IT's latest windfall... IT directors are using regulatory compliance to justify a new wave of technology investments.
By Tim Bradshaw - Infoconomy
It is being called the 'compliance dividend'. The unprecedented raft of new business regulations either recently brought in or looming into view is spurring a fresh wave of technology investment on at least a par with the last two great IT 'dividends' - Y2K and the Internet.
One head of IT at a financial institution, who prefers to remain anonymous (for obvious reasons), tells Information Age that he has been successfully pushing through business plans for IT projects that had lain fallow for months, if not years.
The thing to do is to liberally spread the word 'compliance' around the plan, apparently. Do that, he says, and the chances are, CEOs and chief financial officers - particularly those who have to personally sign their company's financial statements under the so-called 'Sarbanes-Oxley' Act, and who thus face personal fines (or worse) for non-compliance - will enthusiastically back the proposal.
Feeding off paranoia is a good start for any business plan. One sign that things, especially since Enron, have got a little out of control is the fact that there were no fewer than 323 financial restatements in the US last year - up by one-fifth since 2001. Companies have become extremely cautious about filing the wrong numbers. Many would prefer to face a short-term PR disaster than risk the prospect of being found to have fallen foul of a particular regulation.
Happily for IT directors, the need to comply covers a lot of potential areas of investment. Not that this need matter much to decision-makers, but none of it comes cheap. IT sector analysts at the Meta Group think that banks complying with the Basel II risk-management accord will each spend between £15 million and £25 million on relevant IT projects. (The overall cost, including IT spending, is likely to be around £130 million for the biggest institutions.) Add a few more zeroes to the IT bills of companies that must comply with Sarbanes-Oxley, not to mention Turnbull, Higgs and International Accounting Standards, and you are getting closer to the true cost of compliance.
A poll of 166 senior executives around the world, commissioned by Changepoint and conducted by the Economist Intelligence Unit (EIU), found that compliance is spurring 59% of companies to invest "heavily" in existing IT equipment, while 34% are buying whole new systems.
There is evidence that bigger budgets for compliance are pushing up salaries, especially in the financial services sector - in a possible repeat of the Y2K pay hike. One survey found that salaries for IT vacancies in the City of
It is good news for vendors, too. "It's the greatest thing in the world," says Phillip Strand, a global strategist for business intelligence software company SAS Institute. Dave DeWalt, CEO of Documentum, EMC's content management division, says: "We're seeing a highly accelerated business model for compliance, which is perhaps as big if not bigger than the justifications of the Internet were."
Buying habits are also changing. "The decision is coming from much higher in the organisation, which makes a world of difference in terms of spending on technology," says DeWalt.
That is creating a golden opportunity for career development. "This is the situation that will get the CIO on the board," says Mike Davis, an analyst with the Butler Group. "The CIO is the only person who has the breadth of understanding and can put together the strategy that can help an organisation be compliant."
Only the CIO,
The scale of the new regulations' boost to IT investment is being compared to the Y2K panic, when whole systems were overhauled just to make sure they could read the correct date. But unlike Y2K, regulatory compliance has no end point, no
Analysts say that even small, young companies might need to show good governance, say, to qualify for venture capital funding. Although in theory it only applies in the
David Weymouth, CIO of Barclays Bank, has heard a lot of sales pitches on the subject. "All the vendors are saying, 'Upgrade to our latest system and that will be as close as you can get to complying'," he says.
Weymouth acknowledges that rules on direct marketing, for example, have enabled Barclays to "completely clean up" its postcoding system: "Over the last three months we've sorted out 80,000 data issues that were around integrity of data and matching data." This initiative, he says, along with data warehousing and customer management projects, may not have occurred without a need to address new regulations.
Some argue that the benefits to IT from such regulations go further than just being a handy hook for a difficult business case. CSC's Bradshaw says it ushers in a new interdependency that could bridge the traditional gap between the business and IT. "It's alignment with the business and getting that link more and more self evident in everything that you do. Now there is a logical business reason for everyone talking to each other," she says. "The most exciting thing is that it is bringing technology higher up in the organisation."
The EIU/Changepoint survey, which found that in 63% of organisations senior IT personnel were not involved at a strategic level when planning the company's compliance programme, may suggest that this is overstating the case. And SAS's
Even if a substantial sum of money is granted to IT, Bradshaw warns that too radical an overhaul of IT systems might "throw the baby out with the bathwater. Integrating new systems is inherently risky. If you can adapt what you've already got, you're way ahead."