Keeping it simple

How many times do we wish the utility companies could confer so that the road need only be dug up once to lay pipes and cables? Similarly, the increasing pace of new regulations to comply with means that banks need to stop trying to deal with each one in isolation. Furthermore, there are many fundamental similarities in the demands made by US, European and international regulations – such as the Sarbanes-Oxley Act (SOX), the Basel II Capital Accord, as well as the incoming Markets in Financial Instruments Directive (MiFID) – that having a single compliance framework would not only make things easier for banks, but most likely save costs.

Key objectives

The key objectives of these three regulations are to improve the stability of banks, protect investors and force greater transparency. US firms should have their SOX compliance running now. Affected non-US firms must be compliant from July 2006 at the latest. Basel II compliance depends on the capital approach taken but end-2006 is the latest date for risk management processes and many companies will be collecting risk data much sooner. Basel II is expected to be fully effective, globally, by January 2008, although in the US only the largest internationally active banks are required to comply.

MiFID replaces Europe’s Investment Services Directive and demands greater transparency in all financial instruments, except foreign exchange, sold within the EU, and will be implemented in May 2007. It also seeks to level the playing field between retail and wholesale investors by imposing more demanding evidence of best execution and requiring that large brokers, or ‘systematic internalisers’, publish their prices. By co-ordinating MiFID with work already started on SOX and Basel II, in a common framework, banks should not only be able to reduce compliance spending, but take an initial step in reducing the impact of any further risk-associated regulations.

Alan Jenkins, consultant with BearingPoint, says: “Banks should be assessing the impact of MiFID now as the need to decide on becoming a systematic internaliser has now spurred the call for action. The problem is that there is a need to plan for three to five years ahead in terms of regulatory compliance, and the IT and operations’ budget-planning cycle tends to be 12 months.”

This is backed up by the findings of a recent survey, carried out by Accenture in July, into bank readiness for Basel II. The survey polled senior executives responsible for Basel II compliance at 63 of the largest banks in North America and Europe and found that most banks are finding implementation tougher than anticipated. Nevertheless, the vast majority of respondents said that the regulation is a catalyst for moving toward a more risk-based culture by focusing senior management more closely on risk practices and on securing funding for necessary technology. Half (49%) of surveyed banks reported plans to leverage their Basel II capabilities with moderate or considerable further spending in more strategic solutions such as embedding best practices across their risk functions.

Underestimating the cost

Paul Cartwright, managing partner of the Finance & Performance Manage-ment practice in Accenture’s Financial Services operating group, believes that US banks are still underestimating the cost of complying with Basel II. He said: “We were surprised to see such high expectations for integration of risk and finance, given their traditional separation. This should improve the quality of the data that supports decision-making, particularly through a more risk-sensitive approach to profitability analysis and capital management.”

One requirement of all three regulations is that banks keep trading records and customer data on file for five years. Another similarity is that risk controls must be fully documented. Both mean that the handling and storage of data are now firmly within the compliance department’s remit, which is fast moving towards the centre of banks’ infrastructures.