Basel II, less commonly known as the International Convergence of Capital Measurement and Capital Standards: a Revised Framework, will have a major positive impact on IT budgets and spend in the next few years. This is the message from Escrow Europe director, Andrew Stekhoven, who returned this week from a conference in The Netherlands where he presented a paper on the implications of compliance for chief technology officers.
Andrew Stekhoven, Escrow Europe director
According to Stekhoven, the management of software use and compliance with accords are becoming increasingly popular and necessary applications for today's CIOs. For example, he quoted, the IDC states that compliance is the number one IT investment focus for organisations in 2004. Furthermore, AMR Research indicates that more than $5 billion will be spent on compliance-related activities and IT purchases this year alone in the USA.
With respect to Basel II, Stekhoven said most corporations are heeding the call for compliance. Referring to a survey conducted by the Global Association of Risk Professionals (GARP), he highlighted that over 70% of firms polled expected to be Basel II compliant by 2006, as the following results show:
* What is the likelihood that your firm will be fully compliant with Basel II by the current 2006 deadline?
No chance: 7%
Somewhat probable: 40%
Very probable: 33%
* After Basel II is implemented, internal risk management at my firm will be:
Greatly improved: 30%
Somewhat improved: 56%
Somewhat hampered: 4%
* Which of the following tasks do you anticipate being the largest 'Basel II-inspired' credit-risk challenge?
Deployment of new technology: 19%
Capital allocation calculation: 26%
Data aggregation: 32%
Data cleansing: 18%
Today's firms face an alphabet soup of compliance requirements - for companies doing business in or with the USA there is Sarbanes-Oxley; globally there is ISO 17799, Basel II and the IDC/BSA Piracy Report; and locally King II and the FAIS Bill to name but a few. As with any complex regulatory pronouncement, business-risk service providers such as the management consultants will initially gain the most business since they provide advice and counsel to clients on understanding and interpreting the regulation and developing a strategy and approach to address it.
IT service providers then play a role in defining and implementing supporting IT tool solutions. The challenge these IT service providers and outsourcers face is that, overall, the regulations make their business models and offerings more complex and expensive, and most are still working through how to address them in an adequate and profitable manner.
Stekhoven said it was critical CIOs realise that, at the same time as they become more reliant on IT to ensure their compliance, they become more reliant on software systems that do not 'lock, stock and barrel' belong to them.
"This dependence implies risk, particularly if the system is directly related to the core business process. In this instance, it is crucial to minimise the company's exposure and Escrow is the pre-eminent vehicle to do that," he said.
Software escrow provides for the deposit of the source code of a vital software product with a neutral third party. This third party is authorised to release the source to the end-user under conditions agreed upon by the supplier and end-user in the Escrow agreement.
"Companies should opt for Escrow because it guarantees availability and continuity of use of vital know-how as well as safeguards critical business process," said Stekhoven. "In addition, it protects software, hardware and industrial investments, and reduces dependency on third parties or employees."
A simple comparison could be made to a first aid kit: someone playing a passive role may simply ensure that there is a kit; the person playing an active role would, however, open the kit regularly, and, according to a consistent set of rules, check that there are sufficient supplies check that none of the medicines it contains are past their 'sell by' dates, and confirm the contents by means of a written report for the record.
The three pillars of Basel II
* Minimum capital requirements, which seek to refine the measurement framework set out in the 1988 Accord (dealing with credit risk, operational risk and market risk).
* Supervisory review of an institution's capital adequacy and internal assessment process.
* Market discipline through effective disclosure to encourage safe and sound banking practices.