As a former congressional staffer, Agnes Bundy Scanlan brings firsthand knowledge of Capitol Hill to her job as chief compliance officer for FleetBoston Financial.

That's useful experience in today's regulatory environment, in which Congress is quick to pass legislation designed to make companies play a major role in attacking problems such as terrorism and corporate malfeasance. No industry is more in the middle of that effort than financial services. "The scrutiny on compliance and risk issues has never been higher," Bundy Scanlan says.

FleetBoston's privacy policy doesn't let third parties use customer information for marketing without consent, Bundy Scanlan says. Photo of Agnes Bundy Scanlan by Christopher Navin

Bundy Scanlan is responsible for making sure that each line of business throughout the company complies with local, state, and national laws. On top of coping with wide-ranging initiatives such as the USA Patriot and Sarbanes-Oxley acts, compliance officers at diversified financial institutions have to grapple with what it means to run a financial holding company as defined by the Gramm-Leach-Bliley Act, which sets requirements for protecting the personal information that financial institutions hold. With these laws so new, there's no clear guidebook for how people like Bundy Scanlan--or their employers--need to operate.

The topic has become a key issue for the American Bar Association, which recently formed a compliance-management committee with Bundy Scanlan as its vice chairperson. "People are really thinking about compliance and risk management more than ever," she says. "It's trying to keep on top of all the issues, and even more than that, trying to be proactive and not just reactive."

Compliance officers have to know the impact of laws and regulations. Plus, they should understand how business technology shapes legislation and regulations. Indeed, regulators have been increasingly sophisticated in their response to new financial services, customer channels, and oversight requirements. For compliance officers at financial institutions of all sizes, this shift calls for greater vigilance in monitoring technology trends and their potential impact on the legal, regulatory, and operating environment. Technology has an ever-present impact on compliance management in that it has the promise to solve problems as well as create them.

That's why Bundy Scanlan's previous three-year stint as FleetBoston's chief privacy officer was helpful. Privacy issues and regulations are strongly rooted in business technology. "The whole reason why we have privacy laws is because of the information that's shared on the Web and the flow of that information," she says.

Bundy Scanlan describes FleetBoston's privacy policy as "very conservative," in that it doesn't allow third parties to use customer information for marketing purposes without a customer's consent. "We do share information--all financial institutions do it--within the family," she says. "But we don't share it with third parties, and that's conservative."

There are exceptions. "Within our policy it does state that we would provide information to the government upon subpoena or according to law," she says. "You have to balance the protection of customers' information along with the request of the government to require information to ensure that we don't have another 9/11."