Basel II, less commonly known as the International Convergence of Capital Measurement and Capital Standards: a Revised Framework, will have a major positive impact on IT budgets and spend in the next few years.
This is the message from Escrow Europe director, Andrew Stekhoven, who returned this week from a conference in the Netherlands where he presented a paper on the implications of compliance for chief technology officers.
According to Stekhoven, the management of software use and compliance with accords are becoming increasingly popular and necessary applications for today`s CIOs.
For example, he quoted, the IDC states that compliance is the number one IT investment focus for organisations in 2004. Furthermore, AMR Research indicates that more than $5 billion will be spent on compliance-related activities and IT purchases this year alone in the US.
With respect to Basel II, Stekhoven said most corporations are heeding the call for compliance. Referring to a survey conducted by the Global Association of Risk Professionals (GARP), he highlighted that over 70% of firms polled expected to be Basel II compliant by 2006, as the following results show:
* What is the likelihood that your firm will be fully compliant with Basel II by the current 2006 deadline?
No chance: 7%
Unlikely: 19%
Somewhat probable: 40 %
Very probable: 33%
* After Basel II is implemented, internal risk management at my firm will be:
Greatly improved: 30%
Somewhat improved: 56%
Unchanged: 9%
Somewhat hampered: 4%
* Which of the following tasks do you anticipate being the largest `Basel II-inspired` credit-risk challenge?
Deployment of new technology: 19%
Capital allocation calculation: 26%
Data aggregation: 32%
Data cleansing: 18%
Other: 4%
"Today`s firms face an alphabet soup of compliance requirements - for companies doing business in or with the US there`s Sarbanes-Oxley; globally there`s ISO 17799, Basel II and the IDC/BSA Piracy Report; and locally King II and the FAIS Bill to name but a few.
"As with any complex regulatory pronouncement, business-risk service providers such as the management consultants will initially gain the most business since they provide advice and counsel to clients on understanding and interpreting the regulation and developing a strategy and approach to address it.
"IT service providers then play a role in defining and implementing supporting IT tool solutions. The challenge these IT service providers and outsourcers face is that, overall, the regulations make their business models and offerings more complex and expensive, and most are still working through how to address them in an adequate and profitable manner."
Stekhoven said it was critical CIOs realise that, at the same time as they become more reliant on IT to ensure their compliance, they become more reliant on software systems that do not `lock, stock and barrel` belong to them.
"This dependence implies risk, particularly if the system is directly related to the core business process. In this instance, it is crucial to minimise the company`s exposure and escrow is the pre-eminent vehicle to do that," he said.
Software escrow provides for the deposit of the source code of a vital software product with a neutral third-party. This third-party is authorised to release the source to the end-user under conditions agreed upon by the supplier and end-user in the escrow agreement.
"Companies should opt for escrow because it guarantees availability and continuity of use of vital know-how as well as safeguards critical business process," said Stekhoven. "In addition, it protects software, hardware and industrial investments, and reduces dependency on third-parties or employees.
"Escrow Europe is among the world leaders in active escrow. The difference between passive escrow and active escrow is that the latter warrants that the items held under escrow are up-to-date.
"A simple comparison could be made to a first aid kit: someone playing a passive role may simply ensure there is a kit; the person playing an active role would, however, open the kit regularly, and, according to a consistent set of rules, check there are sufficient supplies, check that none of the medicines it contains are past their `sell by` dates, and confirm the contents by means of a written report for the record.
"In SA, we have formed a strategic relationship with Buys Inc, a leading `new age` law firm, to provide practical and cost-effective solutions to address the risks governed by ISO 17799 and other local and international IT governance guidelines.
"Step one in the solution is active source code escrow and step two is a software and intellectual property compliance audit combined with a software licence and use policy. Buys Inc has also developed an extensive checklist to assist companies evaluate their risk," he said.
For more information about Escrow Europe`s South African office, visit www.itweb.co.za/office/escroweurope/ and for the global operation see www.escroweurope.com. To view Buys Inc`s checklist, go to http://www.buys.co.za/gbDownloads.asp?field=file&RID=94.
Share