Susan Hauser, VP of Microsoft Financial Services, on New Challenges in Risk Management and Compliance

As the global economic crisis rumbles on, financial firms of all kinds anticipate an overhaul of risk management and regulatory frameworks. I asked Microsoft’s global head of Financial Services, Susan Hauser, for her views:

Sai: Susan, as the global head of Microsoft Financial Services, what has the past year meant for financial firms in terms of risk management and compliance?

Susan: Over the past 12-18 months, we’ve seen major changes in the organisational structure of many financial institutions, as well as the products they offer. Mergers and government bailouts are only part of the story. As banks try to ensure their survival, we’ve seen a more cautious attitude to lending and measures – such as interest rate cuts – aimed at stimulating the credit markets. Through all of this, banks are both recognising past failures and facing new challenges in governance, risk management and compliance.

It remains to be seen how the regulatory landscape will develop – will it go to a more light-touch, supervisory mode, or a heavier-touch, regulation-driven model? While there are some trends towards the latter, the picture is not yet clear. However, one thing is obvious: risk management is more crucial than ever to financial organisations, and failing to deal with it is not an option.

Sai: In your interactions with financial firms around the world, what are you hearing from clients about their expectations and concerns in this area?

Susan: Many financial firms are trying to understand how they can enhance their risk management capabilities, keep up with all the regulatory changes, and review proposed new changes, while at the same time ensuring their survival in the aftermath of the current financial crisis. In such an uncertain situation, nobody can say that this will be easy – a fact that is reflected in the predictions of analysts like Tower Group that despite pressure on budgets, risk management will be a key area for IT spending among financial firms this year. However, while the issues might demand some investment, there are steps that businesses can take to minimise the cost and complexity of their risk management environment while maximising its effectiveness.

Sai: What advice would you give to firms considering a risk management and compliance project?

Susan: In risk management, context is key – it might take somebody who works with certain tools on a day-to-day basis to recognise that something is amiss, while a manager looking at a set of figures might see nothing out of the ordinary. That gives all the more reason to take a holistic and inclusive approach to risk management and compliance, rather than boxing it off as a separate function – risk affects every part of the business, so risk management should be intrinsic to every function.

For this reason it’s a good idea to take a step back and look at how risk management and compliance practices need to work across the organisation, as part of everyday operations. This in turn can lead to a realisation of how your existing technologies can be used to address risk management and compliance issues – a practice that can help to minimise complexity, as well as IT spend.

Microsoft’s focus is to help its customers enhance and execute their vision for an integrated risk management and compliance culture and environment. By adopting a people-ready business approach based on five principles, which are: to simplify and automate the adoption for employees to be more productive; embed risk management best practices in everyday activities; enhance the risk analytics and computing and unlock data; manage risk across structured and unstructured business information; and define long-term sustainable risk management and compliance blueprints.  It helps financial institutions execute their long-term risk management and compliance vision and blueprints.

Sai: How do you see firms making the best use of existing technologies in this area?

Susan: By using service-oriented architecture (SOA) based technologies that are familiar to users, financial firms can go a long way to ensuring a solid risk management and compliance environment. New risks and regulations are bound to emerge, but basing the system on SOA will enable it to be continuously updated with new applications as regulatory and business demands evolve. We have seen an increasing adoption of Microsoft Office SharePoint Server 2007 (MOSS) for enterprise and operational risk management frameworks. We see this increasing with the risk and compliance capabilities in the 2010 wave offerings, which include Exchange 2010, Office 2010, SharePoint 2010, System Centre, Windows 7.

For Bank of America, one of the world’s leading financial institutions, compliance with international financial regulations is of vital importance and the recent global Basel II Accord regulation, required for implementation by US banks by 2011, resulted in the bank’s creation of a portal solution based on MOSS this past year. Developed and deployed in just four months, the risk and control self-assessment solution collects data associated with operational risk from employees and compiles it so as to accurately measure operational risk at an enterprise level. Some 1,500 Bank of America employees across 200 organisational units use the portal solution to access data on 1,800 key operational risks. About 800 of those risks are reported as part of the bank’s enterprise risk and control assessment, as required by the Basel II Accord.  The bank has enjoyed significant benefits from the solution, which include efficient development and deployment; a powerful way of assessing trends; and an easier approach to risk mitigation.

Microsoft works with a wide array of partners across the world, many of them financial sector specialists.  These partners deliver solutions that take advantage of strong infrastructure and reusable business components while using enterprise-ready technologies. I am also happy to see the our team, comprised of leading experts like Jeff Jinnett and you, Sai, is driving efforts to embed more risk management and compliance related functions and capabilities in our technology offerings and customer blueprints. For example, our recently released IT Compliance Management Guide and IT Compliance Management Resources Workbook can help companies view their compliance obligations in the context of authority documents such as Sarbanes-Oxley, enabling them to assess their risk management and compliance needs and address them by implementing controls within their Microsoft infrastructure.

Sai: Thanks for your thoughts, Susan. I am also excited to announce that we have commissioned a global study on the Future State of Risk Management, with Professional Risk Managers International Association ( The study will be released in November 2009.

Note: The IT Compliance Management Guide is free to download at:

- - - - - - - - - - - - - - - - - - - - -

Susan Hauser is Vice President, Worldwide Financial Services group at Microsoft.

Susan began working for Microsoft in 1997, focusing on banks in New York City and was responsible for wins where retail bank branch platforms deployed on Windows NT and thus established Microsoft as a key player/provider within financial services.  In 2000, she assumed the role of financial services director for the East Region in the US, where she managed strategy, operations, and key relationships with strategic financial services customers across all financial services firms in the region.

SaiSai Sireesh is Director of Risk Management & Compliance Strategy & Solutions, Worldwide Financial Services for the Microsoft Corporation.  Mr. Sireesh has over 18 years of global experience across Risk and Compliance Consulting, Financial sector Strategy and blueprints execution.  He has worked in North America, Australia, Singapore, Malaysia, Philippines, Thailand, Indonesia and India, is a regular contributor to the Journal of Regulation & Risk, and has authored several global research studies and articles.