Financial services

Interview:

New challenges in risk management and compliance

10 June 2009

As the global economic crisis rumbles on, financial firms of all kinds anticipate an overhaul of risk management and regulatory frameworks. Microsoft’s Susan Hauser gives her views.

What has the past year meant for financial firms in terms of risk management and compliance?
Over the past 12-18 months, we’ve seen major changes in the organisational structure of many financial institutions, as well as the products they offer. Mergers and government bailouts are only part of the story. As banks try to ensure their survival, we’ve seen a more cautious attitude to lending and measures – such as interest rate cuts – aimed at stimulating the credit markets. Through all of this, banks are both recognising past failures and facing new challenges in governance, risk management and compliance.

It remains to be seen how the regulatory landscape will develop – will it go to a more light-touch, supervisory mode, or a heavier-touch, regulation-driven model? While there are some trends towards the latter, the picture is not yet clear. However, one thing is obvious: risk management is more crucial than ever to financial organisations, and failing to deal with it is not an option.

What are you hearing from customers about their expectations and concerns in this area?
Many financial firms are trying to understand how they can enhance their risk management capabilities, keep up with all the regulatory changes, and review proposed new changes, while at the same time ensuring their survival in the aftermath of the current financial crisis. In such an uncertain situation, nobody can say that this will be easy – a fact that is reflected in the predictions of analysts like Tower Group that despite pressure on budgets, risk management will be a key area for IT spending among financial firms this year.

However, while the issues might demand some investment, there are steps that businesses can take to minimise the cost and complexity of their risk management environment while maximising its effectiveness.

What advice would you give to firms considering a risk management and compliance project?
In risk management, context is key – it might take somebody who works with certain tools on a day-to-day basis to recognise that something is amiss, while a manager looking at a set of figures might see nothing out of the ordinary. That gives all the more reason to take a holistic and inclusive approach to risk management and compliance, rather than boxing it off as a separate function – risk affects every part of the business, so risk management should be intrinsic to every function.

For this reason it’s a good idea to take a step back and look at how risk management and compliance practices need to work across the organisation, as part of everyday operations. This in turn can lead to a realisation of how your existing technologies can be used to address risk management and compliance issues – a practice that can help to minimise complexity, as well as IT spend.

Microsoft’s focus is to help its customers enhance and execute their vision for an integrated risk management and compliance culture and environment. By adopting a people-ready business approach based on five principles, which are to simplify and automate the adoption for employees to be more productive; embed risk management best practices in everyday activities; enhance the risk analytics and computing and unlock data; manage risk across structured and unstructured business information; and define long-term sustainable risk management and compliance blueprints, it helps financial institutions execute their long-term risk management and compliance vision and blueprints.

How can firms make the best use of existing technologies in this area?
By using service-oriented architecture (SOA) based technologies that are familiar to users, financial firms can go a long way to ensuring a solid risk management and compliance environment. New risks and regulations are bound to emerge, but basing the system on SOA will enable it to be continuously updated with new applications as regulatory and business demands evolve. We have seen an increasing adoption of Microsoft Office SharePoint Server 2007 (MOSS) for enterprise and operational risk management frameworks.

For Bank of America, one of the world’s leading financial institutions, compliance with international financial regulations is of vital importance and the recent global Basel II Accord regulation, required for implementation by US banks by 2011, resulted in the bank’s creation of a portal solution based on MOSS this past year. Developed and deployed in just four months, the risk and control self-assessment solution collects data associated with operational risk from employees and compiles it so as to accurately measure operational risk at an enterprise level. Some 1,500 Bank of America employees across 200 organisational units use the portal solution to access data on 1,800 key operational risks. About 800 of those risks are reported as part of the bank’s enterprise risk and control assessment, as required by the Basel II Accord. The bank has enjoyed significant benefits from the solution, which include: efficient development and deployment; a powerful way of assessing trends; and an easier approach to risk mitigation.

Microsoft works with a wide array of partners across the world, many of them financial sector specialists. These partners deliver solutions that take advantage of strong infrastructure and reusable business components while using enterprise-ready technologies. Our team led by Sai Sireesh, director for risk management and compliance, is driving efforts to embed more risk management and compliance related functions and capabilities in our technology offerings. For example, our recently released IT Compliance Management Guide and IT Compliance Management Resources Workbook can help companies view their compliance obligations in the context of authority documents such as Sarbanes-Oxley, enabling them to assess their risk management and compliance needs and address them by implementing controls within their Microsoft infrastructure.

This article first appeared in the Summer 2009 issue of Finance on Windows.

Add a comment

Related content:

Please login/register to add your comments


Review comments:

There are currently no comments on this article

 

Recently added to the Microsoft Directory:

Koper Automatisering

New Vision

MS POS

DDS Logistics

SALT Solutions

 

RSS Feed

RSS feedGet the latest news direct to your desktop with the OnWindows RSS feed.

Sign up now

Business and Industry

MICROSOFT BUSINESS INFORMATION

Microsoft's Business and Industry websiteMicrosoft's business and industry pages help its partners develop solutions based on Microsoft products and technologies.

Visit Microsoft's Business and Industry site

Rackspace Managed Hosting