By Caroline Denslow
Youssef Liban of Bank Saudi Fransi is confident banks will meet the deadline for compliance of new financial regulations.
|~|main_interview_banquefransi.jpg|~|Bank Saudi Fransi’s Youssef Liban has already addressed many issues of compliance such as money laundering.|~|With new rules on reporting financial assets and liabilities taking effect this year, banks must move quickly to meet the deadline for compliance. According to Youssef Liban, manager, information technology division, Banque Saudi Fransi, most banks are ramping up their IT spending in order to deal with a number of new regulations, such as the Sarbanes-Oxley Act and Basel II.
He talks to IT Weekly about how banks are coping with the new policies and how technology can help them address compliance issues.
Are banks in the Middle East ready to comply with new government and financial regulations?
Yes, all the banks are preparing in the region, including monitoring agencies and the central banks. Central banks especially are preparing drafts for compliance, including a calendar for compliance. They have already issued several regulations about money laundering and ‘know your customer’, which we complied with and we continue to comply with because it’s an everyday work. It’s not just only a one-time policy and you forget about it afterwards.
We have equipped ourselves with anti-money laundering software and reviewed our organisations — especially the processes and the people — in order for us to investigate, stop and report properly what we are being asked to report by the central banks and by the regulators in general.
What will be the next step in the compliance process?
It will come from international regulators — the standardisation of practices in banking. The next step will be Basel II, which will be more financial in context. It requires banks to take all the necessary measures to protect shareholders and customers from risks, be it credit risks, market risks or operational risks. In particular, it looks at operational risks because bankers have been addressing market risks and credit risks previously. There have been a lot of regulations in controlling those risks. Operational risk, on the other hand, is something that banks have to look more into. They have to report, assess and improve operational risks and to make them more visible instead of just putting them into the general loss and profit account.
There are a lot of things in Basel II that we have to be compliant with. What’s important for banks to understand is that we have to have at least some amount of historical data. That means that we have to start storing the necessary data even before the deadline for compliance because on the day when we are supposed to be compliant, at that time we have to report backwards on historical data. Even if there is no system in place, banks have to start collecting data beforehand and put it somewhere.
We have to start as soon as possible in measuring the different risks for Basel II. We have to improve our capacity in controlling suspicious operations and risky business. We have to have knowledge of our customers in this business better than before. We have to record all the changes that happen in the customer and we really have to be more vigilant.
How is technology helping banks address compliance issues and requirements?
We have to keep more information for longer periods and we have to look at them, measure them in different ways, present them in different ways, and report them in different ways.
Technology will help in several aspects: in storing larger volume of information for longer periods, in timely and quick retrieval of information, and in ensuring the data retrieved is accurate. Technology will help us in storing, in retrieving and in keeping good quality and accurate information. It will help us improve the quality of the information that we store and that we use. But this is just the first phase.
In the second phase, technology will help us in analysing and reporting information to our shareholders, in analysing, understanding and reporting the risks to the central banks, and in ensuring that our reporting mechanisms comply as by the regulations.
What particular areas of technology should banks be looking at investing in?
With the amount of data that we are — and will be — generating, banks have to invest in the areas of capturing, storing, and retrieving timely and accurate information. This is especially true in the area of retail banking because retail banking is mass oriented. Without technology, data will be impossible to manage.
If banks don’t want to get delays when they are, for example, executing an operation and there are some criteria that have been set by the legislators, they should invest heavily on automatic checking and on analysing data. Banks have to train the staff. In Banque Saudi Fransi we completed staff training last April. We have also continued doing awareness campaigns, and investing on training on compliance issues for the bank’s daily functions.
We have also set up a compliance division. The objective of the compliance division is to foster the initiatives and to encourage and drive all compliance efforts in the bank. The division reports to the senior managers of the bank. It emphasises coordinating and driving the bank towards being completely compliant with all of the regulations as quickly as possible.
What were the initial steps you took prior to the compliance requirements?
Our initial investment involved our data warehouse where we started storing information that we will need in the future. We started already storing time series data for us to be ready when we have to be compliant, when we are asked to produce all the required information for reporting on compliance.
Do you think the need to comply will drive the next wave of IT investments in the banking sector?
Definitely. Compliance and regulatory actions used to account for 10% to 15% of our budgets in the beginning of the century (2000). Today we think compliance and regulatory actions account for around 25% to 30% of our IT investments; it’s not only IT but also training and organisation.
Aside from compliance, what other IT-related issues should banks address?
There is security, in particular e-security. In the Middle East, a lot of banks are also considering changing their core banking systems. Most of the banks in the Middle East have somewhat older core banking systems, and now they have to adapt to new architectures, new multi-delivery channels, core customer information, and even with regulations and compliance. A lot of the big banks in the region were equipped at the end of the ‘80s and beginning of the ‘90s with core banking systems. But after 15 years the systems got somewhat old. Technology has changed a lot; the needs of the customers and the technical and functional architecture have also changed a lot. There are a lot of things that have been introduced recently that are not well integrated with existing core banking systems. Most of the banks in the Middle East, especially the big ones, have to change their core banking systems.||**||