CXO

Investment in compliance aligns IT with strategic and commercial goals

Recent industry reports indicate that IT spending on compliance issues is growing and IT executives around the world are engaged increasingly in compliance activities such as data privacy, security, and retention. Mark Vernon examines compliance with financial regulations and the affect on the role of IT in the enterprise.

The IT department has always had to shoulder some of the responsibility for compliance with current laws regarding enterprise data. But according to a new report from the Economist Intelligence Unit (EIU), the future will see that burden on IT grow even more. According to the report, 45 percent of IT executives, from across the globe, said that the top three compliance activities they were engaged in were security and privacy, document retention, and financial regulation.

Luckily for financial services, one of the most heavily regulated industries, IT vendors are providing a competitive array of compliance solutions. A number of storage, data backup, and disaster recovery products are proving invaluable when coping with the demands of regulation, new and old. IT's role in compliance is growing because regulation increasingly requires that business activities be monitored, audited, and scrutinized; this translates to the storage and retention of vast amounts of data—and only technology can handle that load.

"The nature of IT's role in compliance varies widely among companies, but it's clear that growing regulatory requirements are giving IT specialists in companies a lot more work and bringing them into contact with different corporate departments," says Nigel Holloway, director of executive services for the Americas at the Economist Intelligence Unit in New York. "Companies may not realize it now, but in time this will help to involve IT professionals in broader corporate strategy."

However, just because technology can assist with compliance, does not mean that it comes cheap. And this is making for a further imperative: spending on compliance must be linked to the investment in wider business goals. For many, this is likely to be the only way they can justify the expenditure compliance necessitates. According to the EIU, over half of the executives they spoke to said that the annual expenditure in this area of IT is expanding by over 10 percent a year.

Moreover, integrating budgets is not enough. Compliance needs to be seen as a strategic concern too—furthering the commercial goals of the business.

Aligning compliance and business goals

A good case in point is BankAnnapolis. This local Maryland bank, founded in 1990, serves small businesses and individuals through six community-banking offices across the greater Annapolis area. The challenge it faces is that, although it's a small operator, it still has to comply with the regulations at which large banks throw millions of dollars.

Take the Gramm-Leach-Bliley Act of 1999, which lists provisions to protect consumers' personal financial information held by financial institutions. Mike Haske, vice president of technology at BankAnnapolis explains how the bank addresses this regulation: "To ensure ongoing customer service and regulatory compliance, we replicate our loan and mortgage applications from our central server to two separate remote servers every night." The problem is that for a small operation, this can be an expensive and risky undertaking. BankAnnapolis has more than 160 gigabytes of data moving across its network at any one time, so replication, if done manually, would be very time-consuming—time that could be spent on improving other service areas. Further, should something go wrong during the replication process, the bank could be left with applications going down the next morning, compromising customer service.

However, BankAnnapolis deployed Veritas' Storage Replicator product to cut out this risk, and keep compliant. It copies only changed data from remote servers—located at each branch—to a central server at the bank's headquarters for backup and archiving. In so doing, it ensures that data is available in its most current state across the network without slowing down normal server operations.

According to Haske, this decrease in the amount of data traveling across the network means server performance doesn't suffer while critical data is being protected. This capability is critical for the bank because in reality, it performs eight scheduled replication jobs each day, combined with several real-time replications, making resource consumption a key consideration.

This win-win situation for BankAnnapolis means that they are able to meet regulatory requirements for maintaining data availability while continuing to improve their standards of customer service. In other words, the business goals of the bank are perfectly in line with its investment in technology. This kind of harmony makes the case that compliance is an important strategic goal in itself, and that IT is most valuable when fully engaged in the organization's business strategies.

Stay up to date with the latest IT news and information affecting the world of finance with TechRepublic's free Financial Services IT newsletter, delivered each Wednesday. Automatically sign up today!

Editor's Picks