A prominent Swiss financial services company specialising in wealth management and investment banking faced an IBM audit claiming CHF 25 million in non-compliance fees. Redress Compliance conducted an independent review that identified significant overestimations in IBM’s sub-capacity calculations and virtualisation assessments, reconciled historical entitlements, and negotiated a settlement of CHF 1.5 million — a 94% reduction with zero penalties and zero retroactive fees.
See also: NY Financial Institution: $198.8M Avoided · UK Mining: £40M Reduced to £1.2M · IBM Audit Defence Service
The firm is a well-established Swiss financial services company with a strong reputation in wealth management and investment banking. Its IT infrastructure supports the critical systems that underpin its business: transaction processing platforms, client portfolio management, regulatory compliance and reporting systems, secure communications, and the analytical tools that investment professionals rely on to serve high-net-worth clients.
The company’s IBM software estate includes IBM middleware (WebSphere Application Server, MQ), database products (Db2), and systems management tools deployed across a combination of physical servers and virtualised environments. Operating within Switzerland’s stringent financial regulatory framework (FINMA), the firm maintains rigorous IT governance standards — but the pace of infrastructure growth, driven by expanding client operations and evolving regulatory requirements, had created gaps between the firm’s IBM software deployments and its licence entitlements.
When IBM initiated a formal software licence audit, the initial findings claimed CHF 25 million in non-compliance fees. For a wealth management firm where reputation, client trust, and regulatory standing are paramount, the audit represented not just a financial threat but a potential operational and reputational risk. The firm engaged Redress Compliance to conduct an independent assessment and manage the audit defence process.
“Financial services firms in Switzerland operate under some of the world’s most stringent regulatory expectations — FINMA demands rigorous IT governance, and any software compliance issue can attract regulatory scrutiny beyond the vendor audit itself. This creates dual pressure: the IBM audit claim must be resolved on its commercial merits, and the resolution process must demonstrate the firm’s commitment to compliance governance that satisfies both IBM and the regulator. Our approach addressed both dimensions simultaneously.”
IBM’s audit applied full-capacity PVU calculations to virtualised servers where the firm believed sub-capacity licensing should apply. ILMT was deployed but IBM’s auditors identified reporting gaps — missing quarterly reports and configuration issues on certain server clusters — that allowed IBM to default to full-capacity calculations on those environments. The difference between full-capacity and sub-capacity for the firm’s VMware infrastructure represented approximately CHF 12 million of the CHF 25 million claim.
The firm’s virtualised environment had expanded to accommodate new regulatory reporting workloads and client-facing applications. IBM’s audit counted all physical cores across VMware clusters where IBM products were present — a methodology that does not reflect the actual virtual resources allocated to IBM workloads. The over-counting was particularly significant on the firm’s largest production clusters, where IBM middleware served only a fraction of the total virtualised workload capacity.
Infrastructure growth over several years had created misalignments between deployed IBM software and recorded entitlements. Some Passport Advantage entitlements covered products on servers that had since been decommissioned, while newer deployments had not been fully reflected in the firm’s entitlement records. IBM’s audit identified only the gaps (deployments exceeding entitlements) without crediting the surpluses (entitlements exceeding deployments on other servers).
As a FINMA-regulated entity, the firm’s software compliance posture is subject to regulatory expectations around IT governance and vendor management. An unresolved IBM audit with a CHF 25 million claim could attract FINMA scrutiny beyond the audit itself — raising questions about the firm’s IT governance practices. The resolution needed to demonstrate not just commercial settlement but genuine compliance improvement that would satisfy regulatory expectations.
Redress reviewed every element of IBM’s CHF 25 million claim — the specific PVU calculations, server inventories, virtualisation assumptions, and entitlement gaps behind each product category. This analysis identified three categories of overestimation: full-capacity calculations applied where sub-capacity was defensible, VMware cluster core counts that exceeded the actual IBM workload allocation, and product claims that existing entitlements already covered.
Redress compiled the firm’s complete IBM licence history — Passport Advantage records, historical agreements, and any special terms negotiated over the firm’s long IBM relationship. This entitlement inventory was cross-referenced against IBM’s deployment findings, identifying CHF 5 million in claims that were covered by existing entitlements IBM’s auditors had not properly reconciled, plus unused entitlements on decommissioned servers that could be reallocated to cover active gaps.
Where IBM had identified ILMT reporting gaps (triggering full-capacity defaults), Redress worked with the firm’s IT team to remediate the gaps immediately and produce retroactive sub-capacity data for the affected periods. This included correcting ILMT configurations on the problem clusters, generating the missing quarterly reports, and documenting the actual sub-capacity PVU consumption that should have been reported. With this data, the sub-capacity eligibility argument was substantially strengthened.
| Claim Element | IBM’s Calculation | Redress Validated Position | Reduction |
|---|---|---|---|
| Sub-capacity overestimation | Full-capacity PVU on all virtualised servers due to ILMT gaps | ILMT gaps remediated; retroactive sub-capacity data validated for affected clusters | CHF 12M eliminated |
| VMware over-counting | All physical cores in production clusters counted for IBM licensing | Actual vCPU allocations to IBM workloads documented; non-IBM workloads excluded | CHF 6M eliminated |
| Entitlement reconciliation | Several product categories claimed without crediting existing Passport Advantage entitlements | Existing entitlements matched to active deployments; surplus entitlements reallocated | CHF 5M eliminated |
| Licence reallocation | Unused licences on retired infrastructure not credited | Reallocated to cover active compliance gaps at zero additional cost | CHF 500K eliminated |
| Remaining genuine exposure | Actual compliance gap after all corrections — new deployments requiring licensing | ~CHF 1.5M | |
IBM’s audit team presented the CHF 25 million as the firm’s compliance exposure, applying pressure to settle quickly and suggesting that the regulatory environment made rapid resolution advisable. IBM positioned the audit as a compliance issue that could attract wider attention if not settled promptly — a tactic designed to leverage the firm’s regulatory sensitivity into a faster, less-scrutinised settlement at a higher amount.
Redress countered IBM’s pressure with a comprehensive, technically documented position that demonstrated the firm’s genuine compliance posture: corrected sub-capacity calculations, documented VMware allocations, complete entitlement reconciliation, and evidence of proactive ILMT remediation. This approach reframed the narrative from “non-compliant firm needing urgent settlement” to “well-governed institution that had identified and remediated a limited number of licensing gaps through rigorous independent assessment.”
The negotiation produced a settlement of CHF 1.5 million — structured as a forward-looking licence investment covering new deployments needed for the firm’s growth, with zero penalties and zero retroactive fees. Critically, the settlement documentation demonstrated the firm’s proactive compliance posture — a factor that mattered as much for FINMA governance as for the commercial outcome.
IBM audit claim: Reduced from CHF 25 million to CHF 1.5 million — 94% reduction
Penalties: Zero — no penalties or retroactive fees imposed
Settlement structure: Forward-looking — covers licences for new deployments, not punitive back-charges
ILMT compliance: Fully remediated — sub-capacity eligibility established across all eligible environments
Entitlement reconciliation: Complete — all Passport Advantage records matched to current deployments
Regulatory posture: Audit resolution documented as proactive compliance — supporting FINMA governance expectations
Compliance governance: Automated monitoring and quarterly internal review framework established
Business continuity: Zero disruption to wealth management or investment banking operations
“Redress Compliance’s expertise was critical in navigating a complex and high-stakes audit. Their guidance saved us millions and left us with stronger compliance and governance practices. They were a true partner in protecting our business.”
— Chief Information Officer, Swiss Financial Services Firm
Redress Compliance provides independent software licensing advisory services — fixed-fee, no vendor affiliations. Our specialists have defended hundreds of IBM audits across every major product line — Db2, MQ, WebSphere, Cloud Pak, and mainframe. We consistently achieve 80–97% reductions in initial claims. Explore IBM Audit Defence Service →
Redress implemented automated monitoring tools providing real-time visibility into IBM licence consumption across the firm’s infrastructure. The system tracks PVU usage, deployment changes, and ILMT reporting status — alerting the IT team to any new compliance gaps immediately so they can be addressed before they accumulate into material exposure.
The governance framework includes quarterly ILMT report generation and verification (maintaining sub-capacity eligibility) plus quarterly internal compliance reviews that compare entitlements against current deployments. These reviews produce documentation that satisfies both IBM’s sub-capacity requirements and FINMA’s IT governance expectations — serving dual compliance purposes.
Redress delivered targeted training covering IBM licensing policies, sub-capacity rules, virtualisation implications, and the governance procedures for approving new IBM deployments. For a FINMA-regulated firm, embedding licensing governance into standard IT change management processes ensures that compliance is maintained as infrastructure evolves — preventing the deployment-entitlement drift that caused the original exposure.
| Metric | Before Redress Engagement | After Redress Engagement |
|---|---|---|
| IBM audit claim | CHF 25 million in alleged non-compliance | CHF 1.5 million — 94% reduction |
| Penalties | IBM seeking penalties and backdated support fees | Zero penalties; zero retroactive fees |
| Sub-capacity licensing | Full-capacity applied due to ILMT gaps | ILMT fully remediated; sub-capacity eligibility confirmed |
| Entitlement visibility | Incomplete reconciliation; gaps and surpluses untracked | Complete entitlement-to-deployment mapping established |
| Compliance governance | Manual tracking; no automated monitoring | Automated monitoring, quarterly ILMT reporting, internal audit programme |
| Total liability avoided | CHF 23.5 million (94% of original claim) | |
IBM’s audit teams understand that regulated firms are sensitive to compliance findings — and they use this awareness to pressure faster, larger settlements. The correct response is not urgency but rigour: an independent, evidence-based assessment that demonstrates proactive compliance governance actually strengthens your regulatory position, while a premature settlement at an inflated amount provides no governance benefit and wastes capital. In this case, taking the time to validate IBM’s claim produced a 94% reduction and a compliance posture that satisfied FINMA expectations.
The single largest component of IBM’s claim (CHF 12 million) stemmed from ILMT reporting gaps that triggered full-capacity calculations. Remediating ILMT gaps and producing retroactive sub-capacity data is the highest-ROI defence action in any IBM audit. Even if ILMT was not perfectly maintained, demonstrating remediation and providing validated data for the affected periods substantially strengthens the sub-capacity argument — and IBM’s auditors are often willing to accept corrected data when it is technically sound and well-documented.
For FINMA-regulated firms (and equivalents in other jurisdictions), the audit resolution must serve two audiences: IBM (commercial settlement) and the regulator (governance demonstration). A forward-looking settlement with documented compliance remediation achieves both — it satisfies IBM’s commercial interest, demonstrates to the regulator that the firm identified and resolved compliance gaps proactively, and establishes governance processes that prevent recurrence.
The most expensive mistake in an IBM audit is responding to IBM’s initial findings without independent validation. IBM’s audit methodology consistently produces inflated claims — typically 3–10× higher than actual exposure — through full-capacity defaults, cluster-wide counting, and incomplete entitlement reconciliation. An independent advisor identifies these overestimations, prepares the technical counter-evidence, and manages the negotiation from a position of documented fact. The advisory investment typically delivers 10–20× return based on claim reduction.
Four documented corrections to IBM’s audit: (1) Sub-capacity validation — remediating ILMT gaps and providing retroactive data eliminated CHF 12M in full-capacity overcharges. (2) VMware over-counting correction — documenting actual vCPU allocations to IBM workloads removed CHF 6M. (3) Entitlement reconciliation — matching existing Passport Advantage records against deployment findings eliminated CHF 5M. (4) Licence reallocation from decommissioned servers covered CHF 500K in remaining gaps. The CHF 1.5M settlement covered genuine new deployment licensing needs.
As a FINMA-regulated entity, the firm needed the audit resolution to serve two purposes: commercial settlement with IBM and governance demonstration for the regulator. Redress designed the defence to achieve both — the independent assessment demonstrated proactive compliance management, the ILMT remediation showed systematic gap closure, and the forward-looking settlement structure evidenced the firm’s commitment to ongoing compliance governance. The resolution documentation was structured to satisfy FINMA’s IT governance expectations, not just IBM’s commercial requirements.
IBM identified two categories of ILMT issues: missing quarterly reports for certain server clusters (IBM requires quarterly ILMT report generation to maintain sub-capacity eligibility) and configuration issues where ILMT agents were not properly installed on all virtualised hosts in specific clusters. These gaps allowed IBM to default to full-capacity calculations — counting every physical core in the affected clusters rather than just the virtual cores assigned to IBM workloads. Redress remediated both issues, produced the missing reports with retroactive data, and corrected the agent configurations, restoring sub-capacity eligibility.
No. The CHF 1.5 million settlement was structured with zero penalties and zero retroactive support fees. The amount covered the cost of additional licences for new deployments — a forward-looking investment rather than a punitive charge. This was achievable because the firm demonstrated proactive compliance remediation (ILMT restoration, entitlement reconciliation) and presented IBM with documented evidence of its actual compliance position. IBM was receptive to a constructive resolution when faced with a technically sound counter-position.
No. Redress managed the entire audit interface, shielding the firm’s wealth management and investment banking operations from disruption. All data collection, IBM communication, and negotiation were coordinated through Redress and the firm’s IT governance team — allowing front-office operations, client services, and transaction processing to continue without interruption. Maintaining operational continuity during an audit is a standard element of Redress’s engagement approach.
Three components: (1) Automated licence monitoring providing real-time IBM consumption tracking with alerting on new compliance gaps. (2) Quarterly ILMT report generation and verification — maintaining sub-capacity eligibility and producing documentation that satisfies both IBM requirements and FINMA governance expectations. (3) Embedded governance procedures requiring licensing impact assessment before any new IBM software deployment, with trained IT and procurement teams responsible for ongoing compliance. The framework serves dual regulatory and vendor compliance purposes.
A 94% reduction is at the higher end of outcomes but is consistent with Redress’s experience in IBM audit defence for financial services firms. IBM’s audit methodology consistently produces inflated claims — typically 3–10× higher than actual exposure — due to full-capacity defaults, cluster-wide core counting, and incomplete entitlement reconciliation. With independent technical validation and strategic negotiation, reductions of 80–95% are achievable for organisations that engage expert support early and provide the technical evidence needed to counter IBM’s methodology. Firms that settle without independent validation typically pay 5–10× more than necessary.