Gartner: Wall Street Meltdown Will Lead To More Regulatory Compliance
"The shadow of yesterday [Monday] will be longer than Enron, Sarbanes-Oxley, HIPAA, or any other regulation of modern times," Bace told a crowd of about 300 CIOs.
There is a major disconnect between what companies report and what they could possibly report, he said.
"If the technology exists to tell you the price of frozen pork bellies in Chicago at any given time, why don't major banks know if they are basically insolvent? It takes 13 months to find out that information? I see new [compliance] regulations coming forward utilizing that type of information," said Bace. "Most new rules are coming around governance and transparency."
To complicate matters, midsize businesses face a number of challenges, including mandates, economies of scale and corporate culture, while building out their compliance strategies, Bace said.
"Most compliance solutions are priced way out of scale. You need to spend a tremendous amount of money or it's something that's been, pardon expression, 'dumbed down,'" Bace said. "But where the real pain comes in with compliance is in the area of culture. Within your organizations, your CIO or IT professional has to deal directly with lawyers, accountants, scientists or engineers who don't have the overall perspective of the whole organization. What we see happening time and again is compliance handled as a separate stand-alone project rather than an overall program that can benefit the whole organization."
Gartner's recommendation is to organize compliance efforts into a cohesive corporate-wide strategy that treats it as a program, not as a project, Bace said.
"Start with the people. Make sure you have the right people on the team. Have responsibilities and assignments," Bace said. "Automate to take out cost and improve profitiability. It's not just mandate, it's about improving overall corporate performance. When you have a compliance challenge, whether it's regulatory, commercial or organizational, do a business plan. What is the potential ROI? That's the way to get to do compliance on a budget."
One mistake that corporations make while developing compliance processes is to not destroy information that has value that erodes over time, Bace said. For example, one organization being sued for discrimination could overproduce e-mail during e-discovery. If the plaintiff's attorney does some data mining, a single case could become a class-action suit if a pattern of wrongdoing emerges.
"It's a way to manage risk. In a pure and simplest form, how good does your CEO look in an orange [jail] jumpsuit? If he doesn't look good, focus on compliance a little more," Bace said. Many companies also overspend fighting to keep up with compliance when a more cohesive strategy would cost them less money and make their more compliant, Bace said.
"Start with the greatest potential of risk. How do you eat an elephant? One bite at a time. Look at where you have historically had issues around litigation. If its HR, or intellectual property, start there and move forward," Bace said."
Try to look at the various compliance mandates from regulatory, commercial and organization to reduce duplication. When you start addressing multiple levels of compliance, you start to see some balance.
"Start thinking about compliance in a proactive way and as a long-term investment and not just as a cost," Bace said. "As you go through stages of assessment, you'll see payback in corporate performance improvement."