. The European harmonisation on payments and financial instruments creates opportunities for consolidating service platforms – payment or credit factories, for example – to move on the experience curve, thus reducing the cost of transactions and achieving economies of scale.

To face these challenges, banks are reviewing their IT strategy and architecture. They develop or share new service platforms while adapting legacy assets to the new business environment. Many organisations have embarked on a service-oriented architecture (SOA) approach, by documenting and standardising coarse-grained services calling on various resources. These services are orchestrated in processes and composite applications through the use of business process management.

One could argue that this has no direct impact on business. At best it could lead to better use of resources: IT costing less and doing more. This is where business rules come in. Business rules are predicates describing how decisions are taken, and as such they play a major role in IT and business alignment. In most cases, those rules are ‘hard wired’ in code routines, SQL stored procedures, or in Excel spreadsheets.

When a business change occurs, rules need to be updated. In traditional systems, this requires an impact analysis to assess which processes are affected and which applications or parameters need updating. After a change is made, a number of QA activities occur to make sure no regressions have been introduced. By the time this is completed, a new change request is waiting at the door. Like the task of Sisyphus in Greek myth, as soon as the stone has been pushed to the top of the hill, it rolls back down again.

There is a better way. Business rules need to be extracted, expressed in business language and managed in a repository. This way, business analysts author and manage their business rules with minimal IT implication.

This is done using a business rules management system (BRMS). Rules can then be updated in nearreal time without breaking applications. Business analysts can use ILOG Rule Solutions for Office System (RSOS) with their standard Microsoft Office 2007 Excel and Word applications to author rules and decision tables in plain business language.

Using intellirule technology, they are assisted in avoiding mistakes and using the right vocabulary. Business policies are therefore explained, and rules described in rule documents are executable. This way, you can implement rules for compliance within your processes and make sure they are executed consistently across multiple organisations.

The rules are stored and managed through Microsoft SharePoint Services and accessed with role-based permissions, and versioning is taken care of. They are retrieved by developers directly within Microsoft Visual Studio, to integrate with applications and update business object models.

Once these rules have been tested, they are deployed on ILOG Rule Execution Server for .NET (RES.NET). The managed deployment provides an audit trail to understand which set of rules led to which decisions. The rule service is based on .NET 3.0 Windows Communication Foundation. It can be called by any .NET service, and supports bindings to various protocol and messaging standards. This provides excellent integration with BizTalk and Windows Workflow Foundation. It is why ILOG is now a member of the Microsoft Business Process Alliance.

RES.NET supports Microsoft Management Console and Perfmon, helping administrators monitor server performance statistics in real time.

Using a BRMS helps bridge the gap between IT and the business. Policies are documented in Office 2007, and executed ‘as is’ by the system. Decisions and policies can be implemented in hours rather than weeks, dramatically improving the speed at which a firm can react to a business event. Rules are accessed and managed in a controlled manner, which fits with principles of good governance and helps firms to comply with regulations. Business rules are managed as a real corporate information asset.

This article was originally published in the Spring 2008 issue of Finance on Windows magazine