Holistic compliance: the future of financial risk management: most compliance monitoring is narrowly focused on transaction systems and fails to take into account the broader context in which transactions are executed, blinding it to 90 percent of what's occurring. Companies need to put in place the technology and the people to ensure they're not caught off guard.

• Author: Charnock, Elizabeth
• Position: LEGAL ISSUES

What is "holistic" compliance and why should financial executives be paying attention to it right now?

It's hardly necessary to list organizations that have had financial difficulties in recent months. But of particular interest are those that have, in some way or other, shot themselves in the foot--or even the head. This can happen when an employee behaves in ways that seriously damage the organization as a whole.

In other words, it often represents the failure of a compliance monitoring system.

At leading French bank Societe Generale, for example, one trader contrived to take unauthorized positions that resulted in a stunning $7.2 billion loss for the firm. This happened despite the deployment of a compliance system that was intended to safeguard against such losses.

In the case of The Bear Stearns Cos. Inc., investors allege that hedge fund managers concealed important information about their funds. Prime exhibits in this case are starkly contrasting communications, such as internal emails that stated, "I think we should close the funds now." Contrast that with external communications that told investors: "The funds are performing exactly as they were designed to."

Subsequently, the managers were charged with securities and wire fraud and with insider trading. Now; some major investors have brought lawsuits claiming that they were misled about the state of the funds.

A commonality between these two cases--one shared with numerous others--is that there was a serious disconnect between reality and perception, a disconnect that was ultimately uncovered with serious legal and financial consequences for the organizations involved.

And existing compliance systems did not prevent these problems. Both cases are examples of circumstances in which a holistic compliance system could have led to a different outcome.

A shortcoming of most compliance systems today is the narrow view they take of the systems they scrutinize; they are primarily focused on an organization's transaction systems.

But they fail to take into account the broader context in which transactions are executed--the emails and instant messages that propose, discuss, advise and authorize the actions of employees, along with meetings, phone calls and so forth by means of which business is conducted.

Without a view of the whole system--a holistic view--a compliance system is blind to 90 percent of what is going on in an organization.

To protect their firms from the serious legal and...