Regulatory compliance has become the critical boardroom issue of the decade. Organisations that fail to comply with the major pieces of legalisation or industry regulations face stiff fines and – depending on the sector – sanctions such as their exclusion from capital markets, the prosecution of their senior executives or even the withdrawal of their right to engage in business.
The task for the IT organisation is to support that compliance challenge. But as the articles in this Information Age Handbook show, that is no minor undertaking. The ‘New Rules’ that organisations have to comply with have grown in scope and sophistication: laws governing data protection and privacy, financial reporting and transparency laws, and sector-specific regulations governing risk and access to information.
What emerges is a confusing picture. Organisations are sometimes unsure of which obligations they need to fulfil. And that is compounded by the fact that different laws overlap or even contradict each other.
A vast array of technologies is brought to bear on that new regulatory environment. As organisations introduce new business processes or amend existing ones to address compliance issues, they have had to upgrade or replace their core business packages or recode their bespoke applications. Responding to pressure for more reliable financial reporting and greater visibility into their activities, they have had to enhance their business intelligence software. To comply with the need for more robust business, they have had to tighten their business continuity measures. The list goes on, and it includes technologies for email archiving, records management, data storage and security.
The result has been investment on a scale not seen since Y2K. As analysts warn, this is not a one off event. The laissez-faire years of the 1990s are gone forever and have given way to an era of regulatory intervention. And that means that compliance has had to become a new core competency of IT.