compliance software rankings software rankings consultancy ... · tional risk.” he thinks this...

In times of trouble, looking for opportunities in every problem becomes even more important, but in the case of compliance software providers, the

phrase could be a mantra. Problems posed by regu-latory pressure against firms translate into business opportunities for these vendors. Their fortunes are so closely intertwined with those of their clients, trends in the broader software market often mirror those in the financial space. When the regulatory environment gets tougher for financial institutions, demand for compli-ance software increases. This has long been the case for banking under Basel II, but other industries, such as insurance, are attaching greater importance to areas of regulatory compliance.

Insurers are taking topics such as compliance, oper-ational risk and corporate governance increasingly seriously. Although US regulation of insurers remains fundamentally unchanged since the crisis, for interna-tional insurers the European Union’s new Solvency II regulatory regime is encouraging the trend.

“Solvency II is driving a lot of business,” says Luc Brandts, founder and chief technology officer at governance, risk and compliance (GRC) vendor BWise. “The insurers have typically been regulated and therefore have compliance programmes in place, but not as integrated as they could be. Firms are seeing they need to implement something broader than a specific solvency programme, an operational risk programme, a regulatory reporting programme, an IT governance programme, or a compliance programme. They need something integrated.”

The desire to get a better handle on operational risk is particularly positive. Just as Basel II has

coerced banks into changing their mindset by recog-nising operational risk as a risk type itself, Solvency II is similarly asking insurers to rethink their atti-tude to operational risk. This has undermined previ-ous tendencies by insurers to underestimate op risk losses by dividing them into disparate categories, or hiding them within the traditional insurance or credit risk buckets.

“You have pockets of risk, but traditionally, oper-ational risk has been put into one of their 20 or so risk types, as a small one,” says Brandts. “Now they are saying operational risk is a lot bigger than that, and needs to be addressed at the level of credit, market and insurance risks. It then translates into

specific issues, but defined at the top level as opera-tional risk.”

He thinks this represents an epiphany for the insurance industry. “It’s not redefining your organi-sation, but it is taking a different view, to see op risk events as op risk events,” he says. “If you look at most financial events, they might be easy to label as a market or credit risk event, but they always occur because at some level there was a people, process or

24� operationalriskandregulation.com

compliance 202010

1 Fiserv

2 Oracle

3 IBM

4 Actimize

5 OpenPages

6 SAS

7 Cimcon

8 ACI Worldwide

9 Bwise

10 FRSGlobal

11 ACL

12 SAP

13 Norkom

14 Wolters Kluwer

15 Thomson Reuters

16 SunGard

17 Actuate

18 EMC Corporation

19 Focus Technology Group

20 Finsbury Solutions

“Financial events always occur because at some level there was a people, process or system fault

which is the operational risk”Luc�Brandt,�BWise

software rankings

software rankings

compliance software rankings


consultancy rankings


Triumph�in�adversityCompliance providers have found new customers as a result of the recently changed regulatory environment, while adopting integrated approaches to make the best of tightened budgets everywhere. David Benyon reports

system fault – internally or externally – which is the operational risk. It is always an operational risk that makes sure an event happens or fails to prevent it from happening.”

Client portfolios for compliance providers are shifting to reflect this trend. “We have seen the compliance market take off for insurance, and espe-cially life insurance,” says Richard McCarthy, vice-president, for product marketing at Fiserv, which

came top in the overall ‘Compliance 20’ ranking of firms. “They [insurers] are now the ones who are under pressure, which we didn’t see a year ago. Previ-ously it was more the retail and wholesale banks, largely because they were under the most pressure to comply with regulators. Now the life insurance companies are finding they need to get their act together. These insurance customers are global, such as Sun Life, and mark a real focus for us too.”

But it is not just insurers investing in proper compli-ance software since the financial storm. In the anti-money laundering (AML) category – this year won by financial crime risk firm Actimize, which has a large market share of the transaction monitoring market – trends driven by the financial criminals are bringing in investment firms and asset manager clients.

“Today, money laundering activities focus less on cash and more on financial products,” says Bruno Piers de Raveschoot, managing director and vice-presi-dent at Actimize Europe and Asia-Pacific. “Again, the emphasis is less on retail banking but appears more and more on investment banking and even fund manage-ment. We always had a strong list of investment bank-ing clients, but today there is more money laundering in the securities industry, through investment bank-ing, corporate banking and asset management. Many products look at only cash transactions, but we also monitor non-cash transactions.”

The hedge fund management sector is one indus-

June 2010 25

anti-money laundering2010 2009

1 5 actimize

2 1 Oracle

3 – Fiserv

4 3 Norkom

5 – SAS

email archiving, data storage and recovery tools2010 2009

1 – emc corporation

2 1 IBM

3 2 Sun Microsystems

4 5 Symatec

5 – Stratify

governance, risK and compliance2010 2009

1 1 oracle

2 3 SAP

3 4 OpenPages

4 – Thomson Reuters

5 2 IBM

sarbanes-oxley products2010 2009

1 3 ibm

2 2 Oracle

3 – Cimcon

4 4 OpenPages

5 – Thomson Reuters

anti-Fraud soFtware2010 2009

1 – aci worldwide

2 2 Fiserv

3 5 Actimize

4 3 Oracle

5 1 Norkom

regulatory reporting pacKages2010 2009

1 5 Fiserv/Frs global

2 3 Oracle

3 1 SAP

4 – Bwise

5 2 IBM

compliance monitoring and control2010 2009

1 – Fiserv

2 3 Actimize

3 1 OpenPages

4 4 SunGard

5 2 Oracle

spreadsheet compliance products2010 2009

1 – cimcon

2 2 Finsbury Solutions

3 1 Actuate

4 3 RiskIntegrated

5 5 ClusterSeven

software rankings

software rankings





try that has been targeted by short-selling regulation since the crisis, while it is facing additional regulation under heated debate in the EU in the guise of the draft Alternative Investment Fund Managers Directive.

“Hedge funds that had been lightly regulated are going to become more regulated,” says Mark Coronna, managing director of Wolters Kluwer Financial Services in Europe. “We noticed last year that our hedge fund customers were very aggres-sively bringing in compliance resources even though in the US and the UK they’re mainly outside of a lot of the regulation; they could see the train coming.”

However, the trend towards tighter regulation is not just coming from compliance departments them-selves. Many post-crisis regulations – such as the

UK Financial Services Authority’s liquidity regime – have placed far greater onus on senior management competency, and responsibility for ensuring the firm’s risk appetite is adhered to throughout the business. Other regulatory regimes – such as the US Securi-ties and Exchange Commission’s attempts to reform financial remuneration – have focused on empow-ering shareholders through improved disclosures. Making data available to the right people has been a challenge for many firms.

“Shareholders and boards are asking for more transparency,” says Brandts at BWise. “That is not just stakeholders but senior managers, who see that their company’s reputations and their own reputa-tions are on the line. That’s what we are seeing in the more mature organisations, while the less mature ones have also noticed they need to do something. They might not have thought about a large or inte-grated GRC initiative but they might be looking at some of the components.”

The pace of regulation is not letting up. “Firms are just about keeping up with the changes as they come out from national regulators,” says Selwyn Blair-Ford, head of global monetary policy at FRS Global, which topped the regulatory reporting pack-ages category along with Fiserv, with which it has a partnership deal. “In the UK the truth is that firms have just about kept up with the liquidity regime and they are considering what the regulators are saying about ongoing changes to the EU Capital Require-ments Directive. We are definitely in a period of stress when it comes to managing regulatory change.”

Many of the current regulatory debates include warnings against regulating unilaterally, with key emphasis placed on cross-border agreement through international bodies such as the Basel Committee on Banking Supervision or the G-20’s Financial Stabil-ity Board. Despite this, Blair-Ford says although regulatory requirements are in flux, the bulk of the actual data required for regulatory reporting is common across regulatory regimes.

“What we realised is that there is a large commo-

nality between regulators – 70–80% of the data asked for by regulators is common,” he says. “We have defined our database to mimic a proxy financial firm. Then we say, given the data and the local legal requirements, how do you combine the elements of our data to meet that particular environment? Then we will do the same for the US, France and Germany, Hong Kong, Singapore, and so on.”

He also highlights Asia is a growth market for compliance products, with some firms worry-ing about compliance to the latest wave of Basel Committee-originated regulatory rules on risks such as liquidity management. Other firms are looking for benefits from using the same database as the basis for regulatory reporting in several jurisdictions.

“In Asia, we have seen increased regulatory report-ing demand from Singapore, Hong Kong, Australia and South Korea. Korea is especially active, in regards to regulatory changes,” he says. “We are also seeing a lot of the larger cross-border firms consolidating their regulatory reporting across Asian jurisdictions. We are signing quite a few multi-country deals to use the data-base with companies looking for economies of scale. If you have common software and common regula-tory reporting across jurisdictions then you can have a person from one jurisdiction transfer to another and get quickly up-to-date on what is happening there. Increasingly, people want to consolidate so they can have a single platform and a single database.”

One area of compliance that has been largely spared from the regulatory response to the crisis is anti-fraud. This is despite the fact frauds have risen in the economic downturn. Fraud represents one area in which compliance systems are not being driven by fresh regulation but by industry demands and changing patterns of financial crime itself.

“There have not been many fraud-specific regula-tions in the last year or two,” says David Divitt, fraud and risk solutions consultant for Europe, Middle East and Africa at ACI Worldwide, which came out on top in the anti-fraud category. “Customer demand comes directly from the frauds they are experiencing, which

26� operationalriskandregulation.com

software rankings

software rankings





Luc�Brandts,�BWise

means it changes rapidly. Some of the technologies customers are moving towards are real-time fraud prevention, for example to influence an authorisation decision to stop a fraudulent transaction. That comes down to the speed at which criminals can commit fraud these days, especially online.”

He says efforts to increase the speed of transactions have put more pressure on anti-fraud departments, citing the example of UK Faster Payments and Cana-da’s Interac Email Money Transfer System. “These are instant person-to-person or person-to-business trans-fers,” he says. Therefore once the transaction is sent, there is really no time to recall it.

“The fraud marketplace tends to pick up in the downturn, because you get more first-party exter-nal fraud, as well as more internal employee fraud,” says Divitt. “For those reasons, the banking indus-try tends to invest in fraud during a downturn. The other reason why we have done well is being able to consolidate silos across multiple fraud depart-ments. Typically you could see one fraud unit for credit cards, one for debit cards, one for internet, etc, and that is very expensive. It makes sense to share resources, because from a fraudster’s perspec-tive there are no divisions – the criminal jumps from silo to silo to best suit their needs.”

Liam Griffin, chief commercial officer at Norkom, agrees that drawing artificial boundaries between prod-uct types or types of financial crime can be counter-productive, as the criminals are not so discriminating.

“Financial institutions are increasingly turning towards the practicalities of managing financial crimes of all types across their entire organisation, as time and again, it’s been proven that professional fraudsters will stop at nothing to achieve their finan-cial targets for ill-gotten gains,” he says. “So if one channel doesn’t work out, they’ll simply switch tack and focus on defrauding another area.”

Anti-money launderingAnother trend in the management of anti-fraud systems is closely tied to an area that has attracted

more regulatory focus within the past decade: AML. Efforts to cut down the number of systems in place have sought to combine anti-fraud and AML systems together. This has meant efficiency and brought benefits in profiling and prevention.

“If you have a good profile of a client for anti-money laundering, then why not reuse the profile for other functions such as fraud,” says Piers at Actimize. “That requires a flexible tool so you can use additional data and different data sources, but

if you can share that view then you’re making the compliance team’s job a lot simpler. People are start-ing to integrate components of their AML systems into fraud and compliance monitoring systems. One way for them to do that is to include the profile of the client into these systems. We see a lot of banks looking to classify clients according to the degree of risk to the bank in doing business with them.”

Actimize provides monitoring systems for insider dealing, anti-fraud and anti-money laundering requirements. Piers outlines some of the tricks used by financial criminals.

“Money laundering can be part of a more

complex structure,” he says. “For example, a typi-cal market manipulation technique is called a ‘wash trade’, by which two counterparties buy and sell the same security at roughly the same price during one trading session to give the market the impression of liquidity, hence moving the price. This type of behaviour can be geared towards the intention of moving the market, but can also be used for money laundering. This illustrates the need for a powerful multi-channel detection system. Other examples of money laundering in a brokerage world could be excessive margin calls, churning, excessive loss or inappropriate positioning.”

“There is also a trend of ‘triangle money launder-ing’, where a transaction does not go through just one banking book but through the books of several banks,” says Piers. “Banks are only monitoring what goes in and out, not what happens between two banks. This has been known about for years but it is becoming more high-profile.”

The trend to cut down on the myriad of systems and products in use is of course not just restricted to battling financial crime. The rise of governance, risk and compliance is closely wedded to attempts to reduce silos within firms and reap the efficiency savings brought with this.

“Budgets are tightening and a lot of banks are merging, so there are a lot of banks asking whether they can do more with less,” says McCarthy at Fiserv. “We are seeing a lot of customers saying they are re-evaluating other technologies and asking whether some systems can be used for multiple purposes. It helps them with cutting costs and leveraging what they already have.” n

methodologyThese rankings were compiled from a survey conducted over four weeks in April. The survey was sent to readers of OR&R from around the world and was also promoted though Risk.net. Respondents were asked to rank their top 5 companies across 8 categories. The results were compiled by Incisive Research, a subsidiary of Incisive Media

“The fraud marketplace tends to pick up in the downturn, because you get more first-party external fraud, as well as more internal

employee fraud”David�Divitt,�ACI�Worldwide

©2010 INCISIVE MEDIA. ALL RIGHTS RESERVED. USED BY PERMISSION. FIRST PUBLISHED IN OPRISK AND COMPLIANCE JUNE 2010. 27

software rankings

software rankings





compliance software rankings software rankings consultancy ... · tional risk.” he thinks this...

Documents