Magazine Article | November 20, 2006

Financial Regulatory Compliance Includes More Than SOX

Source: Field Technologies Magazine

Learn how lesser-known regulations may affect your business and how ECM (enterprise content management technologies can help.

Integrated Solutions, December 2006

Financial services companies face multiple concerns regarding regulatory compliance. “In the past five years alone, financial services — like other businesses — have been greatly impacted not only by the rigid requirements of SOX [Sarbanes-Oxley ] but also by legislation like the U.S. Patriot Act,” says Kevin Keener, marketing director, United States and Canada, for Eastman Kodak. “Many financial institutions now have individuals on staff solely dedicated to compliance and/or risk. That says a lot about the breadth of compliance issues, as well as the scope of work that is required to keep in step with the regulations.”

Most of the regulations have been in place or on companies’ radar for a few years — SOX being the most prominent. However, there are a number of other regulations financial services companies must adhere to. “In the financial services sector, the requirements of SOX, while onerous, represent a compilation of best practices,” says Simon Wiltshire, VP of product marketing for compliance at Stellent, Inc. “There are other regulations that are more strict — and more detrimental if you’re not in accordance.”


The Basel II Capital Accord is one such regulation. The Accord is a regulatory framework that requires financial services companies to  demonstrate risk management practices around credit risk and broader operational risk. “The Accord has a more direct business impact than SOX because the risks are incurred and either treated or tolerated in the course of day-to-day business,” says Wiltshire. “The Accord is aimed at requiring financial institutions to adopt best practices in the area of risk management to both minimize the likelihood of significant disruption to financial markets and to level the playing field with respect to an institution’s ability to leverage its capital effectively. Because of this, the Accord requires banks to integrate multiple, disparate risk management efforts into single common approaches to reduce the cost and effort and provide a single, transparent view of its operational risk management practices.” In many cases, this provides an opportunity to implement enterprise-class software to help bring a common methodology and system to multiple areas of risk management.

Other key compliance issues address the impact credibility and consumer confidence of data privacy. “Recent accounting fraud and security breaches at financial institutions — highlighted by the disclosure requirements of California SB1386 — have created public consternation and consequent legislation to tighten the requirements on all organizations that maintain sensitive consumer data to protect data more carefully and disclose data losses,” says Wiltshire. “The ‘granddaddy’ of all privacy bills, Specter-Leahy, is waiting in the wings of Congress and may create a new requirement on business-to-consumer organizations of enormous magnitude in terms of effort and reporting.”


Financial organizations arguably face a plethora of regulations governing their business compared to the average company. The financial industry is also extremely paper-intensive. “Digitally capturing the volume of the transactions financial organizations handle on a daily basis and then maintaining the resulting documentation,  is no small feat,” says Keener. “Combine that effort with the ever-growing number of regulations that each of these activities are subject to, and you begin to get a small idea of what this challenge looks like.” (A small step toward addressing this challenge is relying on distributed scanning — midvolume scanners in place at branch locations for employees there to capture incoming documents. This approach takes the scanning burden off a company’s central location while still maintaining the central repository standards.)

An additional challenge to compliance is organization. “Each unit or function within an organization might have developed compliance practices as dictated by the nature and urgency of a particular requirement,” says Wiltshire. “In many cases, individual groups or projects have already purchased software for point solutions and struggle to accept an alternative due to retraining staff, reinvesting technology budgets, or the ‘not invented here’ syndrome. The ability to integrate multiple compliance initiatives into a single platform can save some capital investment in technology and, more materially, the cost of the implementation effort.” Additionally, effective technology solution implementations help organizations better manage strategic objectives. These solutions help identify and mitigate risks — and the consequent losses — more effectively. To address these challenges, organizations should consider implementing an enterprise governance, risk, and compliance (GRC) platform. Embracing a GRC initiative requires strong support from the highest levels, including board members and executives, to create clear company-wide buy-in.


Most content management solutions are deployed to solve a specific, localized problem, often departmental, and the solutions’ subsequent effectiveness can create broader adoption. Content management is a broad label, but should include strong capabilities for document management, Web content management, records management, and collaboration. Because of all of the regulatory requirements that they face, financial services companies are not just scrutinizing the technology and software features of various compliance systems. Rather, companies are demanding that these systems be capable of integrating with their existing business processes. “The addition of compliance systems can be a major drain on everyday operations,” says Keener. “For this reason, financial service companies are seeking solutions that will keep them compliant while streamlining workflow and without sacrificing productivity. These solutions also need to be versatile as the rules continue to change. In other words, what constitutes compliance this year may not next year or the year after.”

No matter how effective your technology solution is, though, compliance is primarily an organizational issue, not a technology issue. “While content management solutions can — without doubt —  have a significant impact on the ease of implementation of a comprehensive risk management strategy, it starts with an organizational commitment and strong sponsorship,” says Wiltshire. And though compliance can be a painful endeavor, companies should know there is an upside to all of this supervision, too. Compliance forces companies to gain visibility, transparency, and accountability over their operations. In doing this, some companies have inadvertently identified and been forced to correct operational shortcomings.