Analysis: Arizona Bank Mixes Compliance and Efficiency - InformationWeek
IoT
IoT
Software // Information Management
News
4/18/2005
07:00 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Analysis: Arizona Bank Mixes Compliance and Efficiency

The 1st National Bank Holding Company has put a compliant "paper-trail" in place while eliminating the burden of paperwork.

It's the duty of the Office of the Comptroller of the Currency (OCC), a unit of the U.S. Department of the Treasury, to ensure that the country has a safe, sound and competitive banking system. For banks, that means submitting to periodic OCC reviews and ensuring that proper documentation and approvals are in place. That may sound like bureaucracy, but the 1st National Bank Holding Company has put a compliant "paper-trail" in place while eliminating the burden of paperwork.

Based in Scottsdale, Ariz., 1st National's paperwork reduction initiative began two years ago, when the bank determined it couldn't keep up with IT system access requests. The bank had grown tremendously, and with nearly 2,000 employees, it was struggling to process as many as 50 requests per day for new access and changes in access to the primary banking platform, online banking systems and a host of other IT touch points.

"We have dozens of systems, and each one had corresponding forms that had to be filled out and routed for signatures," says Drew West, vice president of engineering services. "The length of the approval process varied, but every form involved multiple signature levels to ensure checks and balances. Approval could take weeks if something was misrouted."

Following a needs analysis, 1st National decided on a business process management (BPM) approach. "System access requests weren't the only process-oriented automation requirement we had," West explains. "We also wanted to reduce risks associated with engaging various types of suppliers, and we felt BPM would help us enforce our policies and procedures consistently."

Following a 90-day review, the bank chose the Ultimus BPM Suite from Ultimus Inc. in Cary, N.C. The implementation began in early 2004, and by August of that year a paper-free systems access request process, with electronic forms, rules-based routing, e-mail alerts and built-in compliance, was in place. "The process was reduced to a matter of days," West says, "and there's an audit trail of the complete transaction."

Even before the first project was completed, work began in July 2004 on an automated vendor engagement process. As is common in BPM deployments, the rollout took half the time of the initial process, going live in October 2004. Now, whenever a bank official wants to engage a new vendor or extend a contract with an existing supplier, the system walks the user through a rules-driven questionnaire. Based on the responses, the process builds a due-diligence checklist, mapping out investigatory tasks that have to be completed, reviewed and approved.

"If our own banking services are dependent upon products and services provided by third-party vendors, we have to understand and document their limitations and risks," West says. Thus, hardware and software vendors, Web hosting and telecom partners, data backup and recovery services, and even printers and facilities maintenance providers come under the same rigorous review, with service-level agreements (SLAs) and guarantees documented and accountability and tracking of who signed off on the review at the bank.

Next up on 1st National's to-do list are procurement and human resource requisition processes. West predicts it will be a quick rollout, because the HR process can share many of the approval components developed for system access requests.

The bank declined to detail its BPM investment, but Ultimus says combined software, services and maintenance costs range from $90,000 for midsize-company deployments up to several hundred thousand dollars for large, enterprisewide projects.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll