Title: Presented at the Bankers Association for Finance and Trade 85th Annual Meeting Globalization The Wor
1Julie Steinberg, HSBC Bruce Roland,
PricewaterhouseCoopers
Using Technology to Manage Compliance in High
Volume Compliance/Operational Risks to Develop
MIS, KRI, and other reports to the Board and
Senior Management
Presented at the Bankers Association for
Finance and Trade85th Annual MeetingGlobalizatio
n The World as a Whole April 22-25, 2007 The
Hyatt Regency Scottsdale Resort and Spa at Gainey
Ranch
2Panel Facilitators
Julie Steinberg, First Vice President HSBC AML
Compliance Systems and Operational Support Bruce
Roland, Principal PricewaterhouseCoopers Risk and
Regulatory Services Advisory Practice
3Overview - US Regulatory Perspective
- Technology is essential to the success of
compliance in high volume and complex operations - Compliance technology should be risk-based, yet
comprehensive - Compliance technology should be managed/supported
as production systems - Compliance technology cannot be used in a static
manner must be able to address changing and
often growing risk situations - Compliance technology is expected to facilitate
reporting to and monitoring by senior and
executive management.
4Technology as compliance enabler
Question Do you feel that Compliance or
technology enables you to provide reports and
metrics for your Senior Management? Why or why
not? How?
5Technology as compliance enabler
Enterprise Profiling
Advanced Monitoring
Manual
Rules Refinement
Workflow
Customer Profiling
- The above maturity model depicts how Compliance
systems can evolve this evolution in turn
facilitates the development of effective metrics
and KRIs. - Technology can enable organizations in
- Interdicting in situations of recognized
non-compliance - Monitoring activity and reporting/resolving the
unusual event or situation - Reporting to management status and effectiveness
of compliance efforts - Enabling more cost-effective and reasonable
compliance efforts in high volume and complex
operations - Managing business processes through workflow
- Managing data to develop effective KRIs and
metrics
6Key topics for Finance and Trade
- Cross border payments
- Global resourcing
- ACH
- LOCs
- Shared risk and responsibility of between
Compliance and the business lines.
These and other rising areas of concern all must
have corresponding metrics and KRIs.
7Developing KRIs and Metrics
- KRIs and related metrics need to be developed
carefully. - It is critical that all parties have a shared
understanding of how the KRI/metric is defined
and derived. - When defining a KRI or metric, the quality of the
data used to develop it must be taken into
consideration. - KRIs and metrics should be defined and used
consistently across all parts of the operation. - The success of a KRI or metric can often be
traced back to the maturity model.
8Moving compliance technology to the lines of
business - Challenges
- Automated compliance processes must be able to
function within the existing technology
frameworks or existing technology frameworks will
have to be enhanced or replaced. - The effectiveness of moving compliance technology
to the lines of business is often hindered by
data availability and/or quality issues. - The lines of business may push back if
Compliance is not effectively positioned,
empowered, and staffed within the organization.
9Moving compliance technology to the lines of
business Success factors
- Provide robust development, test, and production
environments for compliance technologies with the
Information Technology Group supporting the
systems. - Implement strict, effective access, change
management, and backup and recovery controls.
Push such controls to local and regional
compliance technologies. - Fully understand and comply with applicable
privacy regulations. - Form effective partnership between Information
Technology and Compliance to maintain and enhance
compliance systems.
10Improving the efficiency and cost effectiveness
of compliance technology
- Deploying centralized core compliance
technologies supplemented by local or regional
technologies - Deploying hubs for compliance technology and
support in such areas as - Transaction surveillance or monitoring
- Customer due diligence
- Enhanced diligence
- Providing data warehouses/data marts of customer
and transaction information to enable production
and ad hoc reporting and analysis by Compliance
11Leveraging compliance technology within
outsourcing situations
- Ensure that compliance technologies/functionalitie
s can be deployed within the outsourced processes - Ensure that the validity of results of such
technologies/functionalities can be maintained - Ensure that on-site compliance personnel can
function in an unencumbered and effective manner