|
EU Third
Anti-Money Laundering Directive |
The Third Anti-Money Laundering Directive builds on existing EU legislation in the fight against money laundering and terrorist financing.
The directive is applicable to the financial sector as well as to lawyers, notaries, accountants, real estate agents, casinos, trust and company service providers, when payments are made in cash in excess of €15.000. |
Database solutions
Data collection solutions
Security solutions
CRM systems AML infrastructure tools |
Operational
Part of worldwide initiative for AML
operational and IT solutions to reduce
cost and risk. |
| EU
Data Protection Directive – 95/46/EC |
This directive covers the use of data held on private individuals within the EU. It mandates that data must be handled fairly and openly, limited to the purpose for which it was gathered, stored securely and limited in its distribution. Individuals have rights to access and redress for any inaccuracies.
This act is augmented by two other acts specific to the telecommunications and electronic communications sectors which look at the automatic gathering of data and its uses.
US companies can comply through the US “Safe Harbor”
scheme. |
Security
Database
Content Management
Storage
Backup
Disaster Recovery
CRM Systems
Document Management |
Operational
Operating and IT solutions emerging. |
| EU Electronic Data
Directive |
Requires Member states to allow filing of company records electronically. Additionally requires certain company particulars (e.g. registered address, registration number) to be all company documents, including electronic submissions, and on company websites. |
Updates to accounting packages, Data Storage and Data Management. |
Operational
IT systems being implemented. |
|
EU Working Time Directive |
EU legislation designed to prevent damage to the health of workers through working excessive hours. Effects all companies of all sizes, requires various collection of data. |
Data Storage
Data Management
CRM
Various Applications |
Operational
In operation and IT systems in procurement, usually adapting ERP HR system. |
| EU Audit
Directive |
A new Directive on statutory audit in the EU. Objectives are to ensure that investors and other interested parties can rely fully on the accuracy of audited accounts and to enhance the EU's protection against the type of scandals that recently occurred in companies such as Parmalat and Ahold. |
Information lifecycle management (ILM)
Storage
Archive
Disaster Recovery
Email Management
Email Content Audit
Database
Data Mining Tools
Risk Assessment and Management Tools
Point Solutions |
Deadline
Review under way. |
| Basel II
Accord |
Regulation to introduce a standardized risk-sensitive capital framework in international financial institutions. |
Data collection
Analysis
Monitoring or Tracking Solutions
Risk Identification Technology (operational, credit and market) |
Operational
Continuing compliance in stages and IT investments started usually as part of an integrated regulatory and compliance infrastructure. |
| Markets In Financial Instruments Directive (MiFID) |
The directive focuses on driving transparency into the trading arena and has significant implications for any firm buying or selling equities, derivatives, bonds, or any other financial instruments, whether retail or wholesale. |
Internal order-matching systems.
Quote engines to publish equity trades in real time.
Storage Area Networks.
Adapting their systems to take in pricing data from "internalisers" and MTFs. |
Operational
2007 for operational implementation with IT integrated solution investment, probably as part of integrated risk and compliance infrastructure. |
| Financial Services Authority [FSA]
Reporting Rules |
New Capital Requirements Directive [CRD] requires new financial reporting by credit institutions and investment firms in addition to existing returns, using the FSA online Early Reporting System [ERS]. |
Online reporting
infrastructure
including security, information
management and web interface. |
Operational
Operational and IT requirements are high priority. |
| Capital
Adequacy Directive (CAD3) |
This EU Directive provides the legislative framework for the implementation of Basel II for all European investment institutions. |
Data collection
Analysis
Monitoring or Tracking Solutions
Risk Identification Technology (operational, credit and market) |
Operational
Adopted and IT solutions demand started. |
| USA Patriot
Act |
US
Government Act to widen existing
Anti-Money Laundering requirements that
will affect all financial institutions. |
Tools to
enhance knowledge management
AML infrastructure tools
Integration of transactional-processing
systems |
Operational
Part of worldwide initiative for AML is
operational and IT solutions to reduce
cost and risk emerging. |
| Environmental Information Regulations
(2004) |
This law, which compliments the FOI Act, gives the public the right to request environmental information. Manufacturers, in particular, will have to make data available on areas such as, pollution, carbon emissions, noise, radiation, the use of genetically modified organisms and health & safety information. |
Workflow
Database
Security
Storage
Data Mining
Portal
Communications
Networking
Backup
Disaster Recovery |
Operational
Operating and IT solutions emerging. |
| The
Companies (Audit, Investigations and
Community Enterprise) Act |
The Act is designed to improve the reliability of financial reporting and reinforce auditor independence and auditor regulations. Includes the need to ensure disclosure of all relevant information to auditors, increased inspection with more detailed reports. |
Storage
Disaster Recovery
Database
Changes to accounting packages / software systems
Report Generators |
Operational |
| Data
Protection Act |
Affects all companies, which must comply with the 8 enforceable principles of good practise in management of personal data. Takes precedence over FoI Act. |
Security
Data Management
CRM
Workflow
Document Management Systems |
Operational
Operational and demand for IT solutions as part of an integrated |
|
Sarbanes-Oxley Act (SOX) |
Act (part of 2002, Sarbanes-Oxley Act) which
mandates that all auditing firms retain
records relevant to audits and reviews
also has significant implications on
companies’ IT resources. |
Document
Retention Systems
Email Management Systems
Content Management Storage Solutions |
Operational
SOX 404 deadline for non-accelerated filers and foreign private issuers in 2007 opening IT solutions for automated reporting including US owned off-shore corporations. |
| T+1 (Settling securities in one day) |
Regulation aimed at shortening the settlement of traded securities from 3 days to 1 day. |
Middleware Upgrade
Messaging
Transformation
Data Enrichment and Routing Database Integration
Integrating internal applications to automate internal processing. |
Potential
The Securities Industry Association (SIA) pushing a set of objectives based on Straight Through Processing (STP) that supersede T+1 in time. |
|
PCI
[Payment Card Industry] Data Security
Standard |
The PCI Data Security Standard is a set of comprehensive requirements for enhancing payment account data security. It was developed by the founding payment brands of the PCI Security Standards Council, including Visa, MasterCard, American Express, Discover Financial Services and JCB, to help facilitate the broad adoption of consistent data security measures on a global basis. |
The PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organisations proactively protect customer account data. |
Operational
Adopted and
IT infrastructure solutions being implemented. |
ISO 20000
IT Service Management Standard |
ISO 20000 comprises two parts: ISO 20000-1 is the 'Specification for Service Management, and ISO 20000-2 is the 'Code of practice for Service Management'.
Together, these form a top-down framework to define the features of service management processes that are essential for the delivery of high quality services.
ISO 20,0000 allows IT organizations to formally certify their IT services, using ITIL [Information Technology Infrastructure Library] global best practice for IT service delivery. |
Security Management
Storage Management
Business Application Management
Server, Network & Device Management |
Operational
Rapidly adopted as the international standard for IT Service Management based upon ITIL based upon substantial TCO reduction as business case. |
|
ISO 27001
Information Security Standard |
ISO 27001 is the formal standard against which organizations may seek independent certification of their Information Security Management Systems to reduce businesses’ information security vulnerability. |
ERP solutions
IT Security Applications and services |
Operational
Rapidly being adopted worldwide as the
standard for business’ information
security. |
|
IAS (International Accounting Standards) |
International standards on accounting and the regulation of financial result calculation. Designed to improve transparency and represent a step towards a common global accounting standard. |
Enterprise
integration systems
Data gathering systems. |
Operational
The legislation will require significant
investment in appropriate systems to
facilitate internal reporting and data
gathering. |
|
Straight
Through Processing (STP) |
STP aims to
reduce trade settlement timescales by
implementing technology to allow
straight through processing of trades.
STP still faces challenges to allow for
time differences around the World. |
Middleware
Upgrade Messaging
Transformation
Data Enrichment and- Routing
Database Integration Integrating
internal applications to automate
internal processing. |
Operational
Operational
and IT solutions necessary to integrate
process. |
