Self-definition of core business activities is impacting fundamentally the applicable requirements set out in recent regulations to the financial sector. This increases the effectiveness by holding the financial institutions accountable for business sustainability. The flip side of it is that the financial industry is not very mature in the Enterprise Architecture practice, which is the documentary and decisional support for these governance topics.
Another (missed) opportunity to manage compliancy as an outcome of ambitious and motivating programs, instead of taking regulation as a burden. By lacking precise and documented decisions on scoping, financial institutions indeed increase their cost of compliancy. There is another route to efficient compliancy!
Still today, many financial organizations are in doubt with the definition of their core activities or critical business functions, which is key in defining the strictness of the requirements to apply related to DORA, Outsourcing Arrangements or Risk Management (BCBS239/IFRS-9). This difficulty is directly related to the absence or low maturity of the Enterprise Architecture practice. Most knowledge and skills related to this practice are easily available with the Open Group, better known as TOGAF.
Shortly, an enterprise architecture aims to support decision taking by visualizing and documenting “value-creating transformation”, which is, vulgarized, the reason for any customer to pay your invoices or fees. To be useful, different interdependent levels are recommended: the enterprise level identifies how value is created (the mission statement made tangible in core business definitions), the business level translates this in processes, functions and information flows and the technical architecture describes how the previous is supported, notably but not only by IT and other suppliers. At each level, there is an as-is situation, a target state and both are linked by a transition plan. This pyramidal and sequential structure helps management to position decisions into the global framework of the financial institutions’ venture.
When a minimum of maturity in Enterprise Architecture is reached, the benefits are:
Guidance on strategic decisions, viability of change and estimation of transition plans.
The ability to link decisions to a priority-based framework based on the enterprise’s strategy.
Categorize activities based on their specific contribution to value creation, supporting the market approach strategy.
Identify “lots & clusters” in processes and support needs, leading to coherent organization and outsourcing.
Support the identification and qualification of risks on all levels.
Guidance on running the (continual) transition from as-is to to-be.
These benefits are directly related to the effective regulatory requirements:
In all regulations, the “Management Body” needs to take accountability, which means that it also should be able to demonstrate that they take accountability, by documented decisions or a delegation framework. Validating the Enterprise Architecture and linking decisions to it, creates that direct link between the Board’s or ExCo’s decision and related decisions and actions in the field.
Enterprise Architecture includes governance on priority-based definitions of business focus, defining directly Core Activities and Critical Business Functions.
The visualized designs of business and technical architecture provide deep insight, critical for identifying risks, qualifying these and managing remediation measures.
Fundamental insight in the value-creating transformation proposed to the market also identifies the clients and their (risk of illicit) needs, which is a tangible input for an effective Risk-Based Approach on AML/CFT, hence reducing the global workload by focus on specific risks.
It remains recommended for financial institutions not to jump blindfolded into implementing TOGAF Enterprise Architecture without having clarified the sense of it. Some traditional rules remain valid: focus on your pain, gradually adopt, relate all action to demonstrable value, learn from experience and be assisted by expert consultants.
By actively increasing the maturity of practices like Enterprise Architecture, organizations are realizing better control and governance over their critical activities, organization, IT, risks and outsourcing. Consequently, scope definitions of regulatory requirements will be better fine-tuned and factually motivated. As a result, the cost of compliancy will drastically drop and foremost another compliance project will be replaced by a motivating strategic governance program, contributing directly to business success.
コメント