This post is the first of two on compliance professionals understanding the technology that both drives their businesses and produces the data they need to manage risk.
New laws and regulations, increased oversight from global regulatory authorities and costly enforcement actions have made compliance professionals take a closer look at all of the tools they use to prevent, detect and report wrongdoing.
Since compliance reaches beyond the corporation and extends to its third-party relationships as well, the need to share and analyze accurate data is integral. Managing documents and reconciling information is a huge part of the job.
Technology, experts say, must be part of the corporate solution in meeting compliance benchmarks. The needs of a company to stay in step with ever-changing regulatory obligations while growing in size cannot be done properly without appropriate policies and technology that helps to manage those policies.
The first step is for compliance personnel to have a basic understanding of the technology that other units within the organization use, they said.
“Technology affects nearly everything that is done in regulated organizations, including the capability to report on what has been done,” said Kathleen Lucey, president of Montague Risk Management in New York.
“It only seems logical that those responsible for writing compliance standards, as well as ensuring their enforcement, be as knowledgeable as possible about the technology that necessarily underlies all of the organization’s processes, from Human Resources to shop floor control to traditional and non-traditional data centers, among many others,” she said.
Paul Henninger, Global Product Director at BAE Systems Applied Intelligence, agreed.
“It’s much more important that a compliance officer understand the technology their own company uses to deliver their products and services. How that technology is used and whether it’s used in the right ways is at the core of most compliance regulations,” he said.
Additionally, the the technology and data it yields must be used consistently across the entire business, Henninger said. “A key priority for regulators is to ensure the process or customer is evaluated the same way by the entire business.”
Lucey warns compliance professionals to appreciate the difference between the company’s data archive and its data back-up processes.
“The purpose of data backup is to re-create the system and its data in the state as close as possible to the point of system failure,” she said.
This means that recovery of both the system and its data requires only the most current backup information about the system and its data, as well as the devices that can read backup media.
“Archive, on the other hand, requires the permanent retention of all instances of a specified set of data for historical analysis or purely regulatory purposes. Archiving requires that all the data be available for analysis for the duration of the archive period. And this can be for a lengthy period, like 30 to 50 years, or even more,” Lucey said.
In Part Two of this series, we will explore several best practices that compliance professionals can implement to help them collect and preserve important data.
Julie DiMauro is the executive editor of FCPA Blog and can be reached here.