Financial Services Have it Tough
I guess it's hard to feel sorry for the financial services industry. I mean, they're holding all the cash, right? So it would be silly of me to try to convince you that financial services institutions (FSIs, for short) deserve a certain amount of sympathy...wouldn't it?
Well, I'm going to try anyway, because it's true. FSIs are on the short ends of a bunch of sticks, and it's not getting any easier. Thanks to regulatory pressure, security scrutiny and privacy conflicts, the various financial service sectors—banking, securities, insurance—face a gauntlet of sticks, and enjoy, surprisingly, damn few carrots these days.
"Financial services companies get hit from all angles, it's true," says Alan Weintraub, senior director, business solutions for Hummingbird. "First, they've got very specific banking regulations (such as section 17a of the Securities Exchange Act, anti-money laundering regulations, the Patriot Act). But they also have to adhere to Sarbanes-Oxley and the privacy demands of HIPAA, which are more generalized and not specifically financial in nature."
So in addition to the same good citizenship badges any public company is now expected to earn, FSIs have added responsibilities due to their extremely sensitive nature. For example, in addition to watching for suspicious activity in the search for terrorists and/or money-launderers, FSIs are also required to protect the privacy of their customers' financial activities. Any way you slice it, financial services institutions have a tough row to hoe.
"Financial services companies have more of a direct customer interaction," says David Cornelius, vice president, financial services solutions for FileNet Corp. He makes it pointedly clear: "Brokerages and lending companies handle people's money. They need to be transparent." Other public companies merely have to worry about how they record earnings, and make sure expenses are in the right buckets, but FSIs are under a special spotlight.
There's a pecking order of scrutiny: Are you taking the client's instructions properly? How is the portfolio constructed? Is the trading on the portfolio in compliance? Are all the other people doing the trading in compliance? "They've got to be 120% correct nowadays," says Cornelius.
Waiting for Compliance
It might be true that FSIs are under more scrutiny than before—and probably rightly so—but my impression has been that the "Great Compliance Scare of 2002—2003" had a greater hype cycle than a business cycle.
Show me the money, I say. The press (gulp), analysts and vendors created a deafening level of buzz, but there was very little commerce that occurred from looming regulatory deadlines. Right?
Weintraub agrees, sort of. "Let's use Sarbanes as an example," he says. "SOX regulations were passed in 2002, and went into effect last month. Keep in mind, though, that Sarbanes regulates in two aspects. First, you're supposed to manage your content, and retain it for seven years and manage the versions and drafts, etc. Companies did not see this as a ‘must-do.' They figured it would take the SEC a few years before they ever came to audit them." This I understand: if it weren't for deadlines, nothing would get done.
"BUT," continues Weintraub, "the second part of Sarbanes has to do with internal controls. And who is ultimately responsible for the existence of internal controls? Not the company. It's the auditor." No auditor will accept the reputational risk—especially after all the recent debacles—to sign off on an audit unless he is 100% confident that the company has complied with its Sarbanes requirement to implement sound internal controls that can be documented. "Or," as Weintraub adds, "the company can demonstrate how it's NOT following the rules but has a plan to correct it."
If there's no confirmed audit, there's no quarterly or annual reports. And that's a huge risk that FSIs are not willing to take.
"2004 has been a voyage of discovery for the auditors as well as the companies themselves," says Cornelius. "There are procedures that have been changed three or four times" in recent months, and as a result, accounting and audit fees in many cases have doubled.Somewhat ironically, the typical first method for coping with Sarbanes came from the auditors themselves. Faced with having to turn away non-compliant clients, the audit firms put together spreadsheet-style "report generators" and gave them away free to their clients. Thus, instant internal control—just add data.
The problem with those stop-gap measures, says Weintraub, "is that they wouldn't scale over time." They were good enough to get through the initial assessments (and to satisfy the auditors, who, in a spectacular display of CYA, provided them in the first place), but not for the long haul. FSIs are now looking at content management software, because they know their content-certification will eventually become a problem. "We're saying, ‘You may not be concerned with it right now, but you want to adopt content solutions that will deliver, over time, in a stepped approach,'" says Weintraub.
Moving Toward Value Creation
FileNet's Cornelius readily admits that companies still view content management in terms of risk management rather than the value creation that emerges from business performance improvements, although, he says confidently, "the more enlightened customers are beginning to do that."
Time will tell if there's a trend underway. Many FSIs that are looking at their business processes are still going through the painful "re-paving" procedures that such careful re-engineering inevitably leads to. They're finding duplicated approval cycles, or redundant workflows. They're finding shortcuts and taking the steps necessary to redesign their processes to take advantage of them. But it's going to be a long time before the "must-do" processes give way to the "should-do" processes.Frankly, these KMWorld White Papers probably focus more on the "should-dos" than they, well, should. Most organizations—we're talking about FSIs here, but really all organizations—have daily operational procedures that take precedence over the fine-tuning that content-based business process management provides.
But this is not called a "Pretty Good Practices" white paper. Read on to learn about the Best Practices that can be achieved.
Andy Moore has held senior editorial and publishing positions for more than 25 years. As a technology writer and editor, Moore speaks with dozens of senior executives and industry experts each month. In his role as Editorial Director for the Specialty Publishing Group, Moore oversees the contributions to the series as well as conducting market research for future topics of interest for the series.
Moore is based in Camden, Maine, and can be reached at firstname.lastname@example.org