IBM Debuts Trio Of Compliance Products

The products are intended to help companies deal with the rising costs of complying with government regulations.
IBM on Monday unveiled three compliance software products intended to assist companies with the rising costs of complying with government regulations such as the Sarbanes-Oxley Act, the USA Patriot Act, and the Health Insurance Portability and Accountability Act.

It launched Content Management for Message Monitoring and Retention, which helps manage archiving and retention of correspondence. The Content Management software features built-in collaboration with IBM business partner iLumin Software Services Inc. and uses smart-indexing capabilities to scan and analyze incoming and outgoing electronic messages, flagging suspect content for further review.

IBM also debuted a Security Compliance Manager for its Tivoli data life-cycle management system and released an updated version of its Lotus Workplace for Business Controls and Reporting,

Security Compliance Manager helps identify security gaps by scanning PCs and servers to check for compliance with both internal company rules and those imposed by regulators such as the Securities and Exchange Commission and the National Association of Securities Dealers, which specify procedures for retaining electronic documents that could be used to assist investigators.

Lotus Workplace for Business Controls and Reporting lets companies identify, assign, test, and monitor business controls and achieve greater transparency in financial reporting.

The products complement IBM's TotalStorage Data Retention 450, a compliance-in-a-box offering introduced last month; the product integrates content-management software with data life-cycle management software. Documentum Inc. last month unveiled an enterprise content-management software solution for compliance that's linked to EMC Corp.'s Centera data life-cycle management product; EMC acquired Documentum last year.

As the amount of unstructured information such as E-mails, instant messages, and documents eclipses structured information stored in rows of databases, companies are hiking IT spending for enterprise content management and data-life-cycle management software. The volumes of such information which must be managed to comply with regulations is engulfing companies; some public companies are considering going private rather than make the necessary IT investments, says Robert Bontempo, professor of management at Columbia Business School.

Huntington Bancshares Inc. has implemented IBM's Lotus Workplace for Business Controls and Reporting to perform its Sarbanes-Oxley section 404 compliance. It's using it to identify and test the controls embedded in the systems that feed its financial-reporting systems. For example, a commercial loan passes through several stages--origination, servicing, and closing, each of which involves a separate system. In the past, those systems would be audited haphazardly, says John Benninger, the bank's senior VP of risk management and corporate governance; one year the origination system might be tested, the next year the servicing system. Now, the auditing is performed systematically, with the Lotus system acting as a repository and a test bed for financial controls.

Huntington's top execs would like to have "absolute assurance," he says. The company has spent $500,000 for 404 compliance, including internal systems work as well as risk consulting services from KPMG.

That process of documenting and testing needs to be performed for each of Huntington's systems that are associated with balance sheet line items. All those systems will be rigorously reviewed, Benninger says.

Huntington's compliance platform lets it maximize efficiency by combining efforts for complying with Sarbanes-Oxley and those imposed by financial regulators such as the Federal Deposit Insurance Corp. It also lets the bank fulfill reporting requirements to its board of directors. After tackling Sarbanes-Oxley's section 404, which governs internal control over financial reporting, Huntington will use the platform to achieve compliance with section 409, which requires companies to report in real time on any weaknesses in their financial controls.