Cracking Down on Compliance


15 November 2006


CEOs are finally realising that they can no longer afford to simply pay lip service to compliance. Steve O'Donoghue discusses the importance of acknowledging compliance and, more importantly, ensuring that it is applied throughout the business.


With government agencies taking a tougher line on compliance, CEOs are being forced to get their houses in order or face massive fines. Personal fines recently handed out by government authorities to senior management, have ensured that compliance has finally taken its rightful place on the boardroom agenda.

Despite this development, compliance is yet to be applied to organisations on an operational level. Senior management can no longer get away with simply saying they are compliant – compliance needs to be demonstrated through the processes and procedures the organisation has in place.

Too often organisations' control measures are not aligned with their business processes or compliance criteria, which often leads to organisations falling short of the required standards.

WHOSE RESPONSIBILITY?

In the past, organisations simply relied on employees' individual diligence and good management techniques to meet all the required standards. Relying on individual employees has always been a huge risk for organisations – as the level of performance tends to vary from person to person.

Because of increases in the volumes of data handled and changes in end-to-end processing, organisations can no longer afford to operate without robust, transparent and measurable processing strategies.

One of the major obstacles facing senior management is the complexity surrounding many of the new regulations. Organisations are struggling to keep up to date with new and tougher regulations such as MiFID, the companies bill and Sarbanes-Oxley.

Many IT executives do not understand current regulations well enough to effectively implement an appropriate set of standards. This puts many organisations in danger of not meeting requirements.

Despite organisations spending significantly more money on compliance than in the past, they are not necessarily getting the most effective technology for their money. In other cases, organisations are limited by inflexible and unwieldy technology platforms that make implementing change a difficult and expensive prospect.

PLEADING IGNORANCE

With tolerance of non-compliance a thing of the past, companies can no longer use ignorance or inflexible technology as an excuse. Organisations must start implementing the appropriate systems and demonstrate that all stakeholders are engaged in ensuring that practice procedures are applied throughout the business.

"Compliance performance is now another factor to add to the wish list when acquiring new systems."

Analysts have earmarked a number of technologies that will be key in organisations' compliance strategies. These include disaster recovery technology, email management, identity / access management and policy management.

Another key technology in compliance legislation is business process management (BPM). BPM is the glue that holds processes together within an organisation and ensures transparency of operations. It also ensures that specific tasks are assigned to the appropriate people in a fully auditable and transparent way.

In this respect, BPM may act as a preventative measure in ensuring that companies don't break compliance legislation – if directors and employees realise their actions are more transparent, they will be less likely to tamper with company processes and information.

A LEGISLATIVE MINEFIELD

Building the right technology and processes around compliance will really help companies get to grips with this legislative minefield. Compliance performance is now another factor to add to the wish list when acquiring new systems or improving existing ones. Companies will have to invest in the right systems to achieve and maintain compliance.

Adherence to compliance should not be viewed negatively by organisations, as a cost drag on the business. Underperforming companies will have to improve their internal processes to avoid the threat of legal action. However, in doing this they should see the opportunities to change their internal operations to improve work practices and drive cost efficiency.

The recording tools available with best-of-breed BPM systems offer invaluable support to audit and compliance officers – this streamlines the audit process and potentially improves the overall output of your auditing activity.

Government crackdowns, the ever-increasing amount of electronic content and new legislation are all putting increased pressure on senior management to make the effort to guarantee true compliance.

However, as well as minimising the obvious risks of non-compliance, a good compliance regime supported by good technology will result in improved processing transparency, ultimately leading to process improvement and cost reduction.