“Necessity is the Mother of Invention” Gaining Value from Regulatory Demands Kevin Butcher Senior Vice-President, Enterprise Systems, BMO Financial Group June 18, 2009

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands BMO Financial Group’s view on leveraging regulatory projects to gain a 2-for-1 benefit, creating customer and bank value A regulatory need can be met in two ways: –Meet the specific need –Meet the need with a broader perspective –BMO’s Anti-Money Laundering example The business value depends on sound governance to support Information Integrity: –Stewardship/Accountabilities –Standards, Controls and monitoring 2

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands The Regulatory World Regulators tend to look at risk aligned to the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework: There is particular interest for information management professionals to look at things through a compliance, reporting and information lens At BMO, our view of Enterprise information is that information should simultaneously serve business strategy (Customer, Pace and Growth) and operations Our Anti-Money Laundering (AML) efforts illustrate the 2 for 1 outcome COSO’S Enterprise Risk Management — Integrated Framework 3

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands AML from a Compliance Perspective Anti-money laundering regulations require an understanding of all customer activity across the organization in order to ensure there is no money laundering In order to drive the implementation of the AML project on the development side we worked with the business to link the project to strategic priorities, chiefly “knowing our customers” What we have to do: consolidate profiles (information about customers and other people and organizations of interest to the bank) from many systems Profiles: Personal & Commercial | Private Client Group | Capital Markets | PartyData Integration: Consolidate | Cleanse | PackageEnterprise Customer View 4

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands AML from a Customer Perspective Our customer focused program is dedicated to protect our customers’ financial interests and understand their financial needs Efforts are focused on: –Building a formal framework to help us become more adept at asking for and interpreting customer information, resulting in better relationships –Introducing new processes, technology changes in products to ultimately result in better service –Fulfilling compliance of new mandatory regulatory changes for better protection of our financial system and our customers’ interests 5

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands The Customer View 6

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands AML and Challenges in Data Consolidation In order to consolidate the customer profiles across the Enterprise the fields in numerous information systems across the LOBs must be drawn upon: E.g.: account and credit information Retail Customers E.g.: accounts and authorized investment owner details Private Clients E.g.: lending and trading products customer details; names of beneficial owners Investors E.g.: account information for brokers with BMO accounts Third Parties The challenge is the general management of information across a complex multi divisional company (e.g. naming conventions) 7

Whether using information with a customer, a regulator, or for decisions in the business, information integrity is key Necessity is the Mother of Invention: Gaining Value from Regulatory Demands Emphasis on Information Integrity Information Integrity has two core components Information must be: A faithful representation of reality “Fit for use” We Achieve Integrity Through:Clear AccountabilitiesStandards & Process Effective Monitoring & Reporting These are key elements to our well defined governance program 8

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands Information Integrity Accountabilities Customer data integrity requires stewardship and custodial accountabilities: Information Life-Cycle Business (Steward) Technology (Custodian) AccountabilitiesCollection & QualityProcessing & IntegrityAccess & Use Retention & Disposition Primary business unit accountability Specifying requirements Authorizing rights Specifying requirements Confirming destruction of business records Developing and executing control 9

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands Accountabilities for Access Privileges Access privileges to customer information is one of the most complicated accountabilities: Need for Business Use Aggregate Data: Corporate Steward Need for Compliance Access CAMLO (Chief Anti-Money Laundering Officer): Subject Stewardship Personally Identifiable Information: LOB Stewards 10

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands Standards, Controls & Monitoring Standards, controls and monitoring provide the infrastructure for information integrity Standards are applied at the Enterprise level and introduced through master data management and are part of the AML compliance process Data Standards Technology process controls are well developed as part of our Technology & Operations and Enterprise Infrastructure business model (e.g. CMMI, ITIL and COBIT Frameworks) Process Controls Our Information Management Corporate Support Area develops governance framework with accountabilities to monitor compliance Monitoring Compliance 11

Necessity is the Mother of Invention: Gaining Value from Regulatory Demands Concluding Thoughts & Questions “2 for 1” Shared Information & Governance Framework to Serve Both Business Strategy Compliance 12