CIO upfront: The compliance conundrum of digital transformation
- 11 August, 2017 06:30
Digital transformation is such a hot topic because the way we do business, the way we communicate, the way we get things done as consumers on a day-to-day basis is becoming increasingly mobile, connected and digitised.
There is a lot of excitement about the possibilities of mobile apps, VR, and chatbots at the forefront of digital customer interaction. A related, business-critical process that unfortunately isn’t on the tip of every CIO’s tongue – though it should be – is compliance.
As the public and private sector increase focus and reliance on digital solutions, processes, applications and cloud, organisations are presented with changes in how they must deal with compliance, with existing regulations and legislation, and those to come.
Falling short of regulatory and compliance standards can be an expensive oversight. Regulators may take enforcement action, including fines calculated as a percentage of annual turnover, revocation of operating licenses and an organisation may also suffer reputational damage from being exposed as non-compliant.
A business-critical process that unfortunately isn’t on the tip of every CIO’s tongue – though it should be – is compliance.
Regulators get tech savvy
Significant legislative reforms over the past decade or so, particularly in relation to the integrity of records and reporting obligations, have increased organisations’ dependence on technology solutions for compliance purposes.
Considering the increasing role technology is expected to take in contributing to business management and growth, it follows that there is a significant role for the CIO to play in not only ensuring compliance, but continuing to make compliance easier and more efficient.
According to technology law firm Fieldfisher LLP, regulators have become wise to the fact that technology is an intrinsic part of effective risk management and reporting by organisations.
CIOs in Australia and New Zealand need to know that they are already operating in mature markets in terms of access and disclosure requirements, and that regulators have an increasingly sophisticated understanding of the power of technology in advancing the compliance agenda.
Commenting on its July 2017 report called Compliance Obligations in APAC, Simon Briskman, partner at technology law firm, Fieldfisher LLP said: “Both New Zealand and Australia have legislation allowing electronic communications to be admitted in evidence in court, and of course there have been significant changes to the respective privacy laws in both countries. Overall, the landscape is one of increasingly sophisticated regulation that requires specific compliance solutions. Technology has become a vital part of those solutions.”
According to Fieldfisher, as the viability of greater data capture and storage has increased, the scope of regulatory requirements for data capture, reporting and retention has increased:
- Regulators are focusing more and more on data and records, resulting in a myriad of regulations that businesses are required to comply with when creating, storing and using data. Of course this must be managed at the same time as exponential growth in the volume of data.
- Regulators have extended past requiring post-transaction paper records and the post-transactional storage of digital records to an expectation of live digital capture of data, for example, the second Markets in Financial Instruments Directive (MiFID2).
- Control environments ensuring data integrity have become core requirements.
- Most recent regulation is calling for more and faster reporting.
The data governance gap
Ignorance and a lack of preparation are not considered excuses when it comes to regulatory compliance. The CIO must play a key role in ensuring the organisation’s readiness. That means incorporating compliance planning and solutions as digital transformation strategies and tactics are developed and implemented, however boring or easy to procrastinate the idea of “compliance” may be.
If this isn’t already happening, it is time to add a focus on compliance to your to-do list.
And yet there is a data governance gap in most organisations, where regulatory experts within the corporation have little operational understanding and the CIO /IT team must leverage technology to meet regulatory requirements yet have little in the way of regulatory skillsets themselves.
The IT organisation faces a wall of perplexing and evolving standards and, to prevent the data deluge from becoming a toxic situation, needs straightforward solutions which support compliance.
Businesses in New Zealand face a significant challenge with the EU's General Data Protection Regulation coming into effect next year, and the evolving IPPs (Information Privacy Principles).
Now is the time to determine the roles and responsibilities regarding the creation and management of data within the organisation and factor these requirements into an effective data strategy, to turn the compliance conundrum into an opportunity for digital transformation and innovation.
Paul Bruton is business director, data intelligence, Hitachi Data Systems Asia Pacific
Send news tips and comments to email@example.com
Follow CIO New Zealand on Twitter:@cio_nz