CIOs must demand clarity on compliance role

As technology continues to permeate every element of the business, it is becoming far more common for the CIO to play a bigger role in business transformation and the decisions across the whole business.

The idea of IT being a department whose phone rings only when something breaks is an anachronism we need to move away from.

CIOs will likely be the first to admit that knowing the benefits of a particular accounting system, or being able to integrate it across business functions, does not make them an accountant.

Nor does being able to communicate the business benefits of cloud-based CRM make them a customer service expert.

Despite this, there appear to be some areas where the CIO is being asked to step in to manage not only the enablement of a job function but the function itself.

Take compliance as a highly topical example.

A recent piece of research conducted across 100 of the UK’s leading financial services organisations revealed that many of these businesses are ill-prepared for legislation coming into effect on 14 November which will require they record and effectively archive all mobile phone conversations.

It is an extension to current Financial Services Authority regulations which require they retain email and landline phone records.

The headline finding from this survey, commissioned by Orange, was obviously cause for concern for those companies in the compliance crosshairs.

But another trend came to light as well, one which was equally surprising as this lack of preparedness. The research revealed the degree to which the CIO is often the person companies expect to ensure compliance with such regulations.

The thinking clearly goes that ensuring a business is compliant with this regulation requires some degree of technical support or implementation, therefore the CIO should be responsible.

It doesn’t always fall to the CIO.

Nearly half of respondents said they do now have a chief compliance officer in place. That’s a clear sign of the degree to which compliance has become a cost of doing business in highly regulated industries such as financial services.

But in a quarter of companies it is the CIO who will be expected to ensure FSA compliance.

Looked at in isolation, this decision appears to make sense.

Mobile phones are increasingly an integral part of the corporate IT network and are a major access route to company information, the protection and provision of which certainly falls within the CIO’s remit.

Information in turn is the most precious commodity within a business and holds the key to the propriety of the business.

So it makes sense that the responsibility for mobile devices falls within the remit of the CIO.

But that doesn’t mean the CIO is fully conversant with compliance regulations or the processes which must be in place to demonstrate adherence to them.

It is also unlikely that the CIO needs further distraction from the core elements of their day job, which should be focussed on finding ways for the business to become more effective and more efficient through the smarter use of technology.

If nearly half of organisations have recognised the need for a dedicated head of compliance, it seems unlikely this is something which can reasonably be added to the CIO’s to-do list.

This is because many areas of compliance do not have such an explicit technology angle, such as anti-bribery legislation which came into effect last year.

However, a piecemeal approach to compliance where each task is allocated across different business units according to relevance is  no kind of scalable, robust solution.

Compliance is too important to risk it falling down the inevitable cracks in the business this approach would create.

Those businesses who have identified the need for a single owner, from a legal or compliance background are clearly better equipped.

There is also another issue too often overlooked when discussing the role the CIO plays within the business.

Traditionally they have been seen as the person who pushed back on a bright idea and who said a device or a piece of software cannot be installed.

They were also seen as being a cost centre, an area of the businesses where budgets were spent just to stand still.

That couldn’t be further from the truth when I think about the CIOs we speak to now.

As the value to the business of a strong CIO has become recognised and appreciated, many have shed the negative perceptions and been credited with being an agent of positive change.

Handing them the compliance brief now will undo much of that, not just because of the attritional effect on their time but also because it would place them back as a builder of ringfences and safety nets.

IT will continue to be the answer to many of the business’s most pressing issues and the driving force of its greatest opportunities. That means the CIO will be in contact with every aspect of the business but that is not the same as being responsible for every aspect of the business.

Martin Stiven is VP of business at Everything Everywhere

Pic: madcowkcc2.0