At Zions Bancorp, an IT project has become the mother of all data integration efforts-marrying governance, risk and compliance with business performance measurement across dozens of units to provide a deep view of credit, profitability, regulatory compliance, business controls and cost of ownership-all with a standard box of tools.
"The planning for this would have previously commanded 1,000 Excel spreadsheets," says Walter Young, a director and svp for Zions. "It would have been death by a thousands swords."
Instead of all those swords, Zions deployed two enterprise-licensed products from SAP-the SAP BusinessObjects Profitability and Cost Management application and SAP BusinessObjects Planning and Consolidation application-to pass data and share processes between silos.
The bank is tackling a problem facing all financial institutions, which have typically sequestered risk, compliance, profitability projections and other performance measurements within business units. In a new age that's supposed to be driven by accountability and standards, these discrepancies are no longer considered acceptable. "It's important for banks to be able to do [centralized GRC and BPM] for a number of reasons, one being reporting to regulators. Or how about reporting to your board of directors?" says Nancy Atkinson, a senior analyst for Aite. "A company like Zions, which is an amalgam of a number of financial institutions, can benefit from this."
At Zions, the solutions aim to bridge EPM, business intelligence and GRC, allowing for "closed loop" activities across departments. Zions hopes to gain insight into cycles and trends across the institution and use that information to match quarterly budgets to projections and pricing. "If a customer is sitting in front of you, you can enter a PIN and a new product and see the profitability of that product for that customer," Young says.
The bank has also placed its GRC/EPM tools in a Greenplum server environment, utilizing a MPP (massively parallel processing) architecture that has been designed for business intelligence, and can allow greater scalability than general-purpose database systems.
SAP, which developed the new platforms out of its own technology and technology acquired when it bought Business Objects, believes there are dots that can be connected between GRC and performance measurement, since it all ties into relationships between expense and revenue.
"If you know how much it costs to produce an item or service a loan type, you can make a determination in the planning cycle as to what types of loans you want to focus on. If you can break down silos, you can extract extra benefits out of a holistic process," says James Fisher, senior director of solution marketing, SAP. "And governance, risk and compliance fits in with that, because every time you produce a plan, you want to make sure controls are in place."
Other firms with a presence in the enterprise GRC/BPM space include Pegasystems, Oracle, SAS, IBM and others. Pegasystems, whose clients include JP Morgan Chase, integrates its GRC technology to identify and analyze associated risks stemming from other products or financial relationships. "A bank may have a customer on the treasury services or retail side. The bank can identify this without having to ask for extra documentation," says Reetu Khosla, director of risk, fraud and compliance for Pegasystems.
SAS is developing a user portal that allows centralized access to various solutions that are used for GRC purposes, including data mining, AML and performance forecasting, Clark Abraham, chief financial architect for SAS, says the technology already exists, but SAS' initiative is to make it available in a central, user-friendly location.
"It could be the CRO or Chief Compliance officer looking at this," Abraham says. "The efficiency is key. Those who need to have this information don't have to have technical wherewithal."
Zion's project aside, the trend's still emerging, and there's room for more of these initiatives. James Van Dyke, president and founder, Javelin Research, says banks still lag in consolidating GRC across business lines. While banks are making progress toward centralizing risk management, deep dive analysis of that risk is still in short supply.
"Institutions by and large do a poor job of prioritizing, of deciding how much attention do give one form of risk over another," he says.