The financial sector should be familiar with change by now. In addition to coping with general upheaval in the world economy such as globalisation and increased competition, the sector has faced its own specific changes, too.
The spread of electronic networks has changed the financial markets fundamentally with the disappearance of most "open outcry" trading. Elsewhere, advances in technology have also created new markets and enabled new ways of operating - at the price of more investment and upheaval.
The swing back to tighter regulation of the international finance sector adds yet more pain.
In November, the first impact of the Sarbanes-Oxley Act, which aims to enforce better corporate governance and accountability, will hit the larger US public companies.
The act will primarily affect US-based companies and international companies that trade in the US. But it seems likely that other parts of the world will follow the US lead and introduce similar codes of practice. The UK, for example, is known to be reviewing the issue following recommendations of the Higgs Report.
While many of the international companies most affected are financial sector businesses such as international banks and insurance companies, the Sarbanes-Oxley Act is not specific to the financial sector. The Basel 2 accord is, by contrast, specifically aimed at the financial sector and defines a framework for risk management and capital "adequacy".
It is no surprise that the combination of new regulations and technological change have led some to compare the current scramble for compliance with the run up to year 2000.
The rush has inevitably been accompanied by a similar degree of vendor hype: "The drive to comply has not been helped by vendors hyping up the issue. You have good consultants and bad consultants. The bad ones sell their time based on the apparent mess they say they have to deal with," says Peyman Mestchian, director of risk management practice at SAS Institute, the software developer.
While some organisations might panic and adopt a scatter-gun approach - dealing with each new regulation as it comes into force - the prevailing wisdom is to stand back and look at the regulations as a whole.
"The analogy is with enterprise resource planning (ERP) in manufacturing during the 1990s. Projects failed because of the lack of an overall strategy. You really have to put compliance on one side and work out a business case, which includes benefits as well as obligations," Mr Mestchian says.
This "holistic" approach is supported by the fact that, while the various regulations aim to achieve different ends, there are common areas, especially in the data required.
"Most of the smart organisations are looking at the regulations altogether. There are, for example, overlaps in the data required for Sarbanes-Oxley, Basel 2 and the International Accounting Standard (IAS)," says Paul Cartwright, managing partner of risk and regulatory management at consultants Accenture.
Barclays Bank recognised this early on and put in place a formal Integrated Regulatory Programme (IRP) to tackle regulatory issues in one go. Brendon Kirby, Barclays' programme director, says the bank wanted to take a consistent approach and look for potential gains at the same time.
"We had discussions a few years ago which led us to take a consolidated approach to regulation. You can see regulation as a nuisance - but if you can go the extra step you can get real benefits. I see it as a sort of regulatory aikido where you turn a liability to advantage."
He adds that the approach has not only justified itself, it has put the bank in a good position to meet its obligations:
"The work we have done over the last few years has given us a good feel for Basel 2 and we have realised we are pretty close. I was personally quite surprised because when we looked at the detail we found it was incremental changes and only about 10 per cent of the work we expected."
More importantly, Barclays sees opportunities to use the data gathered for risk management to drive through improvements in business operations. "In the key area of non-financial risk under Basel 2, for example, we can see ways to leverage the data for other purposes," says Mr Kirby.
Andrew Barnes, global marketing director at KVS, a data archive specialist, echoes this: "It is not only compliance that needs data. If you are putting in systems to make it easier to get at records for compliance, then you might as well go further and get some benefit."
Jeffrey Rodek, chief executive of Hyperion, the US business process management (BPM) specialist, also advocates the holistic approach and says the drive to compliance gives companies new ways to improve their performance.
"Compliance and external pressures on financial organisations are certainly challenging, but they can all be dealt with. BPM can provide the framework to drive compliance - but it can also bring benefits."
Mr Rodek says companies should not be satisfied with meeting the minimum requirements of the regulations; they should strive for the best. "The point of the regulations is to restore trust in business and the markets. Companies should not invest only to comply - they should go beyond this and get an insight into their business so they can run it well."
Jean Louis Bravade, managing director of financial services for Europe, Middle East and Africa at EDS, says the result should be good for the industry. "By and large, financial organisations are not at the leading edge of industrial-strength systems. The need to comply is forcing them to review their IT infrastructure, their controls and their workflow. The direction that is being set is definitely a good one."
By the end of 2004, the success or otherwise of large US companies' efforts to comply with the Sarbanes-Oxley Act will be revealed. The Basel 2 accord is still three years away - but the requirement for historic data means that for many, the work should have already begun.
It looks as if some banks have yet to get this message. A recent survey by PA Consulting Group of the world's top banks showed that progress towards complying with the accord is mixed. "While 81 per cent have clear objectives, only 39 per cent have committed budgets to compliance," says Eddie Niestat, PA's head of risk management and capital strategy.
"If we have any faith in the timetable for Basel, for some elements it is already too late."
