Business Technology: Making The Most Out Of Compliance
The winning entry from our recent contest for most-interesting compliance experiences describes a Web-based system that reduces risk, guarantees compliance, increases business value, and enhances customer intimacy. And you thought this compliance stuff just generated nightmares.
A few weeks ago, I wrote about the challenges of adding compliance to the already-full list of top priorities staring you in the face, and I asked you to send in your own stories of battles with compliance, whether they turned out as wins, losses, or draws (Compliance Shouldn't Be A Nightmare, March 22). You responded with some real dooziesI'd say that I feel your pain, but while reading them I was too cowardly to let it go that farand many showed remarkable innovation and breakthrough thinking. Among the wins, most involved a strong thread of culture shockbut the shock was overcome, and the new ideas took hold. For some of the losses, either the approaches were wrong or management's will weakened or there was simply not enough organizational resolve to truly changeissuing a few memos and bringing in a consultant to have a few brown-bag-lunch chats doesn't quite cut itand the approach devolved into spending more money to buy a detached and unintegrated bolt-on clump of software that everyone resented, that cost a boatload to support, that added nothing to productivity, and that further cemented rather than uprooted inefficient business processes. The moral of the story perhaps being, "And as you sow, so shall ye reap. ..."
Using the Toyota approach, for instance, the hospital traced problematic infections in some patients to their source, prompting two intensive-care units to change the way they insert intravenous lines. The result: a 90% drop in the number of infections after just 90 days of using the new procedures. ... By reducing infections, the new procedures have saved almost $500,000 a year in intensive-care-unit costs.
-- The Wall Street Journal, page 1, April 9
Well, we want all of you to enjoy rich, full harvests, so we'll have lots and lots of success stories and insights to share with you at our May 19 Compliance Challenges and Governance Strategies conference in New York, as we bring together innovative practitioners who'll share their experiences and best practices (informationweek.com/events/compliance). In addition, as promised, I've reviewed all the submissions that you readers so generously sent in, and I'd like to share with you what I felt was the most insightful and innovative. It comes from John Putman, assistant VP of lending-technology systems at CUNA Mutual Group, based in Madison, Wis. John said that his company holds the bond for about 96% of all credit unions in the United States, which means that if one of those credit unions violates a compliance regulation in issuing a loan to a member, then CUNA Mutual Group, as the bondholder, would have to cover any monetary loss. (I think that's what they call "having skin in the game.") So John's organization within CUNA Mutual developed an online loan application called loanliner.com that the company guarantees is compliant, which mitigates some risk for the company, and also is making life much easier for cash-strapped credit unions.
"Additionally," John said, "because we are able to spread the cost for the development and maintenance of loanliner.com among all the subscriber sites [currently about 500, with eight new sites joining each month], the cost of ownership is substantially less than it would be for a credit union to build a system with similar capabilities on their own." In addition, the company's significant IT infrastructure and security capabilitiesincluding a modern data-center facility and disaster-recovery practicesprobably go far beyond what most credit unions could afford.
There's more pain relief: The company also offers credit unions a library of guaranteed-compliant lending and deposit documents used by about 78% of all credit unions in the country, and also offers a compliant process for transmitting these documents electronically to the end-user borrower. "This is the area where I have seen the most regulatory violations," John said, because a federal regulation forbids sending a document containing personal member information as an E-mail attachment unless the message is encrypted. And since, in spite of that, most credit unions with internally developed Web applications use non-encrypted E-mail attachments for this purpose, "this provides an excellent opportunity for identity theft."
As stated in that previous column, compliance is daunting but doesn't have to be a nightmarecompanies like CUNA Mutual Group have found better ways. We'll be sharing some other great examples on May 19, and we hope you can join us. And to John Putman and CUNA Mutual, our thanks and congratulations for sharing this innovative approach.
P.S.: In a huge research study we conducted late last year on compliance practices, we asked companies that had completed their compliance projects how those efforts affected their overall IT spending, their productivity, and their interactions with customers. On spending, 71% said it went up and 27% said it stayed flat, but 2% said they'd found a better way and not only attained full-compliant status but also reduced spending while doing so. On productivity, 34% said the effort needed for compliance reduced employee productivity, 61% said it was unchanged, and 5% found a better way by becoming compliant while also becoming more productive. And on customer relations, 30% said the demands of compliance made it harder for them to serve customers, 47% said customer service was unchanged, but a whopping 23% said they'd found a better way by becoming compliant while also serving customers better.
To discuss this column with other readers, please visit Bob Evans's forum on the Listening Post.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.