Seven critical elements to maintaining a balance between regulation and innovation

Regulation is sapping IT resources, but is there hope for innovation? asks Dave Upton

Regulation is sapping IT resources, but is there hope for innovation? asks Dave Upton (pictured).

Increased regulation of the financial services sector has placed even greater burdens on CIOs and their IT departments.

However, these financial services organisations know the only way to offer customers tangible value and differentiation is by providing innovative systems and services, many of them IT-driven.

Staying on top of regulatory requirements has, according to Xantus research, swallowed up more than a third of the total IT change budget for many financial services CIOs. Most of those surveyed (96%) have seen a noticeable increase in regulatory compliance spending over the last three years.

While innovation and regulation are not mutually exclusive, innovation seems to be driven by other departments and consumers themselves rather than IT. In fact, most CIOs (70%) admitted they had conceived or initiated less than a third of IT projects over the past five years.

Compliance versus innovation: Should CIOs have to choose? Sign-up to Computer Weekly to download the full report.

So how can CIOs drive innovation while meeting compliance objectives?

In essence, by taking an holistic approach to regulatory compliance to maximise exploitation of the measures. This requires understanding the difference between hard, fast rules and more flexible guidance. The more visible the strategic situation to CIOs and their business counterparts, the better positioned they are to shape projects to fulfil multiple purposes.

There are seven critical elements needed for regulation/innovation balance:

  1. Understand regulatory impact on the IT Department. Don't try and take on Compliance's role; work with them, approaching them pro-actively to establish what's imminent, whether mandatory or just good for business. Seek innovation opportunities on the back of compliance implementation. A better informed Compliance team can also help support an IT business case.
  2. Have a clear organisation-wide IT roadmap. Even without compliance, strategists and architects need clear targets with strategic goals. Thus, if compliance requires a date-specific system amendment, IT can help determine optimum timescales or even scrap a legacy system and migrate earlier to a new one. For many organisations, strategists and architects have been lost through headcount cuts or outsourcing. They should consider re-hiring fast.
  3. Converge architectures and data. Many organisations hold significant personal data, often across multiple systems. Wherever it sits, this data must still comply, but is easier to handle if centralised. While one of the biggest IT bugbears is separating data from the systems using it, it's worth persevering, as the value is significant and often innovative.
  4. Maintain tight portfolio management. Understand the whole IT change agenda to avoid gaps and overlaps and remain benefit-focused. If 30% of budget is going on mandatory change and compliance, the remainder must deliver total value.
  5. Make effective business cases. Don't start spending material sums on a project until you're sure of the benefits and returns it will deliver.
  6. Maintain rigorous benefits management. Once the case is made and the route decided, don't lose sight of it. Often projects become tied up in delivering milestones rather than the original business benefits.
  7. Make appropriate use of third parties, using them where they can add maximum value, such as providing insight or specialist skills. Leverage outsourcers' skills.

It may sound trite, but there's clear evidence that taking an opportunistic approach to IT change encourages, rather than stifles, innovation in an increasingly regulated climate.

Dave Upton is an Associate Director at Xantus Consulting. Download the Xantus report, Compliance versus innovation: Should CIOs have to choose? from Computer Weekly (requires registration).

Read more on IT risk management