Analysis: Arizona Bank Mixes Compliance and Efficiency
The 1st National Bank Holding Company has put a compliant "paper-trail" in place while eliminating the burden of paperwork.
It's the duty of the Office of the Comptroller of the Currency (OCC), a unit of the U.S. Department of the Treasury, to ensure that the country has a safe, sound and competitive banking system. For banks, that means submitting to periodic OCC reviews and ensuring that proper documentation and approvals are in place. That may sound like bureaucracy, but the 1st National Bank Holding Company has put a compliant "paper-trail" in place while eliminating the burden of paperwork.
Based in Scottsdale, Ariz., 1st National's paperwork reduction initiative began two years ago, when the bank determined it couldn't keep up with IT system access requests. The bank had grown tremendously, and with nearly 2,000 employees, it was struggling to process as many as 50 requests per day for new access and changes in access to the primary banking platform, online banking systems and a host of other IT touch points.
"We have dozens of systems, and each one had corresponding forms that had to be filled out and routed for signatures," says Drew West, vice president of engineering services. "The length of the approval process varied, but every form involved multiple signature levels to ensure checks and balances. Approval could take weeks if something was misrouted."
Following a needs analysis, 1st National decided on a business process management (BPM) approach. "System access requests weren't the only process-oriented automation requirement we had," West explains. "We also wanted to reduce risks associated with engaging various types of suppliers, and we felt BPM would help us enforce our policies and procedures consistently."
Following a 90-day review, the bank chose the Ultimus BPM Suite from Ultimus Inc. in Cary, N.C. The implementation began in early 2004, and by August of that year a paper-free systems access request process, with electronic forms, rules-based routing, e-mail alerts and built-in compliance, was in place. "The process was reduced to a matter of days," West says, "and there's an audit trail of the complete transaction."
Even before the first project was completed, work began in July 2004 on an automated vendor engagement process. As is common in BPM deployments, the rollout took half the time of the initial process, going live in October 2004. Now, whenever a bank official wants to engage a new vendor or extend a contract with an existing supplier, the system walks the user through a rules-driven questionnaire. Based on the responses, the process builds a due-diligence checklist, mapping out investigatory tasks that have to be completed, reviewed and approved.
"If our own banking services are dependent upon products and services provided by third-party vendors, we have to understand and document their limitations and risks," West says. Thus, hardware and software vendors, Web hosting and telecom partners, data backup and recovery services, and even printers and facilities maintenance providers come under the same rigorous review, with service-level agreements (SLAs) and guarantees documented and accountability and tracking of who signed off on the review at the bank.
Next up on 1st National's to-do list are procurement and human resource requisition processes. West predicts it will be a quick rollout, because the HR process can share many of the approval components developed for system access requests.
The bank declined to detail its BPM investment, but Ultimus says combined software, services and maintenance costs range from $90,000 for midsize-company deployments up to several hundred thousand dollars for large, enterprisewide projects.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.