On 17 June 2009, in a report titled "A New Foundation: Rebuilding Financial Supervision and Regulation," U.S. President Barack Obama called for "a sweeping overhaul of the financial regulatory system," with new executive powers and the establishment of the Consumer Finance Protection Agency (see http://www.ustreas.gov/news/index1.html ).

Under the new regulatory regime, the federal government will assume a new role as a systemic risk regulator, with increased authority over a wide range of institutions. Hedge funds and private equity firms, lightly regulated in the past, will face a much higher level of scrutiny. In addition, the Consumer Finance Protection Agency will be chartered with overseeing the marketing and sale of financial products to consumers, and the Securities and Exchange Commission will gain more responsibility for regulating broker-dealers' advisory activities.

Gartner expects the proposed regulations will have several impacts on our clients:

• Hitherto less-regulated financial services providers, like hedge funds and private equity firms, must invest more in compliance and risk management efforts.
• Large firms that are considered too big to fail and that will come under the Federal Reserve Board’s new systemic risk oversight must ensure integrity of their risk management programs and prepare for increased reporting to government risk overseers.
• Consumer credit firms, which will face a new federal regulator in addition to state regulation, must be able to prove that their employees and resellers are properly trained in the policies governing the marketing and sales of their products (much as life sciences firms do today). Broker-dealers will face similar scrutiny.

CIOs and IT managers of banking, investment firms and consumer credit firms:

• Scrutinize IT risk management and compliance efforts, as well as your support of enterprise risk management and compliance investments.
• Inventory current governance, risk management and compliance technologies to identify capability gaps and also redundancies that may prevent effective cross-enterprise integration of compliance and risk management efforts.
• Evaluate technology solutions that add speed, transparency, improved analytics and reporting, and worldwide compatibility to risk management and compliance efforts, such as enterprise governance, risk and compliance (GRC) platforms, spreadsheet controls, continuous controls monitoring (CCM), incident management, and policy training and certification.
• Refrain from making any immediate purchases in response to this pending legislation, and do not allocate new funding during 2009. To avoid new spending and “do-overs,” be responsive to the actual reforms Congress approves, rather than to media hype over these proposed reforms.

Additional research contribution and review: David Furlonger

• "Continuous Controls Monitoring for Transactions: The Next Frontier for GRC Automation” — CCM for transactions can produce a financial return on investment by identifying exceptions or failures of internal controls for transactions, which may in turn be due to operational deficiencies or control gaps. By French Caldwell and Paul Proctor
• "Understanding the Foundations of Compliance” — Success in compliance requires that enterprises set down clearly articulated policies and consequences, and that senior management take the right tone. By John Bace

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)