gov
By Paul r. osBorne, CPa, CPo, aMlP, and taPan shah, PMP
NaNCe
5 critical considerations for implementing an
Enterprise-level system to meet Regulatory compliance
aMid the fallout from the economic crisis and terrorism-related activities, financial institutions face the need to focus on regulatory compliance. as a result, many have begun to implement enterprise-level management information systems to assist with compliance and provide systematic controls to help identify and manage risk. implementing such
systems is a complicated process, but institutions can tackle the task
effectively by giving due consideration to five critical areas.
1. Size and Complexity
All stakeholders must recognize the
size and complexity of any manage-
ment information system implemen-
tation project at the outset. Part of
the complexity of such systems stems
simply from the sheer number of
stakeholders involved, including the
institution’s information technology
(IT) and compliance departments and
various lines of business (LOBs); in
many cases, there are also
product and consulting
vendors. All of these
stakeholders bring
their own experienc-
es, opinions, priori-
ties, and, at times,
conflicting agendas.
The subjectiv-
ity around the regu-
latory requirements
poses problems, too. For
example, Bank Secrecy Act
(BSA) and anti–money laundering
(AML) compliance requirements can
give rise to different interpretations,
and an institution’s actions—or inac-
tions—may be scrutinized by regula-
tors. Therefore, it is vital to engage the
compliance team in the initial stages to
determine its requirements, and to give
the compliance team final approval on
the business requirements.
Among regulators and financial
institutions, the focus on regulatory
compliance has recently intensified.
Striving to satisfy their obligations under new and existing regulations while
rebuilding trust among consumers,
banks are turning to enterprise-scale
information technology systems to
manage and meet regulatory compliance needs. Common examples
include transaction monitoring
systems used to monitor all transactions for
unusual or potentially suspicious
activity, and large
data warehouses
developed to review and monitor credit risk.
But implementing systems of
this scale can be complicated because of the
subjectivity of the regulations and
their requirements, promised project
completion dates, and the number of
stakeholders, as well as typical problems like schedule delays, solutions
failing to meet the requirements, and
cost overruns. With these issues in
mind, financial institutions should
consider the following top five factors
when launching such projects.
Systems of this scale likely will require data from across the institution,
including many of the core banking
systems. Any data issues in the core
systems, such as those affecting the
availability and quality of data, will affect downstream steps in the processes
and must be addressed early. These
issues could prove especially vexing in
institutions that have grown by mergers and acquisitions and now contend
with inconsistencies between systems.
2. Methodology
The implementation plan should employ a common methodology such as
a structured approach that outlines
the high-level phases and activities
that must be followed on the project.
Most institutions have
their own methodologies that are
familiar to and
followed by
their personnel. Product
and consulting vendors
will also have
their own sets of
methodologies, but
these should be mapped
to the institution’s. It is important that every member of the team
understand the different phases of the
methodology.
The business methodology is also
central. Vendors usually develop their
products to be flexible enough to
meet global compliance standards.
They tend to focus on their systems’
capabilities and use a common ap-
