Financial institutions are facing a wave of challenges which are beyond the traditional cost: income ratio's increasing revenue and operational efficiencies. Dove-tailing into the pressures of stakeholder return, is business velocity, which has already driven several companies to take "short-cuts". As a direct result, compliance to new regulations is the emerging business challenge to be addressed by the Board. Below, you will find data supporting the definition of the challenge...as well as a highlight of an existing tool which your company can leverage today: your technology network.

According to The Economist Intelligence Unit, Chief Risk Officers are a growing breed. In a recent survey of 137 senior managers, 45% of the institutions had already appointed Chief Risk/Compliance Officers, with another 24% to announce within the next 24 months. Costs to implement new regulations can range from several million to hundreds of millions of dollars. In fact, the Tower Group reported that the "tick in the box" approach to each regulation will generate a collective $10b loss of investment (implementation of workaround technologies to become compliant) which manifests itself into a $34b loss due to inefficient processes being introduced.

The most prominent of the new wave of regulations, along with Sarbanes-Oxley, is Basel II.

Basel II

As an extension of the Credit Accord, Basel II goes well beyond credit and market risk. Basel II incorporates, for the first time, an explicit categorization of operational risk. It defines operational risk as "the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events."

As a result, managing the risks arising from operations is now a central part of every financial institution's compliance obligations. The standards for risk management imposed by Basel II - as well as European and US legislation - mean that operational risk management is no longer a sub-set of other risk categories; it is now a substantial risk category in its own right.

Basel II is structured in three pillars, Minimum Capital Requirement, Regulatory Supervision and Market Discipline.

The first pillar goes live January 2007 in Europe and January 2008 in the US, whereby financial institutions operating in Europe, have to set aside adequate capital dependent upon its risk controls; the better the controls, the lower the capital amount. Incentives to implement effective and efficient controls potentially halves the amount of capital banks would need to set aside. Bank applications to local regulators are categorized FOR OPERATIONAL RISK between Basic Indicator, Standard Indicator Approach and the Advanced Assessment Approach.

Much of the investment within Pillar I has been focused on loss data capture across the business silos, noting that all banks have to map into Basel II's defined business segments, which have to be signed off by the CEO and CFO.

Pillar II, which is fast approaching on the horizon, then asks banks to prove that their calculation in Pillar 1 (together with the operational risk controls implemented) are actually effective to justify the capital adequacy originally calculated in Pillar 1.

Pillar III, which then in essence asks banks to provide open disclosure about its trading activities and associated risk controls gives any merger/acquisition talks a whole new outlook. That is why 15 US banks have already made decisions to comply with Basel II, despite the costs today, as it affects their future growth strategies. And don't forget, the good ole rating agencies will have their two pennies worth of say also in such activities. Then the dynamics between the business and IT will take on a whole new dimension.

Although the desire of many, making risk an innate part of the bank's culture is the nirvana, because it involves people. Managing operational risk across the enterprise is the next best thing. Getting a corporate view, in time, is the challenge. IT can be a significant enabler to ensuring that inter-relation of risk is managed across the silos within the bank.

The Role of the Network

Looking at IT investments today, banks are now facing a strategic moment with their infrastructure. Much has been spent in trying to get an enterprise view by "gluing" the bank together to communicate and collaborate continuously in a secure manner. More glue has been used to bolt-on contingencies if disasters strike.

Before applying any more glue to get that single "golden" view, it's a good time to take a step back and review what the glue is actually gluing together. You'll very quickly see that no matter what company operation, in whichever country, running whatever application, they all touch the network.

Taking into account the convergence of how we communicate (data, voice and video), the network provides a cost effective foundation by which to collaborate.

To strengthen the foundation even further incorporating security and business continuity into the network will allow the businesses to speak to each other as and when required with confidence.

Dove-tailing in the enhanced business processes that come with risk controls, what and how employees conduct business can also be embedded into your network.

What should emerge from a strategic network approach is for the CIO to provide an operationally excellent and intelligent infrastructure that allows the CFO the best view of the business performance to make informed decisions and the CEO to demonstrate transparency through good governance to shareholders.

By building intelligence into the network, it will allow banks to remove some of the glue that is slowing communication down, open up the channels on how and where we communicate with people and make sure that the services within the bank are being utilized at an optimum level. This also has to be done under the blanket of continuous and secure services.

With a strategic network approach, business velocity and the need to manage compliance effectively, you have the choice to offer time to become your friend.

Parm Sangha is a Business Development Manager at Cisco Systems, Inc., +44 (0)20 8824-4031; email: psangha@cisco.com; web: www.cisco.com.