Developing IT Compliance program Plan for financial institutions 

BA 602 

Management information system 

John Kenney

Vishwanath Thummala
Tharun Bojja
Karan shah
Premender Aenugu
Mira Upadhyay
Qaisar Mehmood
Phani raja konakalla 

 Introduction

 Discuss the challenges IT divisions face in achieving regulatory compliance

There are several challenges that an organization has to work on while developing a compliance

program. One of the most challenges that all companies face is automation. Most of the

companies process and business involve manual intervention (Guan Siew Teo, 2004). Failure to
automate all business process are the biggest challenges that organization faces while

maintaining IT compliance. IT services companies as well as financial companies are facing

issue in maintaining compliance regularities.pg.174 There are many challenges that make

management of compliance difficult. There challenges include regulatory framework, worldwide

enterprise network, approach toward compliance adopted by both client and vendor, one of the

other major factors that makes compliance management difficult for the organizations is cost

associated with the management of regulations (Garry C. Gray, 2014).  Regulatory compliance

not only poses serious challenges to insurance, It, financial companies seeking global expansion

but also affects the fact that business model cannot be established as it in another county. Pg. 3 

There are several challenges that organizations face while implementing regulatory compliance.

 Organizational structure

 Centralized structure So

 Decentralized structure

  Increasing demand on network access

 Inability to control employee’s devices and systems (Access management)

  Cost associated with maintains of compliance

    Overly legalistic regulation

  Failure to monitor

Every organization has different structure. Structure of the organization is explaining what the

organization is about. For every ITT company it is important to have consistency. Organization

structure plays an important role in defining compliance and regulations (Guan Siew Teo, 2004).

The challenge for the organization is not only in the developing regulation but also in
maintaining policy instruments.pg.188 Sometime companies faces a problem in understanding

target group and how to inform regulatory design.  While developing compliance program

organizations has to take the following factors into consideration.

 The characteristic of the marketplace

 Structure of the individual organization and decision-making system, process.

 What will motivate individual in an organization to maintain and follow the compliance.

 Cost

 Maintaining compliance can sometimes be very costly. There are many things that results in

high cost of compliance. Some of them are regulations are inflexible, substantive standards are

too high, the transition time for coming into conformity is too short. If we see that cost

associated with complaining regulation is too high, then it is often observed that compliance rate

in an organization is low. It is difficult for policy makers to predict economic and social

circumstances that individual in company faces.

Overly legalistic regulation

Employees of the company do not follow compliance rules if they see there is no purpose of

having regulation. Overly rule regulation can have a negative impact on the compliance.

Financial and IT companies has go through regulation. So, regulations under regulation becomes

challenge for the financial companies. There regulation has rules that tell companies how

outlining how financial institutions must protect their organizational data. According to these

regulations, financial services and IT companies has to make sure that the data is accurate and

has integrity. IT companies faces issues and challenges when they want to do business with
entities in different countries. Compliance program developed in one country might not be

compatible with the compliance program developed for the entity in another country.

Difficulties in adopting data centric approach

Most of the IT and financial companies prefer to adopt data centric approach. No data centric

approach has proven to be weak to protect information and data, There are has been  cases where

the data breach happened in the companies that uses non data centric approach. There has been

continuous grow in complexity of the modern network. This complexity has resulted in

challenges to maintain compliance (Garry C. Gray, 2014). There have been new ways of

connecting to networks, employees of the company wants to access the devices, networks

overseas, this has made systems more complex and has increased the risk of security breach. It

has been one of the biggest challenges for the companies to have control over the networks.

Continuous changes in organization structure and data generation

Since few years organizations are generating more and more data. It has become challenging for

the organization to maintain the data and analyze vast amounts of information while maintaining

compliance and regulations. As the data is evolving and changing at a faster rate, companies

have to make sure that their compliance program is flexible and can easily adopt changes. In

coming years changes will come both in data and compliance regulations. It has been

challenging for the companies to add more and more data and at the same time maintain the

regulations.

Access Management
Now a days employees can connect to the company's network, devices from different ways. This

causes some challenges to maintain mobile and laptop devices management policies and

technologies. When it comes to IT compliance company has to create better approach towards

handling of the data and data security approach. It is important to create this approach to protect

company’s security from internal and external threats. 

 Discuss the phases IT divisions face in achieving regulatory compliance

 Assess how IT governance will improve the effectiveness of the IT Division to attain
regulatory compliance

 Develop a broad vision, an architecture, and a detailed plan of action that follows a
life cycle concept

 Assess all key business processes and IT compliance factors and link to all business

processes (financial and non-IT) to develop an aggregate vision of IT compliance

When it comes to the financial compliance for organizations, Sarbanes-Oxley Act has driven all

the companies listed on the New York Stock Exchange to go through a strict audit process,

looking at which many other stock exchanges have also introduced similar compliance policies

around the globe. This act came into play after the housing market crash and recession that

happened in 2009.  Compliance policies like this is reforming the financial industry to be more

transparent and better with that it is also reforming the IT compliance in the organization.
To be compliant of Sarbanes-Oxley, performing regular assessments of regulatory standards and

having the best practices in place time and again which reshapes and restructures the IT

compliance policy of the organization. A good IT compliance framework would ensure to have

the best practices and processes in place to ensure compliance solutions are in place for a long

term and would give out best results to the organization. There is increased scrutiny in the

financial field currently which means, there is a higher number of audits and having to do all the

process by humans tends to be very expensive in the long run. This is demanding the automated

solutions that performs the analysis and help in cost reduction and higher efficiency by cutting

down costs put on employees trying to follow the compliance policy.

For the good IT compliance policy companies must make firstly define the compliance strategy

which with there are strong policies and procedure laid down. With increasing business

complexity, there are new rules and policies that businesses operating different spaces must be

compliant to. Adding these addition parts to the compliance policy would make it more

competitive and puts the company under less risk of defaulting or non-compliant. To conclude

on the assessment, having to define all the processes from end to end in a business would make a

great IT compliance policy.

 Your detailed plan should include the following phases: initiate, plan, develop and
implement. 

This takes time, money and experience to establish a regulatory compliance program. Although

with a plan in mind, perhaps institutions don't have the means to start implementation. A

compelling administrative compliance program begins with a strong establishment, where

representatives partake in the important preparing to all the more likely comprehend the

significance of good morals and honesty and consequently apply these standards to their work
(Scanlan & Purdon, 2007). The different phases while planning for the compliance program will

include initiating, planning, developing and implementing the effective IT compliance program

so as to provide a regulation from the risks involved in the financial institutions as the companies

do hold a lot of valuable and sensitive data.

 Initiate- In this phase the focus will be on the need of the regulatory compliance

in the financial institutions by projecting the risks involved. This phase of initiation mainly

includes the decision to design the compliance program. This phase will also include the

formation of the compliance team.

 Plan- This phase is the crucial phase while designing a compliance program as it

is the position where the compliance team will form the goals, objectives, risks, policies and

procedures of the compliance program (Prorokowski & Prorokowski, 2014).

 Develop- Third phase will include the development of a compliance program

which will move ahead with monitoring and identifying the gaps in regulations of the

financial institutions. An internal audit could be the best possible way to understand the

required policies for the organization as per the compliance (Prorokowski & Prorokowski,

2014).

 Implement- The last phase of the compliance program would be to implement

and install process applications that handles threats, reports and problems from top to bottom

that affect the company. Be that as it may, a genuinely effective compliance program needs a

dedication from the association's most significant levels not exclusively to set up the program

yet in addition an eagerness to make the best choice as an organization. In the event that the

organization isn't completely dedicated to moral conduct, the most powerful compliance

frameworks can come up short (Scanlan & Purdon, 2007).

 References

Guan Siew Teo (2004). Regulatory challenges in the development of a global security markets.

Singapore Journal of Legal Studies vol (2), pp. 173-191

Garry C. Gray. (2014). Governing Inside the Organization: Interpreting Regulation and

Compliance. American Journal of Sociology Vol (1), pp. 96-145

Prorokowski, L., & Prorokowski, H. (2014). Organisation of compliance across financial

institutions. Journal Of Investment Compliance, 15(1), 65-76. doi: 10.1108/joic-12-2013-

0041

Scanlan, A., & Purdon, C. (2007). Compliance Program Management for Financial Services

Institutions in Today's Environment. The Business Lawyer, 62(2), 735-746.