Beyond mere compliance

Smart organisations will use new regulatory stipulations as a chance to drive business value, says Lynn Collier

The regulatory environment is getting more complicated for UK enterprises, and organisations must comply if they are to avoid embarrassment, fines, undertakings or even legal proceedings.

New legislation over the next 12 months will continue to challenge businesses. Yet the smartest organisations are aiming beyond compliance and looking to drive business value out of that necessity. If approached strategically, compliance is not a burden – but an opportunity.

Companies are often ill-equipped to deal with legislation, because the true impact of compliance is not immediately obvious.

For example, the Markets in Financial Instruments Directive (MiFID) introduced in October 2007, to which the majority of financial services companies need to comply, demands on average that three times the required volume of contact records be stored.

After a few months of complying with MiFID, chief information officers and IT managers began to hear their storage infrastructure creak under the strain of the data deluge. In some cases, the influx of new data volumes began to cost serious money if stored on expensive, high-availability disk systems.

For many financial services companies, MiFID has meant a lengthy retrospective overhaul of their data storage processes and infrastructure.

Switching to highly scalable storage systems to avoid expensive upgrades; implementing a tiered storage architecture to lower storage management expenses; introducing virtualisation to maximise capacity and running data deduplication software to reduce data volumes are all common approaches.

While these are all effective measures, it is easier to carry them out before the new legislation comes in, rather than afterwards, when the new data is already flooding in.

And storage environments in the financial services sector are leading the industry in handling spiralling data volumes.

One much talked-about example of upcoming regulation is EuroSOX, which will affect every European business with 2,500 or more employees.

This set of regulations brings together disparate directives already in place and harmonises them, with the aim of restoring investor confidence in the EU.

In essence, EuroSOX places greater demand on an enterprise’s financial reporting – meaning more information must be stored, tracked, modelled and made available to relevant authorities as and when required.

Archiving requirements for EuroSOX will be significant. More financial data will need to be stored and be retrievable, accurately, in tight time frames.

Relevant data needs indexing and high availability for easy retrieval. And this information needs to be secured against leaks and hack attacks.

In the current economic climate, this usually needs to be achieved on a shrinking IT budget. Only rarely can a company rip out an ineffective legacy system and introduce a new, best-of-breed infrastructure.

Non-financial sector companies must learn from the experiences of their financial sector counterparts and prepare for EuroSOX compliance.

Updates to the EU Data Retention Directive and MiFID are also expected next year.

When choosing an archiving infrastructure, it is important to select an open system with no proprietary lock-ins.

Many archival systems store data in a format unique to that vendor, which can cause problems when the system has to be upgraded and the data transferred to a new format.

In some cases this can lead to volumes of unreadable data or a lengthy and expensive migration process.

Files saved without the correct descriptions or metadata tags will be almost impossible to find. Uniform tagging throughout the organisation will pay dividends when regulatory authorities request specific data at short notice.

Future-proof technology is more cost-effective than cheap storage methods. Tape storage has an appealing price and familiarity, but winding through miles of tape in a hurry to find a critical piece of archived information is every IT manager’s nightmare.

As organisations log more data relating to customer contacts and financial information, harness this knowledge for business intelligence and ultimate advantage.

Lynn Collier is solutions director at Hitachi Data Systems EMEA