Before firms buy new, expensive compliance solutions, however, as often is the case with compliance initiatives, they first need to solve their data issues, stresses Adam Honore, senior analyst at Aite Group. "I wouldn't go out shopping for a compliance solution yet," he says. "Firms haven't solved the data issue yet, which is what [hindered] transparency in the past. Getting some solutions in place to bring data together and keep it moving -- that's the best start."
Complex event processing (CEP) technologies, which enable firms to ingest massive data volumes and calculate risk positions in near real time, are key to firms' data management efforts, according to Honore. "You have streaming data, including trade and market data, from all liquidity points, as well as news information, alerts and economic indicators, coming in in real time," he says. "We've learned from the financial crisis ... that you need to be faster about measuring and reacting to risk events. At some point you may be held accountable for being able to do that. So you have to create the infrastructure that gets you information faster and gets you the ability to react faster."
Brian Cummings, director of information risk management, Tata Consultancy Services, North America, agrees that it is more essential than ever for firms to consolidate their risk and compliance efforts, rather than to just bolt on new tools. "You can't have IT doing its own thing and accounting doing its own thing too," he insists. "You need to take an enterprise view of risk management and consolidate your efforts."
Then firms can use the appropriate tools to analyze their risk exposure, Cummings continues. "That's powerful, as trying to do it on an ad hoc basis makes it very difficult to get a grand view of where you are," he says.
Data security continues to be a key compliance issue, points Anthony DiBello, product manager for Guidance Software's EnCase Data Audit & Policy Enforcement solution. According to DiBello, until recently most firms have relied on general IT controls to protect data, but this puts them at risk for huge reputational and financial losses. "As the legislative climate has increased, [firms have] realized they have to get closer to the data itself -- you can't protect something if you don't know how it's being used," he asserts. "So people are now getting cosy with the data."
DiBello explains that Guidance's EnCase Data Audit & Policy Enforcement product enables enterprises to see where information resides -- from file servers and e-mail servers to laptops and desktops. It then sweeps clean both the sensitive data in unauthorized locations and data that falls outside of an organization's records-retention policy.