Regulatory Compliance
The Bunker – Regulatory Compliance Viewpoint
The Bunker provides the highest security operational management, helping companies to ensuring the highest levels of confidence in their ability to meet compliance demands
Public, Private, and in particular Financial companies are under massive pressure to comply with a never ending growth in regulations across the world. These pressures are not only exerted by International Standards committees. Shareholders, stakeholders and institutional investors also require greater confidence in the management of the companies they invest in.
Throughout Europe, the Bank for International Settlements’ Basel II Capital accord nears activation in legislation. It has been stated that the average investment required for a major bank to reach compliance is around € 15 to 60 Million. The Risk Management requirements & capturing several years of risk information with near real time recall can reach € 2 Billion.
In the USA, Sarbanes Oxley (SOX) and the Patriot Act have been added to the existing SEC and National Association of Securities Dealers laws, reinforcing that firms need to better manage their email and archiving. Sarbanes Oxley alone can cost up to $ 10 Million per individual company.
The European Union has issued a new financial services directive to drive consistency in market supervision across the community. The directive, composed of forty two exhaustive elements, ranging from Basel through Know Your Customer to Treat Your Customer Fairly requirements related to the disclosure of risk taking.
Focus has shifted from classic market and capital risk to intense scrutiny of the operational side of businesses.
Meta Group believes that most companies are “woefully ill informed about the pervasive effects of acts like Sarbanes Oxley”.
Companies have until 15th November 2004 when SOX comes into effect.
The Bunker is dedicated help customers to get to grips with the technology ramifications of regulatory compliance
The infrastructure that enables business practice and compliance needs transforming. So called “Loss Events” can be related to People, Processes and Systems.
How can senior executives, who need to prove that they’re in control of the detailed workings of their businesses, testify to the accuracy of information unless they have confidence in the systems that produce this information?
Detailed and audited evidence must be testified to at the personal level of company officers! How can this be done without exceptional levels of integration across data and communications within a secure environment?
Technology itself can lead to greater risk. No-one believes that systems, operating platforms, applications and communications are becoming any easier. As choices increase, so does their inherent complexity and risk. Things can and do go wrong.
What’s needed is assistance in reducing the cost of owning and managing technology while ensuring compliance. The only way to achieve this is by co-operating with product agnostic companies who can protect your vital resources from any security threat and help you exploit their use to prove data gathering, and evidence collection as well as accuracy.
Huge volumes of data will need to be collected, aggregated and stored for use in risk calculations.
Data will need to be extracted from a plethora of individual reporting and archiving systems; purchasing, sales, finance, legal which are normally based on numerous computing platforms, languages and systems of representation.
These Data will need to be manipulated into meaningful and comprehensible information for senior executives. These executives in turn will need to present the knowledge gained from this information as an accurate statement of their companies’ activities.
The deepest foundation to any compliance strategy is security. Most companies rely heavily on protection at the network boundary or perimeter using firewalls. Firewalls can be breached using VPN’s and pseudo insider tunnelling, allowing deeply damaging attacks and shifting of control from the company to a “hacker” who can then penetrate any and all internal systems. This can lead at the very least to distributed denial of service attacks and ultimately to the shifting of capital, tampering with crucial reports and destruction of information. A heavy price to be paid for executives who can be held personally liable for fines and ultimately imprisonment.
Continuity of high levels of systems performance & proven database reliability are essential
