Business Process Management in Finance Industry Risk & Compliance

Financial companies come in all shapes and sizes. Some offer mortgage lending only or investment management only, while others offer a broad range of services which can include banking, insurance, loans, investments, mergers and acquisitions, trusts, estate planning, and more. And lets not forget that large companies whose primary business is not financial must nonetheless operate internal financial departments. Like most large corporations, financial companies engage in multiple, complex business processes. These include industry-specific processes such as loan origination, and general processes such as human capital management. Today, corporate-level executives are taking unprecedented steps to effectively manage the business processes of their companies. Many are now implementing comprehensive enterprise systems such as PeopleSoft or Oracle which offer customizable, interactive modules for managing every significant business process. One of the motivators behind the heightened interest in improved business process management is the Sarbanes-Oxley Act of 2002, and other similar regulations enacted in the wake of large-scale accounting scandals that involved some of Americas best-known corporations. Sarbanes Oxley, or SOX as it is called by industry insiders, requires companies to carefully document their financial processes, and be prepared for periodic audits. Since the earliest days of commercial IT, no sector has taken to technology better than the financial services sector. Few other sectors have spent as large sums of money on systems and applications customized to their vertical or have been as adept in using them to cut costs and improve performance. Part of the reason has been that technology is integral to financial businesses, dealing as they do with information rather than physical assets. Also, the sector most easily yields to the automation of business processes. No surprise then that one of the most sought-after technology suites is Business Process Management (BPM), a holistic management approach that promotes business effectiveness and efficiency while striving for innovation, flexibility and integration with technology.

BPM & Risk Management Risk management has risen to the forefront of everyones mind due to increased regulations, ongoing terrorism concerns, and greater economic volatility. Whether youre in the private or public sector, you must ensure transparency at all levels of the organization, and take the appropriate measures to reduce costs and manage financial, organizational, and personal risk. BPR supports a top-down risk based approach, enabling the company to focus its efforts and resources on the managing the most important risks and controls. Powerful risk heat maps and colour coding charts provide a graphical overview of risk profiles, while embedded control frameworks such as COSO and COBIT enable the company to choose the best possible approach to mitigating risks. 1|Page

The solution comes equipped with a powerful risk assessment methodology that allows for defining a flexible set of risk factors. Auditors can assign different types of weights for every risk factor such as dollar value, percentage and qualitative value. They can also create an extensive library of risk assessment questionnaires and surveys based on existing templates within the system. The solution enables consistent risk tracking across the enterprise. It also delivers reports and scorecards to bring high-risk areas into focus and improve visibility into ongoing risk management efforts.

BPM & Compliance Management BPM enables the company to develop, maintain and communicate compliance policies, standards and procedures. It also helps monitor compliance processes, define internal controls and demonstrate that a control has been tested as required. The system supports consistent control assessment plans based on pre-defined criteria and checklists, and has a mechanism for scoring, tabulating and reporting the results. Assessment plans to test controls can be scheduled periodically or triggered based on the occurrence of certain events. A central repository of assessments helps determine if a specific control was tested, what the assessment results were, and if a remedial action plan is required. By consistently testing controls, the company can ensure compliance with SOX, MAR, FDICIA and other regulatory requirements. BPM helps one define, automate, and enforce effective, repeatable business processes and to proactively monitor and audit the performance on an ongoing basis. It enables one to create a holistic picture of the enterprise as part of risk management and compliance efforts. It provides a comprehensive platform for capturing and integrating multiple perspectives on processes. Through the solutions use, you can extend models to include the relationships among processes, goals, organizations, locations, information/data, and systems. It can enable us to: Create an enterprise that can swiftly respond to market and regulatory changes Leverage enterprise process information for more effective risk management Tighten the execution of processes across lines of business Plan optimal use of assets to lower costs and manage risk Document processes and controls as required by Sarbanes Oxley Add value and relevance to ISO certification

2|Page

The Value of BPM BPM will help one better understand his business, gain control over the processes, comply with regulations, and manage risk. It can be depended upon to achieve: Regulatory compliance and automated audit capture Improved transparency, visibility, and understanding of enterprise goals and objectives Effective collaboration across internal and external parties Greater efficiency, improved productivity, and repeatable, enforced business practice

What does the business want from compliance? Business wants performance and risk management. It gets this by workflow, risk management and simulation. These are strengths of BPM and so within the BPM space, according to many analysts, expect to see BPM tools take over the GRC space.

BPM will facilitate an understanding of how secure do we need to be and provide Risk analysis, simulation, costing, analysis of control effectiveness - The future of risk analysis is to apply risk factors to a business process and run simulations to understand the impact.

3|Page

Usage of BPM FS organizations can use BPM solutions to their advantage in the following areas:
      

Claims management Loan management Client intakes Conflict processing Compliance regulations Credit issuances Credit processing

Why the delay in take-up? BPM is driven by the adoption and acceptance of industry standards - Web services, XML, BPMN, component based, process centric, and application integration. In terms of Risk Management - WS-Security, XML Digital signatures, claims based id management. BPM delivery capability still seen as immature and we need greater confidence in the adoption of these standards for the mainstream to achieve verticalisation of solutions and form common practise for typical audit, reporting and monitoring needs.

Recurrent problems but BPM methods can help A business process that uses web services will also use relatively uncontrolled end user applications including management workflows. The mapping of expertise, ownership and governance on to a process can be a complex and political task and is fraught with opportunities for conflict so it is a significant management task. A solid BPM implementation methodology can help here to:
y y y y

Direct technical strategy Coordinates performance measurement Provide Project Management Centralise integration

4|Page

Failure to adopt an ongoing approach to BPM Many companies fail to recognize that BPM is a journey, not a destination. Thus they treat BPM as a one-time IT project, neglecting to learn from experience and tweak services and processes for optimal benefit. Instead, many companies remain content with the small gains of a one-time redesign.

What BPM can really do for the Financial S ector? Applied properly, BPM offers financial firms a plethora of opportunities for improving customer experience, change management and risk management: Integration and process optimization Reducing the time lag between sale and fulfilment is the key to enhancing the customer experience and optimizing revenue in any financial transaction. Successful financial firms are those that fully integrate not only across processes such as lending, payments and trading, but also with third parties supporting key components of complex financial products. Change management One of the most radical sources of change in the financial sector today comes with mergers and acquisitions. Such events can force an organization to reassess and possibly radically redesign their core processes, a process that is severely limited by the lack of integration in most legacy systems. Even outside of such exceptional circumstances, the competitive, up-tothe-minute nature of the financial sector, new products and instruments must often be put together in days and sometimes hours. All of this requires a strong change management capability, which is provided by an effective BPM initiative that allows integration across systems and processes. BPM also allows for a structured and powerful approach to Process Discovery combining the ability to change a new process easily while maintaining a high degree of control as required by a financial industry process. A new product or process can be launched in a short time, optimized easily to reach a matured process status with the next decision point of integrating closely or loosely with other existing systems.

5|Page

Challenges Isolated workflows: With thousands of advisors and customers spread across the nation, the company found it challenging to collaborate on risk, compliance and audit management. Most often, audits were conducted in independent silos and at varying intervals from each other. Similarly, risks and controls were managed in isolated initiatives. This silo approach often led to process redundancies, which in turn, consumed far more resources, time and effort than was actually required. Manual processes: The Companys existing systems required risk, compliance and audit data to be entered manually. Reports were also generated manually, using spreadsheets and stand-alone systems. As a result, internal auditors and managers were forced to spend significant time, effort and resources in compiling data from isolated sources, entering the data into the systems and preparing reports. Lack of centralized documentation: The Companies are required to deal with a tremendous amount of documentation including control assessments, regulatory information, internal policies and audit reports. Because these documents not stored in a single location, search and retrieval became extremely challenging. Complex regulatory landscape: A Company may be required to ensure rigorous, stringent compliance with regulations such as SOX, FDICIA etc. Each of these regulations is complex and intensive, often containing hundreds of requirements that are subject to change. The company may find it timeconsuming and complex to extend these requirements across the enterprise, manage various controls and consistently monitor their effectiveness. Benefits Streamlined workflows: BPM enables the companies to streamline and integrate all risk, compliance and audit management processes. In the process, collaboration across business units, departments and operations gets improved. Enhanced efficiency: BPM reduce the time, resources and effort required for audit, risk and compliance management. Thus, instead of spending all their efforts on these processes, managers can focus on their core business. Improved visibility and tracking: BPM helps in providing in-depth information on risk, compliance and audit statuses and trends through powerful features such as executive dashboards and risk heat maps. This enables managers to stay ahead of issues, and chart their progress proactively.. 6|Page

Su t in ble c m li nce: M e icient ch t i , c m li nce nd udit m n ementen ble the c m t en u e c m li nce ith b th inte n l licie nd e te n l e ul ti n . SO , F i u the equi ement c n be m n ed cent lly c n ti n ide e ti n . e m nently educe nd e ti n l c t
 

nie nd

M d i e d n c t , c n lid te e u ce nd d nce el de el ment c bilitie . t em e u e t inde endently de el ne m , l , e t , nd m e ith ut nd en u e bu ine e ee ce ith ch n in ni ti n l equi ement nd indu t y e ul ti n .
!

7|Page

       

  !   "         !