Beruflich Dokumente
Kultur Dokumente
White Paper
The challenge is to find the right middle ground between • deliver process savings through automation and
keeping too little and too much data. Too little may expose the best‑practice methodologies
enterprise to the risk of regulatory sanctions, spoliation
sanctions and impaired operations, and too much may mean • reduce liability insurance costs by creating a smaller,
increasing costs for operations, infrastructure, records better-managed set of records
management and litigation.
• deliver between 175 and 750 percent ROI, based on IBM
Gartner estimates that enterprises choosing stand-alone estimates and depending on the data volumes involved and
solutions for each regulatory challenge they face will spend 10 on the quality of existing processes
times more on compliance projects than counterparts taking a
more proactive, integrated approach2. Enterprises operating in
the financial services sector need a holistic approach to:
Explaining the challenges
• understand what information they hold, and what they need Financial services firms operate in perhaps the most highly
to keep regulated of all global markets, and face significant challenges
in meeting their regulatory obligations in a timely and cost-
• ensure critical information is retained, protected and effective manner. These can be broken roughly into external
discoverable at low cost and internal challenges.
• leverage stored information to create new business value. Externally, there are more than 10,000 global regulations that
may affect a financial services firm, and strong signs that
The holistic Compliance Information Lifecycle Management regulators intend to keep up the pressure: more than 4,000
solution from IBM provides a turnkey hosted service to address new regulations are in the pipeline. As margins become
these three key elements. The service is supported by experts in smaller in the mature markets of the US and Europe, banks
the IBM Risk Center of Excellence and Global Delivery Center are increasingly looking for growth opportunities in new
and is built with software from the integrated risk management geographies, which inevitably exposes them to new sets of
domain of the IBM Banking Industry Framework. regulatory compliance issues. The fallout from the recent
credit crisis and related government intervention around the
globe has sharpened the appetite of regulators for greater
scrutiny of financial services firms – and there is considerable eDiscovery during litigation proceedings. Indeed, a recent
political pressure in many countries to introduce tougher survey by the Association for Information and Image
sanctions for infringement. All of this adds up to an urgent Management (AIIM) found that a firm’s electronically stored
need for many financial services firms to take a closer look at records were less than half as likely as their paper records to
their obligations and to check that they have adequate policies be under suitable control.
and systems in place to ensure that they are keeping the right
data in the right ways. In IT terms, the rising volumes and complexity of data
inexorably translates into high costs for the physical
Internally, the key challenges are to understand how the infrastructure – in the absence of technology to automate
external factors affect the business, and then to design and content classification and retention rules – particularly as
maintain the correct approaches and systems to address them. there is a requirement to manage multiple different types of
At a time of budget cuts and reduced staffing levels in storage (online, near-line, online backup, offline backup,
compliance and IT, these are not trivial tasks. archives, and so on).
Previous approaches to compliance may well have been Finally, financial services firms are well aware that regulatory
reactive and isolated, with new policies and systems compliance need not just be a painful cost of doing business –
introduced to address specific concerns or deficiencies it can also present a significant opportunity for improving
identified in a single area of the business. Over time, many internal efficiency and enabling new business opportunities.
firms have therefore built up a set of overlapping controls, Improving the classification, retention and accessibility of
duplicating cost and effort and hindering a holistic view of business data for regulatory purposes will also accelerate
compliance structures across the enterprise. Where a firm has internal reporting, improve access to timely information for
merged with or acquired other companies, there may be accurate decision making, and enable faster response to new
significant unknown risks buried in the fragmented opportunities or competitive threats.
compliance structures of the acquisitions.
To address the challenges outlined in the previous section of
Before addressing the practicalities of how to classify, store the paper, the IBM approach identifies three key
and manage information for compliance purposes, financial requirements: know, manage, leverage.
services firms need first to understand how a vast and
overlapping patchwork of local and global regulations Know: what data do you have, and what do you need to keep
translates into specific retention policies for each part of their (for compliance and/or for business)? How do you decide what
business. This understanding is not a static, one-off must be kept across all different business units, jurisdictions,
achievement; rather, it must be continually revisited as the and how do you keep up-to-date with regulatory
external regulatory framework evolves and as the internal requirements?
business structures and requirements change.
Firms need clear retention policies and a cost-effective way to
The amount and types of data that must be retained for classify information as it comes into the enterprise. The first
regulatory reasons have been rising steadily, against a step is to move from a one-off, limited, reactive approach to
background of explosive growth in overall data volumes. Much compliance towards an ongoing, holistic, proactive approach.
of the new data is unstructured and locked away in corporate
email systems, intranets and personal storage folders. In This will combine keeping abreast of changing regulatory
compliance terms, rising amounts of unstructured and poorly obligations, translating them into policies for information
managed data significantly increase the risk of regulatory management, and creating an efficient framework to actually
penalties and spoliation, as well as pushing up the costs of implement and maintain the changing policies.
IBM Global Business Services 4
Leverage: how can you derive business value from 3. Implementation – the selection and deployment of the
information that is stored (primarily) for compliance appropriate technologies. This stage also encompasses the
purposes? How can you support effective, accurate, timely development of policies and the design of processes around
business decisions? compliance information lifecycle management.
To turn compliance from a business cost into a valuable 4. Operation – IBM manages the full Compliance Information
source of new opportunities, financial services firms need to Lifecycle Management environment, either in your data
create enhanced taxonomies for data, and then to ensure that center or at an IBM secure location. Daily operations are
incoming data is accurately classified. By eliminating monitored by experts in the IBM Risk Center of Excellence
duplicated and outdated information, firms can reduce and Global Delivery Center.
storage and management costs while enabling faster and
easier access to data. Deep experience, proven capabilities
By engaging IBM to manage compliance information
The introduction of automated analysis of data and pattern throughout its full lifecycle, financial services firms gain the
recognition will start to break down functional barriers, benefits of IBM’s long track record of success in the industry.
simplifying reporting and enabling new enterprise-wide Combining leadership in risk and compliance consulting with
opportunities to be identified. extensive experience in delivering world-class Enterprise
Content Management (ECM) services, IBM has the internal
skills and methodologies to provide a cost-effective, low-risk
service. IBM is also the market leader in technology for
records management, database archiving, text analytics and
classification, data and content federation, and Business
Process Management.
IBM Global Business Services 5
The first stage in the solution is to create the policies and the • The Core Banking Transformation domain enables
framework that will govern the new holistic compliance banks to modernize and renovate legacy applications
environment. Experts from the Risk and Compliance practice that support core banking functions while re-aligning
within IBM Global Business Services use the IBM Inventory of them with changing business needs.
Obligations – which is pre-populated with thousands of
international laws and regulations – to help you determine what • The Integrated Risk Management domain supports
legislation is relevant to your business in all the jurisdictions in banks in taking a holistic approach to managing
which you operate. The Inventory of Obligations is then used to Financial Risk, Financial Crimes, Operational and IT
highlight and analyze the gaps in your existing compliance Risk, and Governance and Compliance. For
policies, and to develop a list of business requirements to Governance and Compliance, IBM aims to help banks
address these gaps and ensure correct coverage. comply with voluntary and mandated regulations while
differentiating their competitive position.
Figure 1: CILM is a hosted solution that provides end-to-end compliant management of your content and data, onsite or remotely
IBM Global Business Services 6
Develop &
Implement Policy,
Accept Changes SOPs & Control
Requirements Control Data
HQ &
Operating
Control Units
Requirements Testing Results
The Inventory of Obligations provides ongoing clarity around sophisticated text analysis tools to determine what must be
the obligations owed to regulators in all markets, and full retained, and providing an advanced software solution for
traceability from internal controls to external regulations. automatically classifying, storing and managing all enterprise
Rather than attempting to piece together a view of compliance data.
from multiple different systems and points of control, you can
use the Inventory of Obligations to maintain a clear, cross- In functional terms, the IBM Compliance Information
functional view of all requirements and related systems and Lifecycle Management solution covers four broad areas:
policies. content collection and archiving, classification, records
management and eDiscovery. Combining a number of IBM
The Inventory of Obligations analysis is supplemented with an software offerings and software deployment best practices
Automated Content Assessment of your firm’s content. This from the Banking Industry Framework for Integrated Risk
assessment, uses IBM’s text and data mining tools to crawl Management, the solution is backed and audited by experts
your content, classify it in accordance with your retention from the IBM Risk Center of Excellence and Global Delivery
schedule, and quantify both the amount of content that needs Center. This provides highly skilled and experienced staff
to be retained and the amount that may be disposed of. resources at low cost, with the ability to rapidly scale up the
dedicated team for specific eDiscovery projects.
The business requirements output from the Inventory of
Obligations and the Automated Content Assessment is used to • Content collection and archiving: IBM FileNet Records
generate and test functional specifications, from which IBM Crawler, IBM FileNet Records Manager, IBM FileNet P8
creates detailed project plans for the implementation and Platform, IBM FileNet Content Manager and IBM
operations stages. Following testing and refinement, the CommonStore combine to collect and archive
solution is put into production – and continually recalibrated information.
to ensure that processes and policies remain in line with
changing business and regulatory requirements. • Advanced context-based classification of structured and
unstructured data: handled by IBM Content Integrator
As part of the solution, IBM provides continuous, automated Enterprise Edition, IBM Cognos Content Analytics and
examination of all existing stored information, applying IBM eClassifier.
IBM Global Business Services 7
• Records management: IBM InfoSphere Records Manager • potential for significant reductions in business liability
and IBM Optim solutions move data to the appropriate insurance by eliminating duplicated or irrelevant
part of infrastructure (live production data, active information to shrink the total data set
historical data, online archives, offline archives)
according to policies. • automation and improved accuracy in information
classification reduce compliance costs
• eDiscovery search and analytics: the IBM Risk Center of
Excellence and Global Delivery Center team use IBM • enhanced ability to see enterprise-wide risk, and to adopt
InfoSphere eDiscovery and related tools to deliver a fast, effective risk-avoidance systems
thorough and cost-effective service, working from properly
managed content stores that contain only the legally • reduced risk of spoliation penalties
required information.
IT and operational efficiency benefits
At the infrastructure level, the Compliance Lifecycle • significant reduction in cost of information classification
Information Management solution includes advanced and records management
solutions from IBM System Storage, underpinned by
comprehensive storage management services from IBM • important process savings in data management, archiving,
Global Technology Services. backup and recovery
• flexibility to adapt faster, more effectively and at lower cost • improved information classification ensures higher
to new or changed regulations quality data for improved decision-support
• ability to perform eDiscovery faster, more reliably and at • enhanced ability to identify new business opportunities,
lower cost and to address cross-functional issues by uniting silos of
information
About the author
Gary Rylander is an Associate Partner in IBM’s Strategy &
Transformation practice focused on the Financial Services
Industry segment. He specializes in helping banks implement
effective systematic controls for Governance & Compliance
related issues. He can be reached at rylander@us.ibm.com.
© Copyright IBM Corporation 2010
IBM, the IBM logo and ibm.com are trademarks or registered trademarks of
International Business Machines Corporation in the United States, other
countries, or both. If these and other IBM trademarked terms are marked on
their first occurrence in this information with a trademark symbol (® or ™),
these symbols indicate U.S. registered or common law trademarks owned by
IBM at the time this information was published. Such trademarks may also
be registered or common law trademarks in other countries. A current list of
IBM trademarks is available on the Web at “Copyright and trademark
information” at ibm.com/legal/copytrade.shtml Other company, product
and service names may be trademarks or service marks of others.
Please Recycle
FDE03001-USEN-00