Unisys predicts the first financial organization that can realistically tick all the boxes in relation to governance and compliance will be in a position to offer security as a "value-added" service to competitors in the banking industry.

Banks are fast-tracking their efforts to comply with the Sarbanes-Oxley Act's internal control reporting requirements by the July 15, 2006, deadline. Robert Dewar, Unisys financial services managing partner, said models have been designed showing how Australian banks and financial institutions can share infrastructure information and processes to not only meet compliance, but cover the costs of doing so.

"The discussion in boardrooms now is about the opportunity to utilize this very costly and expensive [compliance] infrastructure and set of capabilities that organizations are putting in place, and what is the opportunity to either create a new service offering or product," Dewar said.

"I think the key driver of 'utility security' is the large, legislative and compliance requirements around enterprise security and governance, [because] there are very serious and ongoing investments financial institutions have to make.

"As a result, some organizations could share infrastructure information and processes to achieve a shared utility thereby reducing the cost of meeting compliance.