Economic swings, digitization, and cybercrime have collectively sparked significant regulatory reform across industries. Existing mandates like PCI, HIPAA, GLBA, and FISMA have gone through multiple revisions that increased non-compliance penalties and tightened enforcement. The financial sector, in particular, has been hit hard due to its highly visible role in the 2008 economic crisis. New and updated financial reporting directives including CCAR, the Dodd-Frank Act, EMIR, MiFID II, and Basel III have dramatically increased the burden and cost of compliance for banks across the globe.
The trend towards increased regulatory oversight and reform shows no sign of slowing down. In a 2014 global compliance survey from Thomson Reuters, 75% of respondents expected the pace of regulatory change to increase further. While the visible cost of compliance may seem to be the growing importance and size of compliance teams in IT, the real costs are far greater in magnitude and impact.
[Banks can meet new regulatory standards while also improving business processes and aligning strategies: 3 Best Practices For Regulatory Compliance]
Growing backlog of application projects
Modern businesses run on software applications. In many sectors, especially banking, these applications are also a growing source of competitive differentiation. Not surprisingly, application development teams are overwhelmed by a growing backlog of project requests in the form of new application rollouts, customizations, upgrades, and integrations.
Compliance requirements only add to this backlog because applications have to be re-instrumented to keep pace with constantly evolving regulatory guidance. For example, many banks are overhauling applications and building out compliance data repositories to meet swap transaction data recordkeeping and reporting requirements of the Dodd-Frank Act. Moreover, compliance-driven projects often have to be prioritized over other projects that could have a clear and present impact on revenues and core business processes.
Redirection of operational IT resources
Regulations also introduce extensive reporting requirements to facilitate audits and validate compliance. Delivering on these requirements generally involves a three-phase lifecycle, spanning data collection, modeling, and reporting. But data management challenges are a major bottleneck at every stage. During the collection phase, source data availability and access are major constraints. In the modeling and reporting phases, multiple copies of source systems are needed to parallelize reporting work streams.
Across regulations, the cost of creating and maintaining reporting environments is overwhelming. Frequent refreshes of data in reporting systems tax the data sources, the network, and the reporting environments themselves. The recent wave of stress test laws like C-CAR, EMIR, and MiFID have brought these challenges to the forefront in the banking sector, and the net impact has been a redirection of already limited IT operational resources from production support and other important projects to compliance initiatives.
Barriers to IT transformation
Rising regulatory pressure and the resulting mismatch between IT resource supply and demand are driving interest in projects that can fundamentally transform IT agility, cost efficiency, and utilization. Among traditional industries, the financial sector leads the way when it comes to cloud adoption, application portfolio rationalization, offshoring, and outsourcing.
Ironically, regulatory compliance creates as many barricades around transformational projects as it provides impetus to execute them. Current data archival solutions fall short of required recovery SLAs, putting organizations at risk of audit failure if legacy applications are retired. Banking applications also contain widespread sensitive data that is only harder to protect in the cloud or in offshore and outsourced staffing models that fundamentally reduce control and visibility. Invariably, these projects and their potential return are blocked by security- and governance-related objections.
Compliance without compromise
The rising cost of regulatory compliance is untenable, given the inevitable, growing pace of regulatory reform. The direct cost of compliance, while significant, is dwarfed by the opportunity cost of forgoing other projects that can drive revenues and improve margins. The response across industries has been far too reactive. Point solutions, implemented for the most specific of regulatory requirements, have led to an amalgamation of compliance tools with limited impact and numerous secondary costs.
The problem must be tackled at a more fundamental level and the reality is that the data supply chain for compliance and governance is broken. Data is siloed across multiple formats (files, databases, big data, etc.) and locations (on-premises, private clouds, public clouds), without consistency or control. As a result, as data moves and changes, it gets harder to track, manage, and govern. It is time to tackle the problem at its core -- at the data layer.
Technologies that virtualize data at its point of generation offer an opportunity to reverse the compliance dilemma. Virtualizing data at its source eliminates compliance-driven project backlogs, operational resource redirection, as well as barriers to IT transformation.
Ansh Patnaik is responsible for industry and compliance solutions at Delphix. The Delphix Virtual Data Platform virtualizes, governs and delivers data on demand. More than 100 of the Fortune 500, including several of the world's largest financial institutions, use Delphix to ... View Full Bio