In our recent blog, You have 20 seconds to comply…, we explored the importance of regulatory and legislative compliance as it pertains to IT, and how organizations can stay ahead of the game in the face of mounting industry pressure. In this blog we look closer at how often organizations, of all sizes, in an array of industries, are faced with significant compliance efforts – and we’ll dive into some real examples of where things have gone wrong.
In any IT organization there’s always more than one focus, more than one “must have” priority task – so how important are compliance projects? In many recent cases, by the looks of it, the answer is, alas, not important enough. Recently, compliance (or rather, non-compliance) horror stories, where organizations have fallen foul of a vital regulatory measure, usually with dire reputational consequences, seem to have littered the press. Barclays Chief Executive, Antony Jenkins, said that rebuilding the brand after recent high-profile issues would take between 5 and 10 years, while JP Morgan has employed over 3,000 new employees to prepare for settlements with regulators over recent compliance incidents.
A big problem?
A recent global survey regarding regulation aimed at CFOs depicts just how big of a concern compliance is. Regulation and compliance top the list of challenges bearing most concern, and with further new regulation to be enforced surely the percentage will only increase.
What’s the Risk?
Consider some recent results when compliance isn’t at the top of the ‘to-do’ list. Careless activities have spawned compliance-related fines at an unprecedented scale. JP Morgan set aside $20B in 2013 for compliance related litigation costs. Meanwhile RBS has had to set aside over £3billion to cover claims relating to the latest financial crisis – the mis-selling of mortgage products, PPI claims and interest rate hedging. It seems not a day goes by without a fresh compliance news story hits the tabloids and broadsheets – and same goes for Social Media Channels such as Twitter – which is often a faster, and less forgiving, medium for complaint. A #compliance search on Twitter search gives many hundreds of unique, negative stories.
What’s the Outlook?
What about the coming months. Surely we are through the worst of the effort in terms of meeting industry and legislative rules and regulations? It appears not. Compliance workload looks like it is here to stay – and with proposed amendments to the Data Protection Regulation it’s time to review how compliant your organization is before you’re affected. According to Computer Weekly the proposed amendment will require additional security measures to be implemented by all European businesses that process personal data – companies that do not comply with the proposed regulation of up to 5% of annual worldwide turnover, or €100m. A recent data breach has led to US banks re-issuing over 17 million payment cards – presumably this will call for US compliance regulation to be further tightened in order to avoid such issues occurring again.
Home Rule
Even tackling the major external regulatory requirements is not the end of the story – there are a number of internal considerations IT must also address. Business operations are complex; many organizations outsource functions, frequently introduce new technologies and use 3rd party vendors. Certifying and complying with technical standards, establishing and managing service level agreements, and even as far as internal coding standards, this presents a cornucopia of IT projects and deadlines jostling for position in the list of overall priorities.
The Time is Now
With regulatory compliance efforts on the increase and fixed deadlines to tackle, there still remain many non-compliant organizations failing to meet various standards. Recently, the European Commission proposed an extension to the deadline for European countries to be compliant with the Single European Payments Area (Sepa) of six months in a final warning to laggards.
If the compliance discipline remains largely undisciplined, and yet the industry continues to groan under the strain of greater and greater regulation, then smarter ways must be found in IT to cope with the burden and establish a process to ensure 100% compliance.
Micro Focus’ refreshingly straightforward approach to IT regulation sees the challenge as a three-pronged issue – find the root of the non-compliance, fix the issue, and then validate the change. This Find It, Fix It, Test It approach leverages the best in technology to help automate and streamline these critical IT change projects, which all too often have unmovable, aggressive timescales. It is this approach which can also be used in a whole variety of IT modernization projects across the enterprise.
Learn more about our approach by visiting here. The right time to smarten up your IT compliance process is now.