Compliance in the Financial Industry (COFIN)

As an act regarding recent financial and economic crises, numerous cases of financial corruption and scandals regarding tax avoidance (e.g. “panama papers”), legislatures stress financial regulation on national, European and international level more and more. One the one hand, this leads to complex and obscure law landscapes. On the other hand, financial institutes tend to translate them into isolated solutions and fail to develop an integrated approach regarding regulatory compliance. Nevertheless, the dynamics and complexity of regulations require a profound, and still flexible approach addressing the institutes’ governance processes, their operational structures and IT landscapes. So far, the industry lacks such a holistic approach to support financial institutes in building an efficient and integrated compliance organization. The objective of the COFIN project is to develop a structured and practice-oriented data basis of regulatory compliance in the financial industry. The project concentrates on developing a reference model, which captures responsibilities and processes of a financial compliance organization and analyzes current state and future need of relevant IT support. Furthermore, a method is provided that defines how relevant data is acquired and analyzed in order to derive such a reference model. This project distinguishes itself from other similar endeavors in terms of how the data is acquired. Since the project team assesses the plethora of existing laws and by-laws being too vague and partly contradictory, such data sources are dismissed. In contrast, qualitative data collection techniques are used to gather information from individual financial institutes in order to get insights into established practice.

In the frame of the project approaches from two information systems research domains are applied: enterprise architecture management (EAM) and reference modeling. The resulting compliance reference model follows the structure of the EAM framework TOGAF, which analyzes organizations from the business, data, application and technology perspectives and relates them among each other, resulting in a holistic EA model. Based on the prior mentioned data collection iterations at the numerous financial institutes, individual EA models are developed at first. Afterwards an integrated reference EA model for financial compliance organizations will be derived using techniques from the inductive reference modeling discipline.

The project was initiated by the BITKOM Work Group “Compliance for Banking and Finance” and is overseen by the Quadriga Institute for Regulation & Management (QIRM) located in Berlin, with which the Chair of Business Information Systems is cooperating.