Managing compliance with master data management

Companies are anxious to find ways to reduce the costs and efforts required to manage compliance so they can focus their attention on their core business. Master data management has emerged as one popular solution, particularly for financial services firms.

By Joe DosSantos, Siperian

Corporations are spending more time and money on regulatory compliance now than at any other time in recent history. In fact, the largest corporations spent an average of $4.6 million implementing Sarbanes Oxley (SOX) section 404 controls in their first year of implementation, and Forrester Research estimates the five year cost of Basel II implementation for the largest banks to be $150 million.

Recently, governmental and international regulatory bodies have been quick to introduce new rules and legislation in response to current business and geopolitical events; yet, slow to ratchet back these regulations as the environment stabilises. Within this ebb and flow of regulations, regulatory frameworks can take on a life of their own.

For instance, the Basel Committee – which first met in 1975 in response to the failure of Bankhaus Herstatt – remains active 30 years later and continues to evolve oversight on supervision, capital allocations and risk calculation through Basel II which is the standard for global financial institutions. Similarly, 11 September, 2001 motivated further changes in the financial sector with the USA Patriot Act making Anti-Money Laundering (AML) and Know Your Customer (KYC) common vocabulary in the financial services industry.

As a result, it is no wonder companies are anxious to find ways to reduce the costs and efforts required to manage compliance so they can focus their attention on their core business. With SOX, Basel II and the USA Patriot Act all sharing the need for reliable control of master or reference data, leading financial services firms are increasingly looking to master data management (MDM) as the foundation for regulatory compliance management.

Establishing a regulatory framework

Today, master data management is considered a strategic business driver as it enables institutions to unify and consolidate data about their customers, products and organisations; data that is often fragmented across different systems. By creating a centralised master reference hub, organisations can deliver the most reliable, complete views of key business data within their existing business processes and more importantly leverage these data assets within operational business processes to remain in compliance, adhere to various privacy requirements and simplify the reporting process.

Financial institutions have been tackling compliance management issues using varied approaches to establish documented control frameworks as mandated by SOX. One common approach is to make business process management changes, while another approach is to invest in technology solutions. As an example, banks which have implemented effective and clearly documented processes and software technology to address customer on boarding and risk management have realised significant cost advantages and have simplified their ability to adhere to regulations.

As such, a thorough look at the enabling processes and technology in these areas is worth examining since an investment today has the potential to save countless millions in the future as ever changing regulations evolve. In contrast, organisations who select temporary solutions unique to each regulatory framework will fail to take advantage of cross-functional benefits, will ultimately add to the costly burden of compliance and will hinder their ability to focus on customer profitability and other strategic initiatives.

Building a foundation for managing regulatory compliance is one instance where a sensible investment today can have the potential to reap significant and ongoing financial and business benefits in the future.

Creating a reference data management foundation

When evaluating and selecting which business processes and technologies will best address your current and future compliance needs, financial institutions should first consider the regulations with which they must comply. More importantly, organisations should evaluate their historical compliance issues in order to identify commonalities among them, and then build a technology foundation able to address these common requirements – as history is known to be a good predictor of what is to follow.

In the case of the USA Patriot Act, SOX and Basel II compliance, consider that each of these share a need for reliable control of master or reference data (such as customer, counterparty, securities, employees). For example, the recent SOX regulation set out to establish controls over the creation of customers, securities, counterparties and employees with the goal of rooting out fraudulent and irregular accounting practices; while the USA Patriot Act requires banks to establish auditable processes for identifying customers as candidates for potential illicit activities.

Consequently, the ‘Know Your Customer’ regulation mandates the need to evaluate the strength of customer on-boarding processes, while Basel II regulations demand improved precision in understanding securities and counterparties in order to establish accurate and meaningful risk assessments.

Master data management is proving so appealing in dealing with these varying regulations because it enables companies to effectively manage the complete data lifecycle of master or reference data and also establishes a foundation for rapid and reliable compliance initiatives. In addition, firms have also found that a foundation for compliance based on MDM can reduce the cost of managing new regulations.

Knowing your customer

In a highly regulated industry, financial institutions are subject to a host of overlapping regulations – some that are specific to the types of clients they work with, while others require them to monitor and report their client’s activities to the government. At the core of these regulations, knowing your customer, their legal status and their activities will have a significant impact on an organisation's ability to comply.

After all, predicting how regulations will change in the coming years, or determining what unforeseen event may trigger new regulations, is a near impossible endeavour. It could be a currency crisis in Asia, a new terrorist threat in Europe, a government scandal here or abroad, or another corporate debacle. Yet, it is certain that new regulations will demand that companies more clearly understand who their customers and business partners are, and the nature and terms of their business relationships.

Considering that SOX, Basel II and the USA Patriot Act all share the need for reliable control of reference data, the trend for increasing reliance on MDM platforms seems set to continue.

Joe DosSantos is practice manager, business integration services at Siperian, Inc.