|
Special Section:
Introduction
What's your next move?
CTO view
It's time to develop a strategy
Beyond business
Following a different pattern
Man on the street
Players own the board
Governance
Winning at the game of
kings
|
Compliance provides
an opportunity to turn a requirement into a resource.
|
|
Winning at the game of kings
Do you see governance as a constraint
that keeps you from succeeding or as a framework for a successful
strategy?
by Keith Ferrell
 cross
the country, around the world and throughout virtually every industry,
a wave of new regulations aimed at enforcing compliance with corporate
governance standards has management teams and IT departments scrambling.
More than mere ethics require that organizations properly store
and manage necessary data, file accurate reports on time and correctly
archive and monitor financial and operational data. Now, it's
a legal issue.
Prompted in part by an incessant wave of accounting,
executive compensation and other corporate scandals, the regulations
affect every company in every industry, not just those operations
whose governance standards were questionable, at best.
But certainly not all of the requirements are
scandal-related. There's more than just the accounting-related
Sarbanes-Oxley Act in the United States and the New Basel Capital
Accord (Basel II) for European financial institutions. For example,
the anti-terrorism USA Patriot Act contains some governance components;
increased concerns over identity theft have prompted regulations
regarding privacy of personal information; and the Health Insurance
Portability and Accountability Act protects employees from health-care
abuses while reducing mountains of bureaucracy. Yet all of these
recent developments require organizations to rethink their governance
processes and standards.
The effects of regulations extend to every aspect
of a business, not simply the highly publicized compensation arrangements
and accounting practices but also to human resources and the handling
of confidential information such as Social Security numbers. Sales
and marketing departments must apply the same scrutiny to confidential
customer information. Corporate IT and communications groups must
examine the mass amounts of data in a myriad of formats to see
what to keep and what to delete. The list goes on.
Preparing to meet compliance deadlines has
driven a sometimes chaotic wave of IT investment and reconfiguration
as companies and organizations seek the right balance of new tools
and existing systems to satisfy new requirements. It's no
wonder, then, that many companies and business experts frequently
depict compliance as a costly burden to bear.
To speak of the benefits that can be derived
from more rigorous governance and stricter regulatory compliance
is to suggest that everyone wear thick rose-colored glasses. However,
there are benefits to be derived beyond just staying out of court;
not surprisingly, those companies that take governance, not just
compliance, most seriously are those best positioned to reap the
rewards.
Such companies understand that governance itself
must be defined as fairness, accountability, transparency and
openness to view all of the factors that management brings to
bear on the performance of the enterprise. It's also critical
to consider how that affects the value shareholders, investors,
customers and partners place upon the business. From this definition
it's clear that effective governance rests upon IT's
shoulders and resources. Less clear is the degree to which effective
IT not only provides the engine for proper governance, but also
the tools to transform the detailed views and archival trails
required for both internal governance policy and external regulations
compliance into assets that will benefit the overall health of
the enterprise.
| 
Claude Thoumy, CEG's director
of IT strategic programs
French
banking network uses data, compliance to its advantage
THE CAISSE D'EPARGNE
GROUP (CEG) France's
second-largest banking network, deals daily with more
than 26 million customers through 4,740 branches across
31 banks. In fact, half of all French citizens with
bank accounts have CEG accounts.
While many financial
institutions would see those numbers as an aggregate
measure of success and market reach, CEG sees much
more. Such clarity of vision is due to the company's
commitment to the centralization of data-both as a
strategic means of better serving each customer personally
and as a means of aggregating the company's own disparate
cultures and attitudes. That second goal becomes especially
important as CEG expands its business throughout Europe.
"Common data
becomes common ground for the company," says Claude
Thoumy, CEG's director of IT strategic programs. "It
enables representatives of the various entities within
the larger group to experience a real sense of unity
as they review performance criteria, marketing strategies
and analytics."
Such common ground
in turn enables the regional and local CEG branches
to present a more unified and personalized array of
services to their customers.
CEG is determined
to view-and treat-each of its millions of customers
as individuals, extending to them the entire range
of resources of the banking group, not simply those
of the local branch or the regional bank. The local
offices become the "face" of the larger institution,
which in turn provides a much broader selection of
services and products to customers.
No small challenge,
but it's one that is generating success, if CEG's
growth is any indication. But personalized service
is only one way the aggressively innovative institution
approaches challenges from a forward-facing and expansive
perspective.
Consider compliance
and the evolving regulatory atmosphere in which CEG,
like all financial institutions, must operate. In
Europe, this means adhering to the strict reporting
and archival record-keeping requirements of the New
Basel Capital Accord (Basel II), which went into effect
in January 2004.
Thoumy explains,
"Each financial player must make a decision as to
whether the new reporting and record-keeping requirements
will be viewed as a constraint to be met by a strategy
for getting together the necessary information and
getting the reports out as cheaply as possible."
This approach,
while appearing to be the least costly at first glance,
might actually be the most expensive option in the
long term. Indeed, treating compliance as a purely
report-oriented obligation can result in a negative
return on the investment required to meet the regulations.
There is, Claude Thoumy says, another approach.
"The company
can see the request for new views of data by the regulators
as an opportunity to derive new views of itself and
its operations. This is the approach Caisse, which
has always been driven by visions of the future, has
taken," he explains. It is a bold decision that has
led CEG to invest in a Teradata Warehouse, using its
resources not simply for financial compliance reports
but also a foundation for new views of itself, its
operations and, crucially, the way in which the company
interacts with its customers.
Regulatory compliance
is a burden and an obligation, and it's not likely
to go away. But by consolidating information in an
enterprise-wide Teradata Warehouse and viewing the
new requirements as an opportunity instead of a constraint,
Caisse d'Epargne Group is poised on the edge of a
new era in its corporate history. |
|
Within that challenge lies tremendous opportunity
and benefit for businesses willing to look beyond the bottom line
of what's required to the larger question of what's
revealed; not just what has to be reported but what can we learn
from this necessary exercise? Turns out that much can be learned,
and it can be beneficial.
Consider, for example, e-mail. You would have
to look hard among the stories covering the recent round of corporate
scandals to find one that didn't include references to subpoenaed
e-mail records. As a result, many firms are looking—some
for the first time—at exactly how their organizations employ
e-mail and the related technology of instant messaging. These
tools have so quickly become central to enterprise communications
that their operational implications (storage space, archiving,
etc.) have largely been overlooked or simply managed on the fly.
A prime benefit of the new regulatory climate
is a clear understanding of exactly what e-mail records must be
kept, a sense of what should be kept and, thankfully, some confidence
about what can be deleted without putting the organization at
risk, legally or ethically.
More than that, the increasing importance of
and regulatory attention to e-mail and instant messaging provides
lessons that can be applied to the inevitable arrival of other
communications tools and technologies in the years ahead.
Beyond that, the adjustment to the various storage
media requirements that regulatory acts impose provides the opportunity
for an organization to review its overall storage/backup/recovery
contingency strategy.
Looking beyond the technology to the larger
question of overall content (that is, after all, what's
been under such close scrutiny as of late), we can see benefits
for those companies that take the opportunity to extend the self-examination
that is so central to compliance into a broader examination of
their place in the market.
NCR CEO Mark Hurd said not long ago in Teradata
Magazine that the data warehouse should not be a discovery
tool—if the implementation of an active data warehouse reveals
large but previously unsuspected truths about the organization,
then management was wearing blinders, not being blinded by poor
data organization.
In other words, there's no excuse for
the galling IT-centric excuses offered by executives of misgoverned
companies, often when they're under indictment. "I
didn't have access to the data." "That information
was in a different data structure." "The data required
was in a silo I didn't know about."
But there is a difference between discovering
facts that you should already have been aware of and revealing
facts whose existence was previously unsuspected.
Compliance-driven consolidation and centralization
of customer records, for example, offers the opportunity to review
that data in new ways—to illuminate and identify patterns
of behavior and market trends that were previously inaccessible.
Already a number of financial institutions are taking advantage
of cleaning up their governance acts to make customer records
more amenable to analysis.
In short, when the regulators ask you to gather
and configure information in a specific way for them, the opportunity
is also there to look at the same information in new ways for
the benefit of your business. While doing additional analysis
requires further expenditures of time and resources, the effort
offers perhaps the only way to achieve that most elusive of goals:
a return on compliance.
Put another way, compliance provides an opportunity
to turn a requirement into a resource, to empower new avenues
of business, revenue, operation and performance that might be
revealed by looking at compliance data in new ways.
Not every business possesses the vision to
pursue such goals; many are unwilling to invest beyond required
minimums.
Faced with Sarbanes-Oxley, for instance, organizations
will form committees and teams, call in the lawyers, give IT some
orders and seek the least costly and most compliant route to generate
reports that satisfy the regulations—nothing more.
At the simplest level, of course, regulations
must be satisfied and reported according to the guidelines from
the prevailing regulatory authority. Doing so requires organizations
to move toward a centralized and consistent IT infrastructure
across the organization, if only to provide the information that
compliance demands.
But at a higher level, the necessary reports
capture the business's health, culture and standards on
both close-up and wide-screen relief, to great business and compliance
benefit.
Technology—even best of breed data warehousing
technology—cannot create integrity or develop a corporate
culture based on ethics. Those attributes must be cultivated throughout
the enterprise by a management team that already possesses them
and insist upon their centrality.
Put such a management team in place and support
it with a fully deployed IT infrastructure, and you'll quickly
begin to see other benefits, perhaps even real returns on compliance—actual
profits thanks to required governance standards.
Of course, companies that are in a position
to make a transition with a minimum amount of disruption are those
likeliest already to have begun the shift to a single view of
business. Such a view enables faster, better enterprise decision-making,
while facilitating compliance with regulations.
The single view that an active data warehouse
provides is, in itself, a governance tool. A request for new,
different or realigned views within that view becomes not only
a regulatory requirement but also an opportunity to renew and
extend the enterprise's understanding of itself.
IT and the data warehouse are often presented
as decision-support resources; adherence to proper governance,
or the lack thereof, is nothing if not a decision. Yet a misperception
persists. All too often, IT is viewed as configurable to the governance
and compliance specifications that the enterprise faces. Instead,
it should be regarded as the one aspect of the enterprise that
not only can deliver what's required, but also contribute
value-added insights.
The cascade of recent governance crises and
scandals has made clearer than ever the necessity of moving IT
into full business partnership with finance, top management and
the executive board.
From that partnership will flow not just the
structures and processes good governance requires, but also a
more supple and responsive organization, a business with a better
sense of itself, a healthier company that is compliant not only
with regulations but also with its own desire to grow and thrive.
That is the real gift of good governance. T
Keith Ferrell, former
editor of OMNI, has written, spoken and consulted on governance
and Web-enabled corporations.
PHOTO BY FRANCESCA PAGLIA/PISTOLESI
| The
history of the gold coins move |
 Chess
enthusiasts still talk about the "Gold Coins Move." It was
so bold, so unexpected and so effective that it's considered
the greatest move in chess history.
In 1912, at the 18th German Chess Congress
in Breslau, U.S. champion Frank Marshall faced Russian master
Stepan Levitzky. In move 23, Marshall made the most unlikely
move on the board, leaving his queen vulnerable to Levitzky.
Marshall sacrificed the piece so he could penetrate to the
hostile king and win. Levitsky knew his best possible move
would only result in a hopelessly lost endgame, and he gave
up. Legend has it spectators showered the final position
with gold coins, hence the name.
Your next business move could be routine,
safe, expected and altogether ineffective. Or you could
surprise the competition and win the game. The choice is
yours.
|
|
Quick Links
