Asian financial firms beset by tunnel vision
It is almost impossible for financial institutions (FIs) to have an organization-wide perspective of their operations and compliance outlook because data is being accumulated in silos and manually managed by employees who are unable to piece all the information together.
This is the view held by Malcolm Lister, vice president of alliances and financial services, CA Asia-Pacific and Japan. He added that the situation is exacerbated when events such as the 2009 global financial crisis force regulators to revise their monetary guidelines, and FIs have to respond accordingly.
"It is very difficult to review and change a company's risk profile when they don't know where they are at presently, and more so when they have to plan and say, 'This is where we have to be going'," he told ZDNet Asia in an exclusive interview.
Lister's viewpoint is shared by Srini Giridhar, the banking lead at IBM's Institute for Business Value, who noted that the global financial crisis has brought risk management back onto FIs' radars. He said the recent failures in the banking industry were caused by a "silo implementation of risk management techniques and a weak systemic view of risk across the banking ecosystem".
"Understanding risk positions and communicating--both to the market and to regulators--are critical, as is the ability to take action based on timely, accurate and granular information. Banks must implement an integrated, enterprise-wide risk management framework," he explained in his e-mail response.
According to Lister, automation needs to be at the heart of FIs' business operations for them to meet the multiple compliance guidelines in the industry. To illustrate how complex the compliance landscape is, he cited a 2007 CA survey, in which a large company had to comply with, on average, 45 regulations.
"The majority of banks today are meeting their compliance requirements in the narrowest sense, but it's all very manual, which means [data collated on] Excel spreadsheets. So, now they have a mountain of data, which means they are complying, but they are not using the data to improve management's understanding of the organization's position," he said.
"With automation, you are actually converting the data into information and are able to give a profile across the organization. This is the transformation that we are trying to drive in the industry."
In addition to automation, Jatin Arora is advocating for FIs to look at risk and compliance management in a more "holistic" manner. He is product management head of HCL, a governance, risk and compliance consulting practice.
Arora, who sat in the same interview with Lister, noted that the current compliance landscape is not complex but requires streamlining, and FIs need to adopt a more "proactive" attitude to understanding compliance rules.
FIs should also change their mindset from viewing compliance as a "cost-centered challenge" to a "profit-making opportunity". To do so, he advised them to integrate compliance into everyday business processes and operations, which will result in them being more efficient and flexible to regulatory changes.
IBM's Giridhar added that FIs need to continue encouraging their staff to be "risk-savvy decision-makers", and should work with national and regional regulators to construct a framework of systemic risk which will, over time, yield a financial system that is better equipped to cope with risks and shocks.
In terms of product compliance in the financial industry, Greg Bunt, Juniper Networks' regional director for Ethernet switching, said in a phone interview with ZDNet Asia that "legislation alone doesn't solve much of the problem".
He pointed out that just because FIs comply with regulations does not mitigate the risk of certain products. Citing the Monetary Authority of Singapore (MAS) as an example, Bunt said that while the regulators review financial products before they enter the market, what is missing is that these products, and their underlying risk, are not fully explained to the public.
"The risks must be clearly stated to the public in the native language of the land for every product, including exotic ones such as foreign currency loans," he said.
Heavy cloud utilization not on horizon
On whether FIs will be able to tap the benefits of cloud computing due to security and compliance issues, Michael Araneta, senior research manager at IDC Financial Insights Asia-Pacific, told ZDNet Asia this was a "national issue" and will have to be determined by "national regulators".
He said in a phone interview that within the Asia-Pacific region, banks such as those in Australia have already outsourced some of their utility functions to India. "Critical customer information" held by FIs will have to remain in the country it was gathered in. This, according to Araneta, is done to "protect local jobs".
Juniper's Bunt observed, though, that banks do want to mine the massive client data they have accumulated, and are already using cloud-hosted data-mining services to do so.
However, he pointed out that these cloud services are merely used to compute, and not host, the data, and that the industry is "some ways off" before FIs consider hosting their core data in foreign-based cloud servers.