Thought for the day: Don't let IT carry the can

IT is not solely responsible for regulatory compliance, says Liz Maloney.

New Asset  
IT departments are not solely responsible for ensuring their companies' regulatory compliance, says Liz Maloney.



Both Abbey and HBOS have been fined large amounts recently for failing to adhere to regulations designed to prevent money laundering. This highlights the importance of regulatory compliance in an information economy.

Money laundering makes up almost 3% of the UK's gross domestic product, so prevention is a priority for the financial sector.

For IT, regulatory and financial compliance are increasingly emotive areas that can bring strategy to a standstill and decimate IT budgets. Most regulatory issues are driven by policy, with IT playing a supporting role, but most businesses still view compliance is an IT problem.

In the financial sector dedicated teams of risk managers and money laundering reporting officers are aware of the disproportionate pressure on IT departments to deliver against regulatory standards and deadlines. Other sectors do not have this level of focus but still need to comply, increasing the exposure of IT to regulatory pressures without internal support.

Most compliance projects are funded from IT budgets. As many of the hard costs of compliance are IT-based, it is easy to see how this situation has come about, but this reinforces the misconception that it is an IT problem alone.

There are few applications to tackle compliance or money laundering. There are databases that hold the information and powerful business intelligence tools to hunt for anomalies in account activity, but there is little to draw the investigative process together.

A criticism of the information submitted to meet money laundering regulations is its poor quality and the general lack of due diligence in the processes behind it. Compliance professionals need better tools to help them to do their jobs and access to skills from all areas of the business.

If money laundering reporting officers fail to do their jobs effectively they face a much stiffer penalty than a dressing down from the board - it can result in a prison sentence. They recognise that software is an essential component but not a silver bullet.

If businesses are to respond effectively to regulatory pressures, budgets and resources must be shared among IT, finance and operations. However, IT departments continue to carry the can for compliance in the short term and must work to ensure that responsibility is properly shared. Technology plays a vital role in managing compliance and regulatory processes, but it is doomed to fail if it must deal with them unsupported.

The scale of the money laundering problem suggests that Abbey and HBOS are unlikely to remain the only subjects of FSA action. If, however, these public dressings-down continue to drive change and stimulate informed debate, it will be a valuable lesson for technology and compliance professionals alike. An enlightened view of compliance across the organisation and better tools to manage the processes behind it would make the IT burden considerably lighter.

What do you think?

Is the responsibility for compliance shared between departments in your company?  Tell us in an e-mail >> reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.

Liz Maloney is managing director of Hummingbird UK

Read more on IT governance