Making sense of compliance and governance

• Article 22 of 33
• SC Magazine, June 2010
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages

With compliance professionals, security staff should look at the kinds of information request they might get from regulators. “If the ICO wants to know how you handle information about employees who have left the firm, how would you respond? Who would respond, how long would it take you – and could you do it cost-effectively?”

Carpenter says that while banks can be “pretty good” at this, companies in other industries, such as insurance, don't necessarily have processes in place, despite also being regulated.

That's where technology can help. GRC (government, regulation and compliance) software from the likes of SAP, Oracle, Archer Technologies and RSAM can help to put in place information stores of common questions, as well as workflows and processes needed for compliance. Some may include event monitoring systems as well as other systems for preventing breaches of compliance regulation. However, with the average GRC deal costing $250,000, according to Forrester analyst Christopher McClean, this might well be out of the budget of any but the most regulated companies.

“Software can be a traffic cop or a safety net,” says Carpenter. “Even with the best employees in the world, you still have to show you have the systems in place. Whether you have 30,000, 50,000 or 100,000 staff, you're still likely to have rogue employees, so you need vigilant networks.” At the very least, encryption is going to be increasingly important for many data types.

However, training and changes in attitude by employees are far more important. Carpenter cites the approach of HSBC, which allows its employees to use social media at work. “It's not how you communicate – that's irrelevant. It's what you're communicating. If we can't help you understand what you should and shouldn't be doing, the method is irrelevant.”

The UK coalition's view of compliance
Few would have predicted a Liberal Democrat alliance with the Conservatives as the outcome of the UK general election. But with both parties working together in a coalition and their plans for legislation published, it is clear some changes to compliance and governance are on the way.

On banking, the coalition's policy document (http://programmeforgovernment.hmg.gov.uk/) says that the Government “will reform the banking system to avoid a repeat of the financial crisis, to promote a competitive economy, to sustain the recovery and to protect and sustain jobs… We will take steps to reduce systemic risk in the banking system and will establish an independent commission to investigate the complex issue of separating retail and investment banking in a sustainable way; while recognising that this will take time to get right, the commission will be given an initial time-frame of one year to report.”

On consumer protection, the Government says “we need to promote more responsible corporate and consumer behaviour through greater transparency” and that it “will introduce stronger consumer protections, including measures to end unfair bank and financial transaction charges”.

As for businesses in general, the policy document states: “We will end the culture of ‘tick-box' regulation, and instead target inspections on high-risk organisations through co-regulation and improving professional standards” and “we will impose ‘sunset clauses' on regulations and regulators to ensure that the need for each regulation is regularly reviewed.”

So if anything, regulation and compliance are likely to decrease for some companies in the short term. Banks might be on the receiving end of some compliance legislation, but not for a year at least.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages