Thanks to regulations that went into effect in 2004, such as the Check Clearing Act of the 21st Century (Check 21) and Sarbanes-Oxley, companies such as Unisys, Oracle, Microsoft and IBM were able to add to their bottom lines.
Many financial IT suppliers hit a slump once companies had solved their Y2K issues, but busy bureaucrats have given them numerous reasons to smile.
Check 21—inspired by the terrorist attacks of 9/11 when tons of paper checks sat, uncleared, on grounded planes for days—has generated quite a few new products for banks, including digital imaging and storage solutions as well as beefed-up security.
The act allows banks to exchange files called IRDs (image replacement documents) rather than physical checks, in order to transfer the represented funds from one account to another. Banks who return IRDs to their customers have to come up with ways to reassure their customers that the process is secure and their money is safe.
Systems suppliers are urging banks to install new hardware and software that will help them not only meet the challenges proposed by Check 21, but also get a leg up on their competition.
Bob Hunt, senior research analyst at the Tower Group, said in a Webcast produced by Unisys that 40 percent of banks still dont have a plan in place for Check 21. With physical check volume declining, and the payment services revenue that goes along with check processing dropping as well, banks that are avoiding this issue stand to lose a chunk of their profits.
Hunt estimates that as much as 40 percent of a banks revenue is contributed by payment services, including check clearing, and comprises 30 percent of its cost base. He also notes that many banks have had some of the technologies in place, such as image archiving and transport, that fulfill the requirements of Check 21, though they may not be exploiting them in a way to improve the bottom line.
Most regulations are put on the books in response to abusive practices. Thanks to innovative (read: illegal) accounting at firms such as Enron and WorldCom, which cost shareholders billions, the set of regulations commonly called Sarbanes-Oxley (or Sarb-Ox) were written. Sarb-Ox, however, requires reports and assessments, but not a secure IT infrastructure.
John De Santis, CEO and president of Sygate, a security solutions provider, has said that section 404 of the act, which mandates certification of internal controls, requires companies to perform a self-assessment of risks for business processes that affect financial reporting. He is concerned that systems that lack the appropriate level of security could land corporate executives in the clink.
De Santis says ensuring network integrity requires much more than reports and assessments, which is as far as Sarbanes-Oxley goes. It requires an infrastructure that supports enforceable policies and best practices to ensure compliance, an infrastructure with much deeper guidelines, and better, clearer definitions of "best practice" for specific industries such as banking and insurance. This is something else for corporations to spend money on, thanks to regulatory action.