Bank spending on operational risk management (ORM) software and services is set to grow at a compound annual growth rate of 4.7% to reach $1.38bn by 2010, according to an annual study released by Chartis Research.
Chartis says the ORM software market - estimated to be $163m in 2006 - is set to grow at a compound annual growth rate of 7.7% to hit $219m by 2010.
Meanwhile ORM related consulting services will continue to grow at a healthy 10.2% compound annual rate. This will be fuelled by Sarbanes-Oxley, Basel II and other risk or governance regulations. As the second wave emerges, Chartis says it expects systems integrators to increase their activity in this area and derive increased revenue from it.
"One reason ORM is getting hotter is due to the fact that legal counsel and outside counsel are advising clients to error on the side of over-compliance", said Peter L. Higgins, Managing Director & Chief Risk Officer at 1SecureAudit. "Showing the auditors and investigators a trail of due care and evidence of doing the right thing in their transparency and reporting is paramount. Those who are left out can trace the root cause of their fines and operational losses from ignoring such significant issues as suspicious activity reporting (SAR)", Higgins concluded. Until now, some organizations did not realize that they too are subject to such requirements:
Financial institutions have been filing increasingly larger numbers of Suspicious Activity Report (SAR) forms since the 2001 terrorist attacks, according to statistics from the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCen). Financial institutions filed more than 689,000 SAR forms in 2004, and the SAR tally for 2005 appears likely to eclipse that mark. The first half of 2005 alone saw more than 435,000 SAR forms filed. The figures for the second half of 2005 and beyond are not yet available. There are several reasons for the increase in filed reports, including an expanded definition of the types of firms that must report suspicious activity, as specified by the Patriot Act. Since January 2002, the list has been expanded to include money-order issuers, insurance companies, broker dealers, mutual funds, currency exchanges, and futures commission merchants. Another reason is that financial institutions are erring on the side of caution, filing anything remotely suspicious in order to minimize the risk of fines or regulatory hassles. "What the lawyers are telling the bankers is, when in doubt file a suspicious-activity report," explains banking consultant Bert Ely.
A recent example of ignoring the compliance laws for the Bank Secrecy Act(BSA) that include Anti-Money Laundering(AML) programs can be found at Liberty Bank of New York.
Liberty Bank failed to implement an adequate system of internal controls to ensure compliance with the Bank Secrecy Act and manage the risks of money laundering. Liberty Bank lacked adequate written policies, procedures and controls reasonably designed to ensure the detection and reporting of suspicious transactions. Liberty Bank's policies and procedures did not clearly delineate responsibility for detecting, evaluating and reporting suspicious activity, or provide guidance and instruction on the decision and approval process for suspicious activity reporting.
The reason that ORM consutling services are growing at +10% annually is because there are still people out there who don't think they are a Money Service Business(MSB) and secondly those that realize they are, have not implemented the programs effectivley even at some of the larger institutions.