• United States



by Robert Lerner

The Case for Regulatory Compliance Solutions

Jan 03, 20056 mins
CSO and CISOData and Information Security

The demand for solutions to help customers meet industry and government regulatory reporting requirements is not abating and, in fact, will continue to grow over the next few years. One reason for this growth is the looming requirements of the Sarbanes-Oxley (SOX) Act, which concerns corporate governance and executive responsibility; another reason is the increasing mountain of reporting requirements (covering everything from suspect persons and organizations to corporate responsibility), not only in this country, but also in other countries and by organizations other than governments (such as the FDA). Vendors with technologies that are useful, in terms of helping customers comply with various government and industry regulations, should start capitalizing on this need now. There is still plenty of room for vendors to get involved, but vendors of all stripes are being lured into the market and one can expect the competition for the market to heat up over the next couple of years.

Data quality companies have been addressing regulatory compliance for a few years. Nevertheless, these companies, and others, should be thinking about leveraging their technology to address regulatory compliance for both government and industry. The market for compliance solutions will potentially provide these vendors with avenues for their technology and more opportunities to deepen their penetration of the market. Data quality vendors, therefore, should be looking to partner with some of the non-data quality vendors that are making strong efforts to penetrate or deepen their penetration of this market and leverage their technology for more than just OFAC. The advantages are immediate, although with the growth in competition, these advantages could diminish over time.

The demand for solutions to help customers meet government and industry regulatory reporting requirements can be expected to grow significantly over the next few years. Part of the reason for this growth is certainly the Sarbanes-Oxley (SOX) Act and similar international regulations concerning corporate governance and executive responsibility; another part is simply the increasing mountain of reporting requirements (covering everything from suspect persons and organizations to patient privacy) that are being enacted not only in this country but throughout the world. Furthermore, these requirements are being enacted by both government and non- government organizations. More than 30,000 financial organizations internationally are expected to comply with the Basel II Accord, which is increasing the demand for solutions that help these organizations comply.

In fact, the situation is such that most businesses, regardless of size or industry, can expect to comply with some regulatory requirement, if not now then in the near future. In the United States, compliance regulations already cover a broad swath of businesses. The USA Patriot Act, for example, which deals with terrorism and money laundering, requires financial services organizations to comply with its regulations. However, the Patriot Act’s definition of what constitutes a financial service firm is quite inclusive, covering not only banks and lending institutions, but also insurance companies, securities brokers, currency exchanges, precious metal dealers, travel agencies, telegraph companies, casinos, real estate agencies, car and boat dealers, and the USPS. Despite the seemingly disparate nature of such businesses, many of these sorts of organizations are buying or looking to buy technology that will help them meet this and other regulatory requirements. It is not surprising, therefore, that vendors of all stripes are now looking to exploit the demand.

Data quality vendors are not strangers to this market. In fact, many of them now offer solutions for OFAC and other compliance regulations, while a couple of them have been offering compliance solutions for some time. Innovative Systems, for instance, has had an OFAC solution since 1998. Many of them have also been working to expand their overall capabilities in this area, looking to address such regulations as the USA Patriot Act, Graham-Leach-Bliley, HIPAA, state and federal Do Not Call legislation, international (such as Basel II) regulations, and industry regulations.

For data quality companies interested in this important market, OFAC is a good stepping stone, and there is still a strong market for list cleansing and cleansed lists. However, data quality companies that want to deepen their penetration of this market should obviously be working to expand their support for additional regulatory requirements, both in the U.S and abroad (especially the EU and countries such Canada and South Africa). For instance, the Bank Secrecy Act/Anti-Money Laundering Act should be on their radar. This Act requires financial institutions to understand their customers and to track any number of over 170 crimes under its jurisdiction. Of course, there are also reporting requirements and internal controls that are outside the province of data quality, and yet it should be a critical part of solutions for this and other compliance requirements. Vendors should also be considering industry regulations, particularly in the life sciences market (for example, informed consent regulations require complete and accurate patient information, which is often difficult because of the number of doctors and others contributing to a single patient’s file) and manufacturing. The FDA, while a government agency, is an important key to a number of regulations in the life sciences space.

Moreover, data quality vendors should be looking to develop partnerships with vendors in other industries that have viable compliance solutions or that are working to develop such solutions. Partnerships with these sorts of vendors (which can be anything from compliance specialists to content management and document management vendors to services organizations) can potentially be a bonus in terms of increasing a vendor’s presence in the space. Obviously, vendors such as IBM, Oracle, SAP, and others with compliance solutions already have relationships with some data quality vendors, but this does not mean that they are adverse to additional relationships or even that they are leveraging data quality tools for compliance. Regardless, partnerships will be a key to increasing the penetration of this market.

Nevertheless, there are some concerns here. Not every vendor with compliance solutions on its mind is interested in partnering with a data quality company; some no doubt feel that their solutions have little need for a data quality component, while others no doubt lack an understanding of data quality and what constitutes good quality data (for example, is an organization’s data good if it is, say, 75 percent accurate?). Some of these vendors even have viability issues, making a partnership with them an iffy affair at best. Furthermore, in many instances, the data quality vendors will have to make a case for their technology in some solutions. Still, if they can do so, the efforts expended may be worthwhile, since this is still an immature market with strong growth opportunities.