Lessons Learned: Sarbanes-Oxley to Basel II

The Basel II Capital Accord and Sarbanes-Oxley have brought regulatory concerns over operating risk to the top of the corporate agenda. While different geographies adopt disparate legislation, international organisations have been addressing compliance.

The Sarbanes-Oxley Act brings significant change to American federal securities laws and organisations are under tremendous pressure to meet its rigorous requirements. Managements must now audit the effectiveness of internal financial controls and certify proper backup procedures. The complexity of enterprise data protection and the continued explosion in information has made this difficult. Companies should assess data policies and performance immediately to start evolving towards best practice.

Basel II was devised to set a new global standard for financial institutions to measure risk and allocate capital. The new, stricter regulations have left some unsure of how to store data and exactly what to keep in order to comply.
Twin compliance is a widespread issue, as is whether these two operational mandates are in conflict. Although both require a common framework and governance model, Sarbanes-Oxley applies to all US public corporations, while Basel II covers financial institutions in over 100 countries. Sarbanes-Oxley aims to restore investor confidence by addressing issues such as financial reporting and conflicts of interest. Under Basel II, financial institutions must manage operational risk in order to reduce capital reserves.

In effect, Sarbanes-Oxley and Basel II are complimentary, not competitive mandates. However, there is real competition in the cost and prioritisation of resources necessary for financial institutions to meet the compliance guidelines. Some aspects of Sarbox continue to cause headaches and has caused many companies delayed quarterly filings.

The impact that building a compliant organisation has on people and processes is often underestimated. The operational impacts touch virtually every department, with technology staff bearing the brunt of the changes. When our company is involved early in data protection compliance process we can minimise disruption, create broad visibility and establish a smooth path to compliance.

Since Sarbanes-Oxley we have seen an increased demand to measure service level agreements and we anticipate their growth in importance for organisations preparing for Basel II. While expensive and time consuming, new regulations have prodded organisations into improving their core business processes and developing greater efficiency in their data management, security and protection procedures. They may well find it has also helped them become more profitable in the long-run.

Drake Pruitt, vice president of marketing, Bocada