Is there too much regulation?

paperwork

Regulation is not designed to get in the way of doing business.

Quite the opposite, it is designed to streamline business processes and make sure that firms are doing all that they can to stay within recommended business practices.

Why is it then that regulations are so often accused of causing confusion and leaving firms bogged down in checklists and reports when they should really be focusing on other things - like the actual business of doing business?

The most common regulations that firms must comply with are the financial, green, and people ones and quite often the same names are bandied about when people start to speak of them.

These include the WEEE directive, and its aims to save the planet while making enterprises more globally responsible, as well as the Data Protection and health and safety rules which are designed to protect both the individual and their identity - not to mention the myriad of financial reporting and money laundering rules hitting the financial services.

What to expect when

A quick glance at some of the government's business-serving web portals shows that regulations come in throughout the year and at various times.

In the coming months, firms can expect changes to the national minimum wage and redundancy provision as well as new rules on the use of hair dyes.

Another suggests forthcoming changes to email systems, as from October this year all companies will have to include their name in all forms of business documentation, including electronic documents.

Another forthcoming rule dictates that when an individual requests data from a firm that data must be provided in the form that was requested. So if an electronic copy is requested that must be provided, even if the original material is a hard copy.

Can IT handle the rush?

Already analysts at Gartner are suggesting that most IT organisations are unprepared for the swell of regulations that they face and are warning them to get ready for a huge swell of new rules designed to protect the consumer from technological catastrophes.

"Three years ago, Gartner published research predicting that either catastrophe from IT failure, or a continuing history of lower-level failures would provoke either a governmental regulation or industry self-regulation of IT products and services in the US by 2015 and in the European Union by 2015 to 2018," said Richard Hunter, vice president and distinguished analyst at Gartner.

"Although the exact date of arrival for regulation is difficult to predict, we believe that, in recent months, the tempo and intensity of the indications of such an event have increased," he said.

"As a result of the economic crisis, the social environment is considerably less trusting and secure," Hunter added. "The public is wary of cascading risks and would seem to be supportive of legislation and litigation aimed at reducing those risks, including those posed by IT."

Regulation can be good or bad

Clive Longbottom, service director for business process analysis at Quocirca, said that firms could see increased regulation both as a good and a bad thing, but added that adherence generally ensured good business practice.

"A lot of regulations are politically driven, and ill-thought out," he said. "Companies spend a lot of time and money in trying to adhere to regulations that are impossible. Yes, compliance is a burden - but if the approach taken is correct, the end results can be good for the business... Regulatory compliance cannot be done through applying a new sticking plaster every time something comes out. The root cause of the illness has to dealt with - through what we call a compliance oriented architecture (COA)."

Using such an approach, Longbottom explained, takes a lot of the pain out of dealing with data - particularly when it is off interest to outside forces.

"Within a COA, the data is king. By applying the requisite security policies to data, compliance can then be layered on top. For example, using classification, we can assign all documents and data items as 'Public', 'Internal', 'Restricted', 'Secure', 'Eyes only' or whatever. This classification tag can then be "read" by applications so as to decide what can be done with the information. An attachment to an email with the tag 'Public'? Fine, let it go through. the same with 'Secure'? Hold it, and carry out an exception action on it."

Do companies welcome regulation?

These are service providers, however, what of those companies that use these services? Do they welcome the intrusion of new guidelines and resources? Andy Rawlings, director of Application Services ISS at Research Council UK's Shared Services centre (RCUK SSC), agreed that legislation was increasing in his area but said that he felt well-prepared to cope with any change.

"We are public sector and do not suffer from some of the things that the business world face at the moment in terms of data retention/accounting practice. However, regulation is increasing even in our sector," he said. "Currently I feel adequately regulated."

However, Rawlings added that in some areas regulations did create 'pain', particularly in those that relate to customers and employees.

"Yes they can be a pain," he continued. "Freedom of information, Health and Safety and data protection are the things that affect us most. They can make doing business more difficult but this is not to say that their aims are bad. No one wants to get injured at work or lose sensitive data."

Ryan Schlanders, IT infrastructure services team manager at financial firm Credit Market Analysis (CMA) said that he felt that being subjected to external scrutiny of any kind was a good thing for business and would help his organisation to improve the services it provides as well as its own reputation.

"CMA isn't governed by the same legislative rules as a normal financial institute would. Since we don't technically hold financial client information we have no requirement to be ISO or FSA certified. Having said that, I do plan on being audited by the FSA next year as producing the certification does help deal with some of our current or future clients," he said.