Transcript Slide 1
“Necessity is the Mother of Invention” Gaining Value from Regulatory Demands Kevin Butcher Senior Vice-President, Enterprise Systems, BMO Financial Group June 18, 2009 BMO Financial Group’s view on leveraging regulatory projects to gain a 2-for-1 benefit, creating customer and bank value • A regulatory need can be met in two ways: – Meet the specific need – Meet the need with a broader perspective – BMO’s Anti-Money Laundering example • The business value depends on sound governance to support Information Integrity: – Stewardship/Accountabilities – Standards, Controls and monitoring Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 2 The Regulatory World • Regulators tend to look at risk aligned to the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework: • There is particular interest for information management professionals to look at things through a compliance, reporting and information lens • At BMO, our view of Enterprise information is that information should simultaneously serve business strategy (Customer, Pace and Growth) and operations • Our Anti-Money Laundering (AML) efforts illustrate the 2 for 1 outcome COSO’S Enterprise Risk Management — Integrated Framework Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 3 AML from a Compliance Perspective • Anti-money laundering regulations require an understanding of all customer activity across the organization in order to ensure there is no money laundering • In order to drive the implementation of the AML project on the development side we worked with the business to link the project to strategic priorities, chiefly “knowing our customers” • What we have to do: consolidate profiles (information about customers and other people and organizations of interest to the bank) from many systems Profiles: Personal & Commercial | Private Client Group | Capital Markets | Party Data Integration: Consolidate | Cleanse | Package Enterprise Customer View Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 4 AML from a Customer Perspective • Our customer focused program is dedicated to protect our customers’ financial interests and understand their financial needs • Efforts are focused on: – Building a formal framework to help us become more adept at asking for and interpreting customer information, resulting in better relationships – Introducing new processes, technology changes in products to ultimately result in better service – Fulfilling compliance of new mandatory regulatory changes for better protection of our financial system and our customers’ interests Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 5 The Customer View Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 6 AML and Challenges in Data Consolidation • In order to consolidate the customer profiles across the Enterprise the fields in numerous information systems across the LOBs must be drawn upon: Retail Customers Private Clients Investors Third Parties • E.g.: account and credit information • E.g.: accounts and authorized investment owner details • E.g.: lending and trading products customer details; names of beneficial owners The challenge is the general management of information across a complex multi divisional company (e.g. naming conventions) • E.g.: account information for brokers with BMO accounts Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 7 Emphasis on Information Integrity • Whether using information with a customer, a regulator, or for decisions in the business, information integrity is key • Information Integrity has two core components • Information must be: • • A faithful representation of reality “Fit for use” We Achieve Integrity Through: Clear Accountabilities Standards & Process Effective Monitoring & Reporting These are key elements to our well defined governance program Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 8 Information Integrity Accountabilities • Customer data integrity requires stewardship and custodial accountabilities: Information Life-Cycle Business Technology (Steward) (Custodian) Accountabilities Collection & Quality • Primary business unit accountability • Specifying requirements • Developing and executing control Processing & Integrity • Specifying requirements • Developing and executing control Access & Use • Authorizing rights • Developing and executing control Retention & Disposition • Specifying requirements • Confirming destruction of business records • Developing and executing control Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 9 Accountabilities for Access Privileges • Access privileges to customer information is one of the most complicated accountabilities: Need for Need for Business Use Compliance Access Aggregate Data: Corporate Steward CAMLO (Chief Anti-Money Laundering Officer): Subject Stewardship Personally Identifiable Information: LOB Stewards Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 10 Standards, Controls & Monitoring • Standards, controls and monitoring provide the infrastructure for information integrity Data Standards Process Controls Monitoring Compliance • Standards are applied at the Enterprise level and introduced through master data management and are part of the AML compliance process • Technology process controls are well developed as part of our Technology & Operations and Enterprise Infrastructure business model (e.g. CMMI, ITIL and COBIT Frameworks) • Our Information Management Corporate Support Area develops governance framework with accountabilities to monitor compliance Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 11 Concluding Thoughts & Questions Business Strategy Compliance “2 for 1” Shared Information & Governance Framework to Serve Both Necessity is the Mother of Invention: Gaining Value from Regulatory Demands 12