Correspondence: , Accounting and Taxation, Robert Morris University, Pittsburgh, PA, USA. Tel: +1 (412) 397-3970; E-mail: raghavan@rmu.edu

¹was a senior executive at US major bank holding companies where she had responsibility for operations, compliance and systems. She had managed the operations functions and directed the banks' compliance with FDICIA, SOX, BSA/AML, Basel II and AMA until 2003. She is currently an assistant professor in Accounting and Taxation with research interests in banking, accounting, finance, internal control, and strategy.

Received 17 April 2007.

Abstract

Banking managers, chief financial officers , and politicians are increasingly voicing their concerns about the 'excessive' burden imposed by compliance with Sarbanes–Oxley (SOX) Act, Bank Secrecy Act/Anti-Money Laundering (BSA/AML), and Interagency Supervisory guidance on operational risk advanced measurement approaches (AMA). The underpinnings of the banking regulations — FDICIA, SOX, AMA, and BSA/AML — are all, however, based on the organisation's internal control structure, and provide a solid framework for enterprise-wide management of operational risk and capital. The Intelligence Reform and Terrorism Prevention Act of 2004, ACH Guideline changes, Check 21, and increasing competition through technology-based products and services are part of the larger picture of evolving threats and increasing change in the industry that are challenging the banking managers to take a holistic approach to enterprise-wide risk management. In the current environment of corporate scandals and public distrust, the investor community will use the integrated compliance framework to differentiate between adopters and nonadopters of good corporate management practices. This paper highlights the regulatory overlaps and inherent leveraging opportunities in the compliance practices, and points out the competitive advantage to progressive banking institutions. It includes a personal view for implementing integrated enterprise-wide operational risk management leveraging on existing compliance practices, and outlines regulatory Guidelines for information technology controls and BSA/AML compliance. The paper explores how the compliance requirements are changing the emphasis of corporate governance and finance functions in banking institutions.