The emotions, reactions, fears, dread, and assumptions I hear swirling around compliance issues have a familiar ring. Some companies don't like being told by regulators what to do and how to run their businesses. Some companies flounder a bit and then scramble to meet the looming deadline. Some overcompensate with plans, reorgs, and IT purchases. The familiar ring is kind of like the bells that were going off pre-year 2000 when companies were busy getting their systems in order--some grudgingly so, some anxiously.

The Sarbanes-Oxley Act, the USA Patriot Act, the Health Insurance Portability and Accountability Act, the California Security Breach Notification Law, Basel I and II. Whew. Fact is, compliance takes people, processes, and systems to pull off. It can be costly. It can be time consuming. It can be complex. It can be distracting to a company trying to run its business, keep its customers happy, seek new business opportunities, and increase revenue. But it can also be a good thing.

About 38% of the companies surveyed by InformationWeek Research are getting more out of their efforts than the ability to check off that they are compliant. Indeed, while some see regulatory compliance as a necessary evil, others look for ways to wring business value from it--better data, better marketing opportunities, better governance, better contingency plans, and more. Call it serendipity or smart planning or a little of both. But hats off to those who are trying do more than avoid penalties and lawsuits.

For more on compliance, visit informationweek.com/958/compliance.htm, where you'll find coverage from across the InformationWeek Media Network, including Optimize, Bank Systems & Technology, and Wall Street & Technology.

Stephanie Stahl
Editor
sstahl@cmp.com

To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post.