Facilitating Compliance in Today’s Financial Services Institution
In financial services, the advent of the Sarbanes-Oxley Act of 2002 created unprecedented concern and activity regarding financial reporting and regulatory compliance. Financial services institutions (FSIs) are being forced not only to assume full responsibility for the information included in their financial reports, but also to review and certify the procedures used to gather and compile this information in the first place.
In an industry that relies heavily on perceptions of credibility and trust, compliance is more than a priority from a regulatory standpoint. It is essential to the integrity of the corporate brand and customer retention. The direct costs of non-compliance through fines, penalties and litigation can be high, but the indirect costs from lost credibility and decreased market share, customer loyalty and revenue can prove to be even higher. Many see corporate transparency as one of the keys to regulatory compliance. These organizations must focus on gaining a better view into business activity throughout the enterprise and increasing control. This requires more immediate access to critical information to facilitate rapid and effective decision-making. As a result, technologies that enable organizations to actively monitor business processes, produce meaningful and timely analytical information and manage ever-increasing quantities of information have come to the forefront.
The scope and capabilities of enterprise content management (ECM) leveraging business process management (BPM) have rapidly made it a leading solution for ensuring corporate compliance. ECM solutions are uniquely focused on managing complex business processes, as well as the data and information that drive them. This makes ECM an effective enterprise platform for addressing the complexities of Sarbanes-Oxley, as well as the operational risk aspects of Basel II, ACIP, FASB, IASB, the Patriot Act and other regulatory requirements. By connecting content to processes across the enterprise and leveraging existing systems, data and architectures, ECM allows financial services organizations to automate and control reporting functions and provides a proven architecture for achieving process efficiencies and cost reductions. By lowering the cost of compliance, financial organizations can turn compliance into competitive advantage.
Sarbanes-Oxley: A Difficult and Costly Proposition
The Sarbanes-Oxley Act strives to boost investor confidence and mandate senior executive accountability for corporate financial reports. Most financial institutions have focused their compliance strategies on Section 302 (establishment of corporate responsibility and certification for financial reports). With the threat of financial penalties and prison terms for corporate officers, the motivation for compliance is high. More recently, companies have turned their attention to Section 404, which enforces direct management responsibility for the assessment of internal controls. Now companies must include an assessment of their controls and procedures for producing financial reporting information in any annual report. Additionally, the corporation's public accounting firm must attest to this assessment. This requires that financial institutions document internal procedures and demonstrate how they have strictly adhered to them. This represents perhaps the most difficult and complex aspect of compliance under Sarbanes-Oxley.
To achieve corporate transparency, companies must establish stringent controls for process documentation and performance. While many firms have documented processes in static form and revised internal policies and controls to comply with Section 404, their methodologies have left them poorly positioned to meet rules covered in Section 409. This section requires that material changes to processes be disclosed "to the public on a rapid and current basis" (interpreted to mean within 48 hours). As a result, senior management must have new levels of visibility into reporting processes to certify the content of their financial reports.
These demands have caused the cost of compliance to rapidly escalate. As other equally complex regulatory issues such as the evolving Basel II Capital Accord continue to surface, the increase appears likely to continue. To achieve compliance quickly, many financial service institutions (FSIs) have invested heavily in consulting services. This has led to substantial increases in both consulting and external audit fees industry wide, while dramatically rising insurance premiums have proven an additional hidden cost of Sarbanes-Oxley.
These escalating costs require efficient solutions that can address immediate compliance needs and deliver the flexibility to accommodate future regulatory requirements. This makes the proliferation of point solutions a short-sighted approach. Instead, FSIs must take a long-range look at business processes and related systems to ensure ongoing compliance.
Achieving Competitive Advantage
Compliance is inherently evolutionary. Many regulatory initiatives have developed relatively recently, and will continue to evolve. To transform compliance into competitive advantage, a growing number of FSIs are looking to derive additional value from the process improvements and business efficiencies involved in these efforts. These organizations are working to implement compliance solutions that enable an optimized environment for real-time monitoring and continuous, rapid process improvement. This enables dramatic reduction in the cost of compliance, achievement of true organizational transparency and speedy response to current and future regulatory requirements.
ECM provides an ideal platform for ensuring enterprise compliance with all regulatory initiatives. Beyond enabling corporate transparency, ECM ensures compliance processes themselves are effectively automated and appropriate controls are adhered to.
ECM focuses on three critical elements:
(1.) Content—Content is information, including scanned images, electronic documents (e.g. MS Excel files), rich media, faxes and even structured data (information that is typically stored in a database).
(2.) Process—Process resides at the core of all FSIs. This is how business gets done. ECM incorporates BPM functionality to automate, control and accelerate business processes. More than simple workflow automation, ECM enables process modeling, analysis and continual improvement to ensure ongoing compliance and maximum operational efficiency.
(3.) Connectivity—Technology cannot exist in a vacuum. To gain maximum value from both new and existing IT investments, systems must be able to interface with each other. ECM incorporates business integration capabilities that allow financial services organizations to leverage legacy IT architectures in building new enterprise solutions.
Together, these components constitute a solution that can address immediate compliance issues and respond to emerging regulatory requirements. Additionally, ECM's inherent capabilities to drive process automation and efficiency can dramatically reduce the cost of compliance, shorten reporting timeframes and enhance overall competitive advantage.
Enabling Immediate Information and Documentation Access
ECM creates an effective compliance architecture by securely storing and retrieving virtually unlimited quantities of information at any point during the required seven-year audit retention period (Section 103). ECM also provides robust search capabilities to rapidly locate and access information stored in the repository. In addition, ECM supports versioning control and check-in/check-out functionality, enabling detailed audit trails.
By creating a direct link between process documentation (Section 404) and process execution, ECM ensures that changes to a documented process roll out immediately to the enterprise for day-forward adherence. Additionally, implementation of ECM/BPM requires creation of a library of process maps for continuous comparison. This enables rules-driven automation of newly defined policies, ensuring all process changes are captured and immediately available for reporting (Section 409). By graphically modeling procedures, ECM allows rapid deployment of refinements and accelerated information gathering.
With ECM, management can quickly determine the source and approval process for critical financial information. Management can present information-gathering procedures, identify participants and even make modifications for greater control at any point in time. In addition, ECM can version the processes, and roll them back to a specific point in time to enable companies to review and represent process evolution.
ECM also allows auditors to directly view compliance processes, documentation and reporting information. With secure, immediate access to financial reporting documentation and process information, corporate transparency greatly increases. As a result, organizations can achieve meaningful cost reductions from more efficient auditor assessments and rapid response to regulatory inquiries.
By providing a single, secure, enterprise platform for storing critical process documentation, ECM virtually eliminates concern about an audit trail. This documentation can be effectively managed and rapidly retrieved across the enterprise, ensuring managers, auditors, and others can access critical compliance information at any time. By supporting the rapid development and modeling of business assessment processes from the bottom-up, ECM provides full automation and responsive control. Management can assign specific tasks and activities to key personnel to assist in the complex process of gathering detailed assessment information, and by monitoring the process in real-time, immediately determine the status of any or all tasks and activities.
Moving to Real-time Reporting
Section 409 of Sarbanes-Oxley mandates real-time reporting by requiring publicly traded corporations to "disclose to the public on a rapid and current basis" any material changes in the financial condition of their organization. In today's regulatory landscape, "material change" has expanded to include items as detailed as the loss of a principal customer or account.
This is an issue ECM is uniquely suited to address. ECM architecture is event-driven, meaning it allows critical events to be identified within the context of a business process and initiates an automated response or corresponding set of activities. Organizations can leverage ECM to actively monitor for events that represent "material changes" and trigger a responsive, controlled process to ensure that required disclosures are generated within the timeframes prescribed.
ECM also offers rich rules engine integration, enabling FSIs to separate automated processes from the business rules that drive them. ECM integrates with industry-standard rules engines that allow companies to define complex business rules in natural language. In doing so, FSIs can establish business rules that outline material changes and require subsequent action. As the prescribed list of material changes expands, organizations can rapidly modify these rules without complex and costly recoding of their business processes.
ECM is an enterprise-class platform that offers an effective solution for addressing corporate compliance while delivering significant business value across the enterprise. ECM also provides tremendous opportunities for cycle-time reductions and cost savings in financial report preparation and assessment of internal procedures.
More than a point solution for Sarbanes-Oxley, ECM is an enterprise platform for content and business process management that can scale to address the many compliance-related issues that FSIs confront. In today's environment, compliance is a cost of doing business. This makes it imperative that these same compliance solutions also drive efficiency and enable automation. ECM can help reduce the timeframes and costs associated with financial reporting and compliance, while enabling ongoing process improvement. By approaching compliance as a catalyst for improved operations, financial institutions have an important opportunity to realize meaningful competitive advantage in brand perception and customer service.
FileNet Corporation (NASDAQ: FILE) helps organizations make better decisions faster by managing the content and processes that drive their business. FileNet Enterprise Content Management (ECM) solutions allow customers to build and sustain competitive advantage by managing content throughout their organizations, automating and streamlining their business processes and providing the full spectrum of connectivity needed to simplify their critical and everyday decision-making.
Since the company's founding in 1982, more than 4,000 organizations, including more than three quarters of the Fortune 100, have taken advantage of FileNet solutions for help in managing their mission-critical content and processes, including 27 of the top 30 US bank holding companies, more than 350 global banks, and nearly 1,000 financial services organizations. For more information, visit FileNet.