New regulations will soon swell IT workloads

Government's response to the financial meltdown will require major tech initiatives for compliance, despite the recession's cutbacks

The financial meltdown, fueled by a decade of exotic financing mechanisms that some say were designed to hide risk and pass it on to unwary buyers, will have a major impact on IT budgets, personnel, and reporting responsibilities. New regulations will put IT in the hot seat, much as the post-Enron Sarbanes-Oxley and other such rules did in the early 2000s as governments responded to that period's financial shenanigans.

"The country is clamoring for regulation. It's a popular mandate," says Josh Greenbaum, principal at Enterprise Applications Consulting. "It is not just about the collapse of the financial credit market. It is also the end of the road on deregulation across all industries." And it's IT that acts as the regulators' "beat cop," enforcing the rules through the technology systems they deploy and manage, he adds.

So, despite being battered by recession-linked cutbacks, IT will have to find a way to take on the heavy burden of new regulations expected to emerge from U.S. and other governments in 2009, analysts and industry executives agree.

[ Findout  how the financial meltdown will affect tech jobs -- and how IT could have helped prevent the mess. ]

Coming: A greater IT burden than Sarbanes-Oxley and the Patriot Act
"The last two tsunamis to hit IT, the Patriot Act and Sarbanes-Oxley, required companies to know their customers and to know themselves and their [own] finances," says Larry Rafsky, CEO of Acquire Media, which distributes companies' financial news. "Now, the upcoming regulations will say, 'Know your customers' finances.'"

The fact is that no company -- not even the financial firms that created and sold them -- understood the true nature of how everyone was exposed to everybody else in those repackaged, sliced-and-diced financial instruments composed of subprime mortgages, credit default swaps, and off-balance-sheet investments. The consequences of this convoluted, opaque business will lead to regulations requiring more transparency. As these financial instruments were repackaged and resold, investors lost the ability to track what exactly was in each offering and what the actual risk was; even those trading in such instruments weren't exactly sure what they were selling or buying. "No one was aware of the links. Everyone was dependent on everyone else," says Rafsky.

To prevent a recurrence of such murky instruments will require transparency in how companies and what they trade are linked together. That in turn requires increased use of auditing and tracking applications and the business processes behind them, notes Rafsky. It will also require an unprecedented degree of business savvy in IT practices, because regulations will require companies to know the financial strength of their key corporate suppliers and customers. Monitoring those dependencies will be the job of IT.

Even companies not in the regulated financial industry will likely have to follow the regulations sure to come, says Craig Carpenter, general counsel at Recommind, a company that offers search-oriented compliance services. "Anybody that deals with brokers, banks, and credit-risk-based assets will have to be involved," he says. That includes everyone from hedge funds and insurers like AIG to municipalities and consumer companies like General Electric and General Motors.

Carpenter believes companies are also about to face a new wave of litigation due to the huge losses. That means IT professionals who also have legal expertise will be in great demand. "The competition for personnel will be from law firms, their clients and vendors all competing for the same talent," he says.

New regulations will touch a wide range of business operations. There will be regulatory reporting requirements with tighter scrutiny and an increased level of detail than what is required today, says Sinan Baskan, director of business development for financial services at Sybase, an enterprise software provider. For example, up until now, a company was not required to report on financial results by product line or business unit. But this will change, he says.

Brokerages will need to redefine and scale up technology significantly
In addition, Baskan expects that regulatory agencies will require that the prime broker executing trades on behalf of a client will have to prove that it did the best execution rather than the fastest. That's because regulators believe that financial services providers deliberately created pricing inefficiencies that favored themselves at the expense of their clients. The new regulations will try to force financial providers to put clients' interests first by ensuring that pricing reflects actual value.

As a result, now "they will have to show that they got the best price within a certain time window allotted to them by the client," Baskan says. To do so means the IT organizations at the brokerage houses will have to "reconstruct the transaction cycle" accordingly. That means a lot more technology needed to follow a whole new set of audit trails for tracking and monitoring trades.

The point of the likely regulations is to re-establish the connection between the price of the security that is traded and the underlying asset that supports that security, like real estate. Getting an accurate price connection requires computing of lots of data from different sources, Baskan says, which will increase demand on IT to implement the underlying methodology.

The expected new regulations will more deeply affect operations than those of Sarbanes-Oxley, which targeted the CFO and other C-suite executives. Baskan expects the new requirements to apply to all transactions in financial and retail accounts. And that means more work for IT, he says: "The [technology] infrastructure has to scale with the increasing productivity."

Global regulations likely to make compliance more expensive for IT
As governments discuss how to reshape regulations to prevent a recurrence of the current financial meltdown's causes, global or at least multinational regulations are likely, in addition to local rules. If this comes to pass, rationalizing various worldwide banking systems could become a huge headache and challenge for IT.

"When you have a U.S. bank doing business in London or Tokyo and the U.S. says it is going to back some of these toxic assets in a different way than Asia, nobody has figured out where all these rescue plans overlap with each other," says David Wright, director of financial service for Software AG, an enterprise software provider.

Wright says that the current international regulatory agencies, like the International Monetary Fund and World Bank, will either have to reinvent themselves or be replaced with new agencies. Either way, that means regulatory changes are very likely -- and IT will have to implement the new rules.

Although financial institutions already devote significant IT resources to compliance requirements, they may have to devote a higher proportion as global rules come into force, Wright says. However, "IT won't be given any more money. They will have to take it from existing budgets unless they can produce a return on investment and business case based on consolidation and rationalization," he adds.

IT has already gotten a taste of how to handle such new requirements, due to regulations like Sarbanes-Oxley, notes Michael Mills, director of professional services and systems at law firm Davis Polk & Wardell. For example, IT has already found the money for e-discovery, which had been a nonexistent expense just a few years ago and now collectively costs companies $1.5 billion. Mills sees IT having to find even more resources for compliance as the response to the financial crisis brings on more and more regulations.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies