Is there too much regulation?

Analysts suggest that regulation is a burden, but do those who are bound by it agree?

By David Neal, 7 Sep 2009 at 10:41

"A lot of regulations are politically driven, and ill-thought out," he said. "Companies spend a lot of time and money in trying to adhere to regulations that are impossible. Yes, compliance is a burden - but if the approach taken is correct, the end results can be good for the business... Regulatory compliance cannot be done through applying a new sticking plaster every time something comes out. The root cause of the illness has to dealt with - through what we call a compliance oriented architecture (COA)."

Using such an approach, Longbottom explained, takes a lot of the pain out of dealing with data - particularly when it is off interest to outside forces.

"Within a COA, the data is king. By applying the requisite security policies to data, compliance can then be layered on top. For example, using classification, we can assign all documents and data items as 'Public', 'Internal', 'Restricted', 'Secure', 'Eyes only' or whatever. This classification tag can then be "read" by applications so as to decide what can be done with the information. An attachment to an email with the tag 'Public'? Fine, let it go through. the same with 'Secure'? Hold it, and carry out an exception action on it."

Do companies welcome regulation?

These are service providers, however, what of those companies that use these services? Do they welcome the intrusion of new guidelines and resources? Andy Rawlings, director of Application Services ISS at Research Council UK's Shared Services centre (RCUK SSC), agreed that legislation was increasing in his area but said that he felt well-prepared to cope with any change.

"We are public sector and do not suffer from some of the things that the business world face at the moment in terms of data retention/accounting practice. However, regulation is increasing even in our sector," he said. "Currently I feel adequately regulated."

However, Rawlings added that in some areas regulations did create 'pain', particularly in those that relate to customers and employees.

"Yes they can be a pain," he continued. "Freedom of information, Health and Safety and data protection are the things that affect us most. They can make doing business more difficult but this is not to say that their aims are bad. No one wants to get injured at work or lose sensitive data."

Ryan Schlanders, IT infrastructure services team manager at financial firm Credit Market Analysis (CMA) said that he felt that being subjected to external scrutiny of any kind was a good thing for business and would help his organisation to improve the services it provides as well as its own reputation.

"CMA isn’t governed by the same legislative rules as a normal financial institute would. Since we don’t technically hold financial client information we have no requirement to be ISO or FSA certified. Having said that, I do plan on being audited by the FSA next year as producing the certification does help deal with some of our current or future clients," he said.

1 2

Email to a friend

Print this page

< Previous Strategy : Analysis & Insight Next >

3 comments

You need to Login or Register to comment.

Too Much Regulation?

I don't think so.

Regardless of the industry, Banking and the Telecoms industry being another example, All companies subject first to law and then to regulation, seek to find ways to exploit customer. Exploiting customers, often enters the realms of unethical, immoral, outdated and anti-competative business practices using any and all means to ties customers into exorbitant contracts with rediculous penalties and making it nearly impossible to get out of such arrangements without a practically bankrupting the customer.

I think there is too little Regulation and that Regulation is too loosely controlled. Imagine if you will telling a child that they cannot have sweets or biscuits in a jar but not making it inaccessible or monitoring that child. How many children would for their own self interests ignore the parent and help themselves anyway?

The only way to prevent companies from abusing a flawed system is to reinvent the system in a manner that make the system impossible to abuse, or so costly to abuse that to abuse it is unthinkable.

The simplest way would be to rely not on self regulation or on less than effective regulators or regulatory bodies with conflicts of interest, but to rely on law and effective authority to police that law.

An effective law must be all-encompassing. Current legislation says "You can do almost anything you want but certain things must either not be done or must be done in a certain way" Allowing anyone to come up with schemes to bypass shortcomings and loopholes in complicated laws.

New legislation must completely superseed old legislations for businesses and must operate in the manner "It is illegal to perform any action in the name of business, that is not explicitly defined and described in the following laws." and subsequently must describe for each type of business exactly how that business may operate.

For example Contracts for different types of situations may be predefined in law along with acceptable terms or permutations of terms. Similarly charges, rates and penalities may similarly be defined.

In this way businesses must operate in a fair and ethical manner, customers would have little grounds to cry foul over for example a fee or a penalty that is reasonable.

Today this is not the case where costs for example of Banking penalties for example for going overdrawn are grossly excessive and not realistic - a £35 fee for such a situation might be considered reasonable in 1970 when most business practices were done by hand, yet today a bank with 1,000,000 customers and for example 10,000 customers with penalties might involve a few consultants running a program on a computer to generate 10,000 letters with a negligible cost of less than 10% of todays penalties.

OR

A Credit Card has an a minimum monthly repayment which is less than the cost of the interest rate, resulting in a debt which might never gets payed off.

By Hitman101 on Tuesday Sep 8

The right type of regulation.

Regulation needs to focus on markets not companies. It needs to keep companies relatively small and de-coupled from each other in risk terms. Micro-managing companies is precisely the wrong approach because it stifles innovation and has unintended and usually bad consequences. Hitman101 supposes regulators and lawmakers are "parents" and business people are "children". This simply does not work because companies will always be able to recruit any civil servant or regulator that shows any sign of intelligence.
Micromanaging regulation tends to favour larger companies over smaller ones because they are better placed to influence the regulators and the governments. Thus it undermines itself by driving companies larger and larger until they grow so large they cannot be effectively regulated.
In the light of this, of course large companies like regulation and people within large companies like it too because it is a "get out of jail free card" - you cannot touch me, I followed all the rules and ticked all the boxes, so if something ban happened it is not my fault, it must be the rules that are wrong.
We need to get back to holding people responsible for outcomes rather than for process.

By JohnHind on Tuesday Sep 15

Flawed Analysis

You examine regulation from the wrong perspective. Ask this question: who pays for it?

The Government? No. The industry? No. The consumer? Got it.

The imposition of regulation carries costs, but injects no extra cash. Obviously these costs ripple through to the consumer. They are often unreasonably high, since the state will impose a bureaucratic model of regulation rather than a functional one.

The only remaining question is, does the consumer get anything for the regulatory tax they now pay? Is there any value in it? Too often the answer is no.

Much regulation is designed to protect consumers from their own fecklessness - and most are probably happy to pay these costs as a sort of insurance policy and in recognition that some consumers are genuinely 'vulnerable'.

In far too many cases, however, regulation adds nothing of any benefit to anyone, even the exchequer: all the additional costs do is provide employment and index-linked pensions for another group of civil servants.

One could wish regulation were subject to some obvious tests: is it necessary to address some actual problem, proportionate in cost to the cost of that problem, reasonable in whom the burden of the cost falls on, likely to be effective in mitigating the problem.

In my view about 95% of regulation fails one or more of those tests.

By Ashley on Tuesday Oct 6