Meeting the compliance challenge not only keeps your business legal, but offers added bonuses as well.
It is safe to say that, in many instances, regulatory compliance is seen as somewhat of a burden by business executives and as a pain by the IT department. But while this is understandable, it may be that some people are missing a trick by adopting this negative attitude.
This is because, apart from the very obvious risk mitigation that such projects offer, they can also generate a whole raft of spin-off business benefits, many of which derive simply from adopting good corporate and IT governance procedures.
A classic example of this benefits-by-the-backdoor situation was the Millenium bug. Organisations around the world spent a fortune rewriting or ripping out their ageing, mainly bespoke mainframe applications and replacing them with packages, often running on mid-range systems such as Unix, so that they could cope with the date change as the clocks ticked over into 2000.
"We are turning the compliance requirements into something positive. We adhere to the law, but we also get to rethink the way we are delivering service"
Maria Pardee, CIO, BT Retail
While the immediate effect of meeting the compliance challenge was that the world’s IT systems did not go into meltdown as feared by doom-mongers, an added advantage for many companies was that they ended up with more efficient, flexible systems that, in fact, made them more productive.
And similar gains can likewise be achieved in today’s risk management-aware atmosphere if organisations look upon it as an opportunity to put their corporate house in order and see it as a chance to unlock operational value, which can even serve to partially offset compliance costs.
BT, for example, has been trying to deal with the huge hurdles put in place over the last few years by regulator Ofcom, leading to a situation that Maria Pardee, CIO of BT Retail, describes as “like Sarbanes-Oxley on steroids”.
But she insists: “We are turning the compliance requirements into something positive. We adhere to the law, but we also get to rethink the way we are delivering service. We’re taking a methodical and measured approach to compliance.”
In many cases, compliance means creating a single view of the customer from all points in the organisation, which can lead to a better understanding of their requirements. This, in turn, can result in increased loyalty and retention rates and has the potential to boost cross- and up-selling sales opportunities, if handled correctly.
As a result, the telco has embarked on various transformational projects, one of which includes implementing an extensive CRM system. “We’re adding value through the infrastructure and want the experience for customers to be pleasant and easy, whichever service they’re using,” says Pardee.
Raising the profile
Another common supplementary advantage of compliance consists of improved data-sharing between different departments. This can boost internal efficiency by helping to break down internal information silos and by linking the people and the teams with the information they require to do their jobs more effectively.
The Derbyshire Building Society, for example, found that compliance with the Basle II risk management regulations required a cultural shift because it was necessary to share information, not only between the different departments dealing with finance and risk, but across the organisation as a whole.
Although it used its existing SAS Institute data warehouse to handle most of its requirements by enabling all of the necessary stakeholders to access it, at the same time the company discovered that some of the data employed for risk assessment purposes could also be used as the basis of its customer relationship management strategy.
But another less tangible by-product of all this activity has been the raised profile of the IT department. As senior business executives have realised what compliance means for the organisation, many have turned to the CIO as the obvious person to help.
As a result, many IT heads are now considered to be the corporate compliance expert and have become increasingly involved in strategic planning to ensure that all is as it should be.
Part of this strategic role has involved auditing business processes and underlying IT infrastructure and systems to see which ones work and which need modification. Such activity has, in turn, led to much higher levels of understanding of IT assets and resources, which it is possible to use as the basis for increasing efficiency, productivity and security.
And one company that has benefited from just this approach is HBOS. The bank has spent the last two years consolidating much of its IT infrastructure, data centres, mainframes and midrange systems, but will spend the next two driving additional value from its streamlined assets.
Heather Jackson, group services director, explains: “Regulatory requirements and security still play a big role, but going forward, the simpler software landscape that comes from merger and rationalisation means that regulatory demands will have less impact on taking masses of capability out from our development agenda.”
This is not least because the organisation views regulation as a means to “deliver a better business solution that adds value to business operations”.
So, while tackling seemingly endless amounts of legislation may not be easy or cheap – and in most cases is not optional either – adopting a proactive strategy to cope can make sense if in the end it improves how the organisation operates.
CASE STUDY - M&S Money
“We’d tried to put a business case together to improve data quality prior to Basel II, but we didn’t quite have enough to convince our executives to invest in it. So with Basel II, it was a bit of a bonus as it gave us the final driver we needed,” says Neil Hershaw, information management officer at M&S Money.
M&S Money is a wholly-owned subsidiary of HSBC bank after being sold by retail chain Marks & Spencer in November 2004 – although the two organisations still have a 50:50 profit-sharing partnership in place. The company, which provides a range of credit, investment, insurance and savings products, is based in Chester and employs about 1,500 staff.
"The simpler software landscape that comes from merger and rationalisation means that regulatory demands will have less impact on taking masses of capability out from our development agenda"
Heather Jackson, group services director, HBOS
It began its compliance project at the start of 2005, with the initial phase comprising the building and designing of a data quality methodology. This involved getting the business on board to help come up with definitions and assign values to those definitions before templates could be devised.
After cleansing its data to align with the new methodology, the business opted for a data quality management system from Informatica to run alongside the Oracle data warehouse it had introduced in 2002. This was to ensure that new information feeds conformed to the standards that had been set. The whole process took Hershaw and a colleague about six months.
“Basel II asks you to divulge how data standards are met in your organisation in terms of accuracy and completeness and you have to prove that you’re doing it to the Financial Services Authority,” he says. “The FSA seems to be spending a lot of time on data quality at the moment as it’s something quite new and I think that more and more legislation is likely to have a data quality element to it.”
But the project has brought other advantages above and beyond those achieved by hitting compliance goals. “Our credit data has always been very good, but our data quality methodology is now being applied to different areas of the business. This has had a marked effect in areas like marketing campaigns where margins in some cases are tight and so any improvement in response rates can have a marked effect,” Hershaw says.
This means, for example, that rather than trying to make decisions about which channels are most effective to use for certain types of campaigns, the organisation has a much clearer idea of where to invest its money going forward.
Moreover, the implementation of the initial project has brought about a general change in attitude to the data quality issue. While prior to the initiative, M&S Money had no related projects on its books, it now has half a dozen in process.
"Ensuring data quality is not just a one-off exercise. You have to treat it as an ongoing issue"
Neil Hershaw, information management officer, M&S Money
These include rationalising customer telephone numbers, and working out the cost in terms of money, brand and customer satisfaction of having data duplication across different systems before sorting the issue out.
But Hershaw concludes: “Ensuring data quality is not just a one-off exercise. You have to treat it as an ongoing issue. So you can’t get it right at the end of the year and assume that it’ll be right for ever more because things tend to get incorrect after a while.”