Brokerages face big IT bills to comply with USA Patriot Act
Computerworld - A report released last week estimates that the U.S. brokerage industry will spend as much as $700 million through 2005 on technology and outsourcing services in order to comply with the antiterrorism and anti-money-laundering regulations of the USA Patriot Act.
The report by Needham, Mass.-based TowerGroup says brokerages spent $117 million on Patriot Act compliance measures last year and will invest about $404 million this year, when most of the Patriot Act's provisions become law. The report also indicates that some large brokerages expect to spend up to $30 million each. But after that, budgeting for compliance initiatives drops off sharply.
"I don't want to say they're not taking it seriously, but of 5,500 registered [securities] dealers in the country, I'd estimate that 1,000 or less are actively building or buying solutions," said Bob Iati, a research director at TowerGroup.
The Patriot Act, which was signed by President Bush in October 2001 in response to the Sept. 11 terrorist attacks, requires financial services companies to develop improved capabilities to identify customers and flag suspicious transactions.
Where the Money Goes
According to TowerGroup, about 39% of compliance budgets is being spent on integrating back-end systems, and 35% is going toward new software. Another 24% of the money is being used to upgrade IT infrastructures, such as hardware and storage, the report says. The remaining 2% is paying for outsourcing services with operators of customer databases, such as Regulatory DataCorp International LLC (RDC) in New York.
RDC was launched in July by The Goldman Sachs Group Inc. and other firms to develop a database for screening suspected criminals. Companies use a secure Web portal to send individual names or lists of customers to RDC, which then runs the names through an Oracle database installed on Unix servers.
Bill Catucci, CEO and president of RDC, said the company has about 25 clients in addition to its 20 original investors, who included Merrill Lynch & Co. and Citigroup Inc. But he noted that the stipulations of the Patriot Act are fuzzy at best.
"When [federal regulators] say you should have a compliance system that meets due diligence, you don't know what that means," Catucci said. "The issue is that if you don't meet the requirements, they'll sanction you."
Regulators are first checking to make sure that companies have established the required anti-money-laundering and antiterrorism programs, and then they're examining the actual compliance procedures, said Breffni McGuire, a TowerGroup analyst. "And after that, they're looking to see if you have the technology in place and are using it effectively," McGuire said.
Eric Friedberg is a former federal regulator who is now executive vice president and general counsel at Stroz Friedberg LLC, an IT services and consulting firm in New York. Friedberg said that although most large banks and brokerages are on their way to Patriot Act compliance, many smaller companies don't intend to get there because they don't think it's worth the cost.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
- X-Ray of the PCI Process-4 Proactive Steps
- This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into... All Gov't Legislation/Regulation White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Gov't Legislation/Regulation Webcasts