This paper talks about ways to accelerate your financial services compliance initiatives. It will help you understand the impact and streamline planning and execution of compliance to financial services regulations.

1. IBM Software October 2011
Financial Services
Accelerate your financial
services compliance
initiatives
Understand the impact and streamline planning and
execution of compliance to financial services regulations
Being compliant and driving growth in an
Highlights increasingly regulated world
Since the credit crunch in 2008, we have seen a much greater emphasis
● Understand the effect of business
changes and the overlap with existing on controlling and regulating financial services (FSS) organizations.
compliance mandates This event resulted for example, in the:
● Align your portfolio investment with
business priorities ● Passing of the Dodd-Frank Wall Street Reform and Consumer
Protection Act (Dodd-Frank Reform Act) in the United States1
● Use agility to meet regulatory
requirements
● Forthcoming implementation of Solvency II2 in Europe and Basel III
across the globe3
● Leverage compliance changes to ● Establishment of new regulatory authorities in the UK and
potentially operate more efficiently
and effectively the Eurozone.
An increasingly regulated banking and insurance landscape, coupled
with changing political priorities, has led to the following challenges
for financial institutions:
● New regulations and modifications to the existing regulations come
with many sets of clauses and sub-clauses. Each clause contributes to
creating a dynamic and frequently changing compliance landscape.
● Few of the regulations are global and there are major differences in
different geographies; for example, Solvency II in Europe and insurance
aspects of Dodd-Frank. Financial institutions with a global presence
are required to adhere to the different regulations in their particular
geographic location. For example, any foreign bank that wants to
operate in the US needs to comply with the requirements of the
Dodd-Frank Reform Act.

2. IBM Software October 2011
Financial Services
● Identifying, transforming, consolidating and managing the ● IT refactoring to reduce costs (For example: merging
effects of changes to the data is required from core heritage systems). Large initiatives are especially orthogonal to
applications and needed for compliance reporting. functionality updates, How can you ensure that compliance is
● Simultaneously, financial institutions have to adapt and grow not affected throughout multiple projects or iterations?
their business to respond to new competition, new technolo- ● New initiatives and applications (For example:
gies, security exposures (data breaches and more) and evolving applications running on mobile technology). How can
customer demands. you ensure that a consistent and correct compliance solution
● Because the pending regulations are so far reaching, it is is applied?
likely that traditional methods of compliance management
will most likely be insufficient, requiring a new framework All of these concerns put a great deal of stress on your
to incorporate the change. IT organization.
Addressing and managing compliance How should IT departments respond?
challenges In order to be responsive to regulatory changes,
The resultant effects on IT systems of managing compliance- IT departments in FSS organizations need to:
related issues is costly and complex, requiring a methodical,
integrated and repeatable approach that reduces risk and can 1. Define and adopt new processes. The IT culture and
be completed within a reasonable time frame. Managing process must ensure that compliance is embedded into
compliance and meeting industry regulations and standards in software application projects, as already happens in other
this environment requires a much more integrated approach industries such as pharmaceuticals. Much stronger gover-
for FSS organizations, starting with business planning and nance and review of artifacts and deliverables are required,
continuing throughout the application life cycle. including packaged applications
2. Establish new organizational structures and reinforce
Not only is it becoming increasingly expensive for financial existing organizational structures. These structures are
institutions to implement and manage compliance, but it is also required in order to review and monitor application develop-
a struggle to keep up with the changes required. How will your ment projects to ensure that they are meeting compliance
organization cope with scenarios such as these: requirements. These functions are also responsible for educa-
tion and ongoing advice on new regulations and changes to
● Changes in regulation. How do you ensure business existing regulations
functions are not affected? 3. Establish change and configuration management. As
● Updates to source systems for strategic business compliance has to be proven at a point in time, it is also
functions. How can you ensure that compliance is not necessary for IT departments to have strong change and
affected or seen as a secondary priority? configuration management processes and technologies
in place to be able to show the historical content of an
application, as well as the associated requirements and
test cases. (For example, the Sarbanes-Oxley Act requires
IT departments to keep seven years of historical data.)
2

3. IBM Software October 2011
Financial Services
Ideally, your organization can address compliance from a Additionally, IBM offers other compliance solutions, capabilities
complete life cycle approach, as this approach drives the most and services including:
benefits and reduced risks. However, we have to recognize that
not all organizations choose to or have the capability to adopt ● IBM Global Business Services® (GBS). GBS has developed
this approach. an “Inventory of Obligations” (IoO) to enable them to assist
financial organizations to meet specific regulations. GBS
Using Rational solutions to accelerate uses IBM Rational RequisitePro® software to host the IoO
your compliance initiatives IBM asset, manage defects and change requests and manage
IBM created the IBM Rational Compliance Accelerator test cases and testing results
for Financial Services to help financial institutions organize,
● IBM OpenPages®. Acquired in late 2010, the OpenPages
understand and use sophisticated tradeoff analysis and financial platform allows a company to unite an organization’s risk
modeling to plan and execute responses to changing regula- and compliance initiatives into a single management system
tions. The adoption of this IBM accelerator can help dramati- on the business side.
cally reduce the costs and risks of compliance management,
while improving enterprise-wide collaboration and visibility Planning for compliance
as well as audits and reporting. As part of the IBM Rational Compliance Accelerator for
Financial Services, Rational software provides planning
The IBM Rational Compliance Accelerator for Financial capabilities for compliance. The Rational approach to
Services provides the following key focus areas: planning for compliance includes two different levels of
planning and decision-making:
● Planning for compliance
● Collaborative compliance remediation ● Enterprise compliance planning. Helps organizations
● Runtime testing for compliance. decide what investments to make, which initiatives to
fund, and prioritize the various initiatives / projects.
The IBM Rational Compliance Accelerator for Financial ● Project execution planning. Enables organizations to
Services is modular (so you can implement only what you manage and monitor compliance projects. Through repeat-
need and grow as you are able), flexible supporting multiple able processes, organizations can manage time, cost, quality,
methodologies, open and integrated. change, risks and issues.
The Rational offering specifically focuses on key new
regulations such as the Dodd-Frank Reform Act,
Basel lII and Solvency II.
3

4. IBM Software October 2011
Financial Services
The Rational planning for compliance approach focuses on Collaborative compliance remediation
the use of IBM Rational Focal Point™ software to support the As part of the IBM Rational Compliance Accelerator for
enterprise compliance planning effort by managing compliance Financial Services, Rational software enables organizations
initiatives prioritization and cost estimation along with other to define the detailed requirements associated with a specific
business needs. regulation, such as the Dodd-Frank Reform Act. Using a
collaborative approach, organizations can design, build and
Rational Focal Point software is integrated with test a solution to that meets those requirements.
IBM OpenPages. IBM OpenPages is a key IBM solution
supporting corporate-level Governance, Risk and Compliance Real-time status, visibility and tracing between life-cycle
(GRC) management. Mandates, GRC requirements and/or artifacts help ensure that the compliance remediation is
controls are some of the key elements that may be imported completely and effectively implemented and tested. Dashboards
into Rational Focal Point software from an OpenPages export. provide role-based views into life-cycle artifacts as well as
Typically, controls are the key data requiring gap analysis. cross-cutting compliance-based views. Additionally, visibility
into the remediation projects is provided back to Rational Focal
Rational Focal Point software is also integrated with Point software—providing the traceability to/from planning for
IBM Rational Team Concert™ software to provide collabora- compliance.
tion support and visibility to project execution planning. The
specific compliance tasks that are identified for implementation Many Financial Services institutions rely heavily on mainframe-
can be exported from the OpenPages solution and imported based solutions and therefore must implement compliance into
into Rational Team Concert software to support the governance those solutions. The Rational Enterprise Modernization (EM)
of the requested changes. Accelerator for Developers (Rational Developer for System z®
Unit Test) is well-positioned to fill that gap. The Rational
IBM Rational System Architect® software contains the enter- Team Concert component of that accelerator also helps provide
prise architecture and can be used to offer a complete enterprise a consistent way to manage the remediation life cycle across
compliance planning and decision domain. Rational System projects implementing different technologies.
Architect would be used to map not only business and IT rela-
tionships, but also to map existing assets to the requirements.
4

5. IBM Software October 2011
Financial Services
Runtime testing for compliance IBM has highly skilled experts with broad knowledge and deep
As part of the IBM Rational Compliance Accelerator for technical skills, including:
Financial Services, Rational software provides a solution for
testing compliance that incorporates IBM Rational AppScan® ● Governance, risk and compliance management in an
and IBM Rational Policy Tester® software functionality. FSS environment
● Financial services-specific regulations
IBM Rational Policy Tester software provides automatic ● Deployment of Rational software solutions to support
“regulatory-view” compliance reports that cover, for example, your compliance initiatives.
the Electronic Funds Transfer Act, Sarbanes-Oxley and the
Payment Card Industry Data Security Standard (PCI DSS). For more information
To learn more about the IBM Rational software solutions
Summary for compliance and how IBM can gelp you gain deep insight
The IBM Rational Compliance Accelerator for Financial into your GRC initiatives, please contact your IBM marketing
Services can help you to: representative or IBM Business Partner, or visit the following
website: ibm.com/software/rational/banking
● Maintain a clear picture of the initiatives required, along
with their costs and effects on the enterprise Additionally, financing solutions from IBM Global Financing
● Reduce the risk of compliance failure can enable effective cash management, protection from
● Reduce the cost of complying with regulations globally, technology obsolescence, improved total cost of ownership
and reduce risk management of complex systems and return on investment. Also, our Global Asset Recovery
● Use the business process changes made for compliance to Services help address environmental concerns with new,
potentially operate more efficiently and effectively. more energy-efficient solutions. For more information on
IBM Global Financing, visit: ibm.com/financing
5

6. © Copyright IBM Corporation 2011
IBM Corporation
Software Group
Route 100
Somers, NY 10589 U.S.A.
Produced in the United States of America
October 2011
All Rights Reserved
IBM, the IBM logo, ibm.com, AppScan, Focal Point, Global Business
Services, OpenPages, Policy Tester, Rational, RequisitePro, System z,
and Team Concert are trademarks of International Business Machines
Corporation in the United States, other countries or both. If these
and other IBM trademarked terms are marked on their first occurrence
in this information with a trademark symbol (® or ™), these symbols
indicate U.S. registered or common law trademarks owned by IBM at
the time this information was published. Such trademarks may also be
registered or common law trademarks in other countries. A current list
of IBM trademarks is available on the web at “Copyright and trademark
information” at ibm.com/legal/copytrade.shtml.
Other product, company or service names may be trademarks or service
marks of others.
The client is responsible for ensuring compliance with laws and regulations
applicable to it. IBM does not provide legal advice or represent or warrant
that its services or products will ensure that the client is in compliance with
any law or regulation.
1
The Dodd-Frank Wall Street Reform and Consumer Protection Act
(Public Law 111-203, H.R. 4173, 21 July 2010) in the US is defined in a
2,223-page document.
2, 3
Solvency II is described in a 155-page Official Journal of the European
Union directive 2009/138/EC, containing 312 “Articles” (rules).
Please Recycle
RAS14085-USEN-00