As a systems integrator (SI) or value-added reseller (VAR), you have undoubtedly witnessed the first-hand impact of the Sarbanes-Oxley Act, HIPAA, FDA 21 CFR Part 11, SAS 70, GLBA and other legislative requirements on your customers' IT departments. Whether you secure enterprise assets or integrate corporate databases, chances are that compliance impacts your customer pool and service delivery – and it's only going to get worse. Regulatory impact is on the rise, especially at organizations with global presence. In the current environment of outsourcing, deregulation, global business models and mega mergers, the newest wave of global compliance could be your next frontier of competitive advantage – should you choose to accept the challenge, of course!
International compliance standards like Basel II that are designed for effective management of credit and operational risk, are becoming a necessity for U.S. banks with European connections. For that matter, U.S. companies seeking partnerships with overseas investors and foreign markets need to integrate an entirely new global financial reporting language – known as International Financial Reporting Standards (IFRS) – as their global accounting framework. The Norwalk Accord of 2002 offers to converge IFRS with U.S. Generally Accepted Accounting Principles (GAAP), so SIs and VARs have an opportunity to provide products, solutions and services centered on implementing the converging standards.
The relentless deluge of compliance-related pressure from overseas regulators is impacting U.S. companies' tactical and strategic initiatives as new and emerging standards affect industries with a global reach. For example, Solvency II to be introduced this year by the European Union Commission, will impact insurance companies in the U.S. due to the global nature of the industry. There are both short term opportunities requiring technical tweaks and enhancements, and long term strategic initiatives related to unifying compliance and creating transition plans.
Here are a few ways you can capitalize on the trend toward international and U.S. regulatory compliance convergence:
- Gain international regulatory compliance knowledge
Visit the International Compliance Association and The Governance, Risk Management and Compliance Global Rules Information Database to develop your understanding of regional or country-specific regulations such as the following:
- EU Directive on Data Protection
- UN Guidelines for Regulation of Computerized Personal Data Files
- Canada's Personal Information Protection and Electronic Documents Act
- UK's Turnbull Guidance on Internal Controls
- France's Data Protection Act
- Australia's Spam Act of 2003
- India Information Privacy Act
- Japan Guidelines for Personal Data Protection in Electronic Commerce
- Add international to your compliance practice
Enhance your practice by including international compliance as part of your core expertise. Market that as your competitive advantage.
- Gather country or regional compliance knowledge
Although many countries have similar regulations such as the one for protecting the privacy of consumers, the details, protocols and nuances of reporting vary from country to country.
- Know the industry
Compliance varies by industry. One could say generally that what Basel II is for the banking industry, Solvency II is for the insurance industry. Focus on an industry, and understand its specific requirements.
- Hire compliance and IT experts
Augment your practice with key experts and practitioners (with certifications like CISA, CISM, CISSP who understand global compliance and technology.
More on regulatory compliance services
The security consultant's role in regulatory compliance
In the next article in this series on international regulatory compliance, we will introduce you to a few key international regulations and explain how you can unify your customers' compliance initiatives by using an integrated approach.
About the author
Tony Giroti, CISA®, is the chairman of BrookEdge Technologies. BrookEdge provides IT governance, IT assessment and compliance solutions and services to U.S. and global companies requiring regulatory compliance expertise and deep technical knowledge. Tony has 20 years of experience in IT and has consulted with many Fortune and Global 100 companies. He has also founded three software and hardware companies in the areas of data warehousing, enterprise architecture, wireless and compliance. He is a frequent presenter at many IT, compliance and security related conferences and has published numerous white papers, articles and patents in this space.
'Compliance as a service': How to avoid missteps when starting