Business Technology: Making The Most Out Of Compliance - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:47 PM
Bob Evans
Bob Evans

Business Technology: Making The Most Out Of Compliance

The winning entry from our recent contest for most-interesting compliance experiences describes a Web-based system that reduces risk, guarantees compliance, increases business value, and enhances customer intimacy. And you thought this compliance stuff just generated nightmares.

A few weeks ago, I wrote about the challenges of adding compliance to the already-full list of top priorities staring you in the face, and I asked you to send in your own stories of battles with compliance, whether they turned out as wins, losses, or draws (Compliance Shouldn't Be A Nightmare, March 22). You responded with some real doozies—I'd say that I feel your pain, but while reading them I was too cowardly to let it go that far—and many showed remarkable innovation and breakthrough thinking. Among the wins, most involved a strong thread of culture shock—but the shock was overcome, and the new ideas took hold. For some of the losses, either the approaches were wrong or management's will weakened or there was simply not enough organizational resolve to truly change—issuing a few memos and bringing in a consultant to have a few brown-bag-lunch chats doesn't quite cut it—and the approach devolved into spending more money to buy a detached and unintegrated bolt-on clump of software that everyone resented, that cost a boatload to support, that added nothing to productivity, and that further cemented rather than uprooted inefficient business processes. The moral of the story perhaps being, "And as you sow, so shall ye reap. ..."

Using the Toyota approach, for instance, the hospital traced problematic infections in some patients to their source, prompting two intensive-care units to change the way they insert intravenous lines. The result: a 90% drop in the number of infections after just 90 days of using the new procedures. ... By reducing infections, the new procedures have saved almost $500,000 a year in intensive-care-unit costs.

-- The Wall Street Journal, page 1, April 9

Well, we want all of you to enjoy rich, full harvests, so we'll have lots and lots of success stories and insights to share with you at our May 19 Compliance Challenges and Governance Strategies conference in New York, as we bring together innovative practitioners who'll share their experiences and best practices ( In addition, as promised, I've reviewed all the submissions that you readers so generously sent in, and I'd like to share with you what I felt was the most insightful and innovative. It comes from John Putman, assistant VP of lending-technology systems at CUNA Mutual Group, based in Madison, Wis. John said that his company holds the bond for about 96% of all credit unions in the United States, which means that if one of those credit unions violates a compliance regulation in issuing a loan to a member, then CUNA Mutual Group, as the bondholder, would have to cover any monetary loss. (I think that's what they call "having skin in the game.") So John's organization within CUNA Mutual developed an online loan application called that the company guarantees is compliant, which mitigates some risk for the company, and also is making life much easier for cash-strapped credit unions.

"Additionally," John said, "because we are able to spread the cost for the development and maintenance of among all the subscriber sites [currently about 500, with eight new sites joining each month], the cost of ownership is substantially less than it would be for a credit union to build a system with similar capabilities on their own." In addition, the company's significant IT infrastructure and security capabilities—including a modern data-center facility and disaster-recovery practices—probably go far beyond what most credit unions could afford.

There's more pain relief: The company also offers credit unions a library of guaranteed-compliant lending and deposit documents used by about 78% of all credit unions in the country, and also offers a compliant process for transmitting these documents electronically to the end-user borrower. "This is the area where I have seen the most regulatory violations," John said, because a federal regulation forbids sending a document containing personal member information as an E-mail attachment unless the message is encrypted. And since, in spite of that, most credit unions with internally developed Web applications use non-encrypted E-mail attachments for this purpose, "this provides an excellent opportunity for identity theft."

As stated in that previous column, compliance is daunting but doesn't have to be a nightmare—companies like CUNA Mutual Group have found better ways. We'll be sharing some other great examples on May 19, and we hope you can join us. And to John Putman and CUNA Mutual, our thanks and congratulations for sharing this innovative approach.

P.S.: In a huge research study we conducted late last year on compliance practices, we asked companies that had completed their compliance projects how those efforts affected their overall IT spending, their productivity, and their interactions with customers. On spending, 71% said it went up and 27% said it stayed flat, but 2% said they'd found a better way and not only attained full-compliant status but also reduced spending while doing so. On productivity, 34% said the effort needed for compliance reduced employee productivity, 61% said it was unchanged, and 5% found a better way by becoming compliant while also becoming more productive. And on customer relations, 30% said the demands of compliance made it harder for them to serve customers, 47% said customer service was unchanged, but a whopping 23% said they'd found a better way by becoming compliant while also serving customers better.

To discuss this column with other readers, please visit Bob Evans's forum on the Listening Post.

To find out more about Bob Evans, please visit his page on the Listening Post.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
The Best Way to Get Started with Data Analytics
John Edwards, Technology Journalist & Author,  7/8/2020
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll