Preparing for the Compliancy and Regulatory Avalanche
The tumultuous events of the past year in the world's financial system have rattled the very foundations of our liberal economic system. Unprecedented levels of company bailouts, company failures, corporate losses, budget deficits, government debt and criminal protagonism have led to a tidal wave of new compliance and regulatory requirements.
8 July 2009
The tumultuous events of the past year in the world's financial system have rattled the very foundations of our liberal economic system.
Unprecedented levels of company bailouts, company failures, corporate losses, budget deficits, government debt and criminal protagonism have led to a tidal wave of new compliance and regulatory requirements.
The sectors and departments most affected by the current economic climate - like financial services, professional services and reporting functions - can expect much more governmental involvement in their operations through new laws, directives and regulatory bodies. The precedent set by the Sarbanes-Oxley (SOX) Act - legislation that resulted from the the Enron and Worldcom tragedy - should suffice as an indicator of where things are heading. To prepare our businesses for the inevitable, we can look at some existing conventions and how companies are dealing with them.
Globally, there are a handful of regulations and standard accreditations that have spurned entire consulting industries in their halo. SOX, Basel 2, ISO, FDA 21 CFR Part 11 are just a few of them. And they all require trails of information, documentation and procedural implementations. Additionally, there are a raft of region- and industry- specific conventions that require organizations to tread a careful line between investing in pre-emptive business standards (system, process and people) and absorbing expensive litigation fees and fines as well as non-productivity.
The intricacies of the regulations are often difficult for businesses to follow. For instance, chapters 4 (and 5) of Japan's Personal Information Protection Act gives consumers unique rights around how information about them is collected and utilized, by whom and for what purposes. Australia's Telecommunication Act has set a global first by giving "opt-out" as part of direct marketing communication activities legal recognition. Brazil and Argentina's Central Banks have introduced specific directives to implement Basel 2 agreements (Resolution 3380 & Communiqué "A" 4904 respectively), affecting foreign direct investment and financial institute's behaviour. And last but not least, U.S. companies have struggled to comply with the EU Data Protection Directive 95 46 EC and had to find a compromise agreement (the EU safe harbor regulation).
Often, these regulations do not specify how a company is to conform to the rules, nor is there a clear control or enforcement mechanism in place. Instead, businesses have to interpret the rules and implement their own industry best practices. One of these best practices is transparency via documented rules, published policies and known processes.
Many of our clients at Intralinks are working with us to hedge against this regulatory black hole. They know they have to do something, but are not quite sure what or how. As a result they chose to use an Intralinks solution as an active repository for the controlled exchange of information that tracks user access and information usage.
In future posts I will illustrate more specifically how Intralinks is helping individual organisations and government agencies prepare for the expected regulatory avalanche.