Presented at the Bankers Association for Finance and Trade 85th Annual Meeting Globalization The Wor

1
Julie Steinberg, HSBC Bruce Roland,
PricewaterhouseCoopers
Using Technology to Manage Compliance in High
Volume Compliance/Operational Risks to Develop
MIS, KRI, and other reports to the Board and
Senior Management
Presented at the Bankers Association for
Finance and Trade85th Annual MeetingGlobalizatio
n The World as a Whole April 22-25, 2007 The
Hyatt Regency Scottsdale Resort and Spa at Gainey
Ranch
2
Panel Facilitators
Julie Steinberg, First Vice President HSBC AML
Compliance Systems and Operational Support Bruce
Roland, Principal PricewaterhouseCoopers Risk and
Regulatory Services Advisory Practice
3
Overview - US Regulatory Perspective

• Technology is essential to the success of
  compliance in high volume and complex operations
• Compliance technology should be risk-based, yet
  comprehensive
• Compliance technology should be managed/supported
  as production systems
• Compliance technology cannot be used in a static
  manner must be able to address changing and
  often growing risk situations
• Compliance technology is expected to facilitate
  reporting to and monitoring by senior and
  executive management.

4
Technology as compliance enabler
Question Do you feel that Compliance or
technology enables you to provide reports and
metrics for your Senior Management? Why or why
not? How?
5
Technology as compliance enabler
Enterprise Profiling
Advanced Monitoring
Manual
Rules Refinement
Workflow
Customer Profiling

• The above maturity model depicts how Compliance
  systems can evolve this evolution in turn
  facilitates the development of effective metrics
  and KRIs.
• Technology can enable organizations in
• Interdicting in situations of recognized
  non-compliance
• Monitoring activity and reporting/resolving the
  unusual event or situation
• Reporting to management status and effectiveness
  of compliance efforts
• Enabling more cost-effective and reasonable
  compliance efforts in high volume and complex
  operations
• Managing business processes through workflow
• Managing data to develop effective KRIs and
  metrics

6
Key topics for Finance and Trade

• Cross border payments
• Global resourcing
• ACH
• LOCs
• Shared risk and responsibility of between
  Compliance and the business lines.

These and other rising areas of concern all must
have corresponding metrics and KRIs.
7
Developing KRIs and Metrics

• KRIs and related metrics need to be developed
  carefully.
• It is critical that all parties have a shared
  understanding of how the KRI/metric is defined
  and derived.
• When defining a KRI or metric, the quality of the
  data used to develop it must be taken into
  consideration.
• KRIs and metrics should be defined and used
  consistently across all parts of the operation.
• The success of a KRI or metric can often be
  traced back to the maturity model.

8
Moving compliance technology to the lines of
business - Challenges

• Automated compliance processes must be able to
  function within the existing technology
  frameworks or existing technology frameworks will
  have to be enhanced or replaced.
• The effectiveness of moving compliance technology
  to the lines of business is often hindered by
  data availability and/or quality issues.
• The lines of business may push back if
  Compliance is not effectively positioned,
  empowered, and staffed within the organization.

9
Moving compliance technology to the lines of
business Success factors

• Provide robust development, test, and production
  environments for compliance technologies with the
  Information Technology Group supporting the
  systems.
• Implement strict, effective access, change
  management, and backup and recovery controls.
  Push such controls to local and regional
  compliance technologies.
• Fully understand and comply with applicable
  privacy regulations.
• Form effective partnership between Information
  Technology and Compliance to maintain and enhance
  compliance systems.

10
Improving the efficiency and cost effectiveness
of compliance technology

• Deploying centralized core compliance
  technologies supplemented by local or regional
  technologies
• Deploying hubs for compliance technology and
  support in such areas as
• Transaction surveillance or monitoring
• Customer due diligence
• Enhanced diligence
• Providing data warehouses/data marts of customer
  and transaction information to enable production
  and ad hoc reporting and analysis by Compliance

11
Leveraging compliance technology within
outsourcing situations

• Ensure that compliance technologies/functionalitie
  s can be deployed within the outsourced processes
• Ensure that the validity of results of such
  technologies/functionalities can be maintained
• Ensure that on-site compliance personnel can
  function in an unencumbered and effective manner