Searchspace clients use the system to identify any bad-apple customers, Feldman says. Eventually, businesses will "leverage this infrastructure purchase to better understand good customers," he says. Searchspace can be integrated with an existing CRM system, so it can exploit underlying analytics in order to make better decisions, Feldman says.
The SAS system, too, can pull data from sources throughout a company-such as existing CRM, market-optimization, or fraud-detection systems-analyze the data, and provide reports for a range of uses. That might include highlighting "suspicious activity or who's my most profitable customer," says Mark Moorman, VP of SAS's financial-services practice.
Many compliance officers, though, don't have the resources, or the inclination, to stay current with the laws and also find ways to deliver ROI to the business. "You've got people scurrying to get the technology to meet the requirements for monitoring bad behavior," says Cathy Allen, CEO of BITS, a technology and strategy group whose members are the 100 largest financial institutions in the United States. What's more, compliance units frequently do the buying, with advice from IT. Because the money isn't coming from IT or line-of-business budgets, it's less likely ROI metrics will be applied.
Some banks, particularly small ones, are waiting to see the full scope of the remaining Patriot Act requirements before investing in tools. "We're waiting until the whole thing is enacted and anticipating a lot more work to go along with it in both back-room and front-end operations," says Bobby Swearengin, VP of operations for Arvest Bank, which has $4.8 billion in assets and provides financial services in Arkansas, Mississippi, and Oklahoma. The bank is able to comply with current regulations using existing software, including a payment-processing system from Fundtech Corp. that automatically scans transactions and compares data with Treasury Department information on suspected terrorists. Arvest also has a custom-developed system that generates daily reports on cash transactions.
Many provisions of the Patriot Act have yet to be finalized, but banks have six months from the time a new provision is passed to get systems and technology in place to handle compliance. Once all the provisions are in place, Arvest will put money into compliance tools and "then maybe we can see if its ad- vantages can go elsewhere," Swearengin says.
The regulatory burden could balloon sooner and faster than many people expect, given the Treasury Department's proposal last week to extend anti-money-laundering rules to other businesses, and the expectation that as early as April Treasury could issue new rules on customer identification. If that happens, financial-service and possibly other companies will have another huge and expensive compliance task to digest and share with other parts of their businesses.