CIO Insider

CIOInsider India Magazine


Seamless Compliance Is The Need Of The Hour To Avoid Penalization

Neelesh Kripalani, Chief Technology Officer, Clover Infotec

Neelesh brings more than twenty years of experience in the IT industry, which in fact is a perfect blend of IT services and BFSI sector experience.

What Changed?
With an unprecedented number of people starting to work on a remote or work from model, the phishing and ransomware attacks were increased drastically across the globe; by 11 percent and six percent respectively in the yesteryear, and the instances of Misrepresentation increased by 15 times compared to last year, according to an investigative report by Verizon. The rise in cyber-attacks, data breaches, and remote access to sensitive data during the pandemic has forced the regulatory authorities to enforce stringent norms on organizations and their data. The constituents of these norms were to design a robust cybersecurity policy, remote access management policy, user identification, authorization policy, and data safeguarding policy.

Additionally, due to some organizations leaking customer data to third parties for monetary gains, the regulatory authority pushed the envelope even further. Policies such as GDPR (General Data Protection Regulation) and India’s own GDPR-equivalent PDPB (Personal Data Protection Bill) were created to safeguard customer data and eliminate pilferage.

These norms were released in such quick succession that organizations found it challenging to scrutinize, understand, and comply with them in the stipulated time frame. The industries such as banking, and insurance were facing the wrath of such norms due to sheer volume of customer data and its sensitivity. Banks and other financial institutions were put under too much pressure to generate new reports based on revised policies.

This sudden outburst of compliance led to chaos within the organization. The management found it

difficult to focus on business-as-usual (BAU) and rather were playing catch-up with the regulators. Some organizations were even penalized heavily for non-adherence to policies within the stipulated time.

What Happens Now?
A few tweaks to organizations’ existing processes can lead to improvements in their compliance adherence. Here are a few tips that can help in those improvements:

Initiate Change
Top Level Sponsorship to initiate change in processes, and methodologies can help build seamlessness in process compliance. Changes in processes to comply with the new guidelines can slowly take shape. It is not an overnight process, and requires a lot of thought and action. Management must take ownership of redesigning or tweaking core processes, data storage and security to comply with such norms. Continual improvements is a must and the onus is on the management to take the time out to design the change, and deliver.

Revisions to policies mean more audits and scrutiny. Most of the time, the communication between the regulators and the organization is siloed and scattered, and hence, is often lost

Make Regulatory Communication Lossless
Revisions to policies mean more audits and scrutiny. Most of the time, the communication between the regulators and the organization is siloed and scattered, and hence, is often lost. To make the communication lossless, the IT team can leverage digital tools and create a communication portal to create a one-stop shop for all regulatory communications. This helps in getting all the compliance and audit requests at one place and enables seamless response to all of them. Data Analytics can also help in identifying and resolving bottlenecks in responses.

Data Security
Organizations with large amounts of data must also ensure data security, safeguard privacy, minimize risks, and be vigilant against cyber-attacks and incidents. According to a Gartner Survey, Worldwide Information Security Spending will exceed $124 Billion in a year. With data and security risks proliferating with time, organizations need to embed risk management into their business continuity plan. There are data security tools by OEMs that help organizations prevent leaks from databases, data warehouses and Big Data environments, ensure the integrity of information, and automate compliance controls across heterogeneous environments.

Regular penalties can seriously hamper the brand image, leading to reduction in customer footfalls. This can have a domino effect on customer acquisition, experience, engagement and revenue. The Organizations must make compliance adherence their top priority to preserve process quality and survive such penalties. CIOs must lead the digital transformation journey. They can leverage digital tools to simplify compliance processes to make adherence to new policies seamless and lossless. Going digital is the need of the hour, and the onus is on the compliance team to be the driver of change.

Current Issue
ARETE: Pioneering Cyber Risk Solutions & Transforming The Future Of Cybersecurity