There are a plethora of regulations that affect the use of technology in financial services: in the front office, on the buy-sell side of the business, the Markets in Financial Instruments Directive (MiFiD) ads well as SEPA, the Single European Payments Area; in the back office, not with the force of regulation, but of best practice, the Giovannini group works to create a level playing field on the securities side of financial services. I outlined the nature, scale and scope of some regulatory structures that can affect financial services and inter alia the management of technology.
Because technology is so ubiquitous in financial services, most of these regulations, which only form a part of the total universe, have an impact on or are impacted by technology deployments. These interactions can become so complex that, for the management process it can look more like the technology is being deployed solely for the regulations rather than for support of a business need that has regulatory constraints around it.
In certain cases of course there is a much closer relationship; for example, Sarbanes-Oxley's requirements for timely reporting of events, anywhere in the business, that could affect the firm's eventual financial statements. It is essential to any technology management process to evaluate the applicable regulatory structures and the degree to which their constraints or freedoms affect the way in which a technology deployment is planned, specified, delivered or managed. See on IT governance. The requirement, right at the beginning of the management process must be an analysis of the business need in the context of applicable regulation.
This is termed a Global Regulatory Impact Assessment (GRIA). This is a process that must have at least two iterations. The first iteration of the analysis is designed to create a matrix or table that identifies the basic functions or impacts of a proposed technology deployment. Again, I've used the proposition of an application here, but the concept applies equally to communications and systems layers. This stage effectively identifies the actors in the organisation that will need to be involved if any deployment is to be effective and not put the firm at risk. The affected group has the task to drill down to the next layer of the analysis taking each impact area and identifying those parts of the each regulation that are pertinent to the proposed deployment. Of course the good thing about such groups is that because they are, by definition, cross-functional, it is likely, even probable, that even at this stage there may be regulations that no-one had considered applicable or groups that could be affected that have not been identified straight away. So this first stage needs to be iterated until there are no further additions.
The group can then move on to the second stage where actual requirements become clearer. Even at this second stage, additions can be made to the group as further granularity often brings to light unforeseen impacts.
As these increasingly granular levels are reached, the impact on what any given deployment can do, will do or is allowed to do will materialise.
Our website is not responsible for the information contained by this article. Articleinput.com is a free articles resource thus practically any visitor can submit an article. However if you notice any copyrighted material, please contact us and we will remove the article(s) in discussion right away.
Note: This article was sent to us by: Andrew P. Coll at 01032010
1. Project underspends and overspends
All articles are property of their respective authors. Please read our Privacy Policy!
© 2009 ArticleInput.com.