Brokerages face big IT bills to comply with USA Patriot Act
Computerworld - A report released last week estimates that the U.S. brokerage industry will spend as much as $700 million through 2005 on technology and outsourcing services in order to comply with the antiterrorism and anti-money-laundering regulations of the USA Patriot Act.
The report by Needham, Mass.-based TowerGroup says brokerages spent $117 million on Patriot Act compliance measures last year and will invest about $404 million this year, when most of the Patriot Act's provisions become law. The report also indicates that some large brokerages expect to spend up to $30 million each. But after that, budgeting for compliance initiatives drops off sharply.
"I don't want to say they're not taking it seriously, but of 5,500 registered [securities] dealers in the country, I'd estimate that 1,000 or less are actively building or buying solutions," said Bob Iati, a research director at TowerGroup.
The Patriot Act, which was signed by President Bush in October 2001 in response to the Sept. 11 terrorist attacks, requires financial services companies to develop improved capabilities to identify customers and flag suspicious transactions.
Where the Money Goes
According to TowerGroup, about 39% of compliance budgets is being spent on integrating back-end systems, and 35% is going toward new software. Another 24% of the money is being used to upgrade IT infrastructures, such as hardware and storage, the report says. The remaining 2% is paying for outsourcing services with operators of customer databases, such as Regulatory DataCorp International LLC (RDC) in New York.
RDC was launched in July by The Goldman Sachs Group Inc. and other firms to develop a database for screening suspected criminals. Companies use a secure Web portal to send individual names or lists of customers to RDC, which then runs the names through an Oracle database installed on Unix servers.
Bill Catucci, CEO and president of RDC, said the company has about 25 clients in addition to its 20 original investors, who included Merrill Lynch & Co. and Citigroup Inc. But he noted that the stipulations of the Patriot Act are fuzzy at best.
"When [federal regulators] say you should have a compliance system that meets due diligence, you don't know what that means," Catucci said. "The issue is that if you don't meet the requirements, they'll sanction you."
Regulators are first checking to make sure that companies have established the required anti-money-laundering and antiterrorism programs, and then they're examining the actual compliance procedures, said Breffni McGuire, a TowerGroup analyst. "And after that, they're looking to see if you have the technology in place and are using it effectively," McGuire said.
Eric Friedberg is a former federal regulator who is now executive vice president and general counsel at Stroz Friedberg LLC, an IT services and consulting firm in New York. Friedberg said that although most large banks and brokerages are on their way to Patriot Act compliance, many smaller companies don't intend to get there because they don't think it's worth the cost.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Gov't Legislation/Regulation White Papers | Webcasts