Source: Laura Mooney, Metastorm
Laura Mooney, senior director, Metastorm on the role of business process management in financial services compliance
Since the earliest days of commercial computing, no industry has been more adept in using information technology (IT) to improve performance and cut costs than the financial services sector. Historically, it has poured huge sums of money into systems and applications designed to support numerous functions and departments.
In the past decade, however, the focus on IT deployment among financial services companies has shifted fundamentally. At one time, they looked to technology simply to automate existing, often paper-based, tasks and functions. Now, with the ever increasing number of industry regulations organisations are being forced to comply with, deployment is more likely to be informed by a more end-to-end approach to coordinating and streamlining core business processes.
Ensuring compliance with the continuous stream of new regulations that has appeared over recent years has proved both complex and onerous for most organisations. Those in the financial services industry have been hit harder than most. But while burdensome, compliance with the Sarbanes-Oxley Act, the Basel II code, MIFID and anti-money laundering laws (among many others) is not an issue that can be side-stepped.
Failure to demonstrate compliance can severely damage a financial services business its reputation, its balance sheet and even the liberty of company officers who are called upon to affirm that their organisation adheres to the new rules and regulations. Actually implementing the technology and processes required to demonstrate that a bank meets the strictures of numerous mandates demands a significant level of control over its processes and the way they are monitored and audited.
Implemented well, business process management (BPM) provides an opportunity for financial services companies to eliminate many of the ‘pain points’ associated with achieving compliance – on an ongoing, long-term basis. BPM achieves this in two ways: through process definition and process monitoring.
Process definition and monitoring are at the heart of compliance. Combined in BPM, they can improve ‘time to compliance’ and help counteract a bank’s tendency to re-invent the wheel for every new set of regulations (and every time an existing set is revised).
BPM technology allows businesses to automate and standardise on processes that are both auditable and consistent. Acting as an orchestration layer to the myriad of disparate IT systems that are used in the course of a single business process, BPM applies business rules, enabling cross-silo automation of processes across the entire organisation. In this way, financial institutions can enforce processes so that all required steps are performed. Built-in authorisation and control mechanisms, meanwhile, ensure that only authorised personnel are able to perform certain actions within a business process.
Using BPM, maintenance of processes is simplified, since the overall view of processes that BPM offers makes it possible to change one rule governing a process in one place – rather than in multiple IT systems -- in response to a new regulation.
Visibility into what is going on across a process is the key to controlling and managing it. BPM automatically captures information on a company’s processes, as required by a number of regulatory mandates, and creates an audit trail. Reporting and analysis tools can be used to explore that information, so that it is possible to get an overall perspective of how processes are running, as well as more granular detail about a specific process, or even a specific transaction. That information provides evidence of what was done, by whom, at what time, which can prove invaluable during an auditor’s review or simply to flag potential areas of improvement to internal managers. The audit trail includes not only process flows and actions taken, but also electronic copies of the documents and signatures at each stage in the process.
The more mature BPM packages, meanwhile, make it possible to monitor key real-time activities via a dashboard. Continuous monitoring features allow users to set alerts or timed actions to ensure that critical issues are made visible for immediate action. When a process fails to complete and this failure poses a potential compliance risk, for example, that problem will be immediately flagged to managers.
BPM is already helping many of the world’s leading financial services companies to make their core business processes ‘compliance-friendly’ and to satisfy external auditors that they have sufficient process control and monitoring in place. But the most forward-thinking companies are looking at leveraging those efforts to drive further, valuable process changes in their companies. In effect, the improved visibility and development of controls that compliance-focussed BPM brings has helped them identify further areas for process improvement, increased efficiency, and greater agility – freeing people from mundane tasks and empowering them to be more innovative.