Over-compliance is the new compliance, says former SEC Chairman

Minimal muster is for losers

  • alert
  • submit to reddit

Application security programs and practises

Compliance. Compliance. Compliance. You can't escape it these days. The word has been tossed about in the public domain so often that the concept it represents has lost some of its meaning. Vendors of all types have stapled "Compliance" onto whatever product they find laying around, hoping fear might generate a sale.

Despite the magnitude of the compliance gush, many companies still don't quite comprehend what they're up against, according to former SEC Chairman Harvey Pitt. A select few companies have taken a leadership role, meeting regulatory standards and then going one step more. Others, however, continue to dawdle along, affected by irresponsibility or carelessness.

"There are a lot of people out there who are not getting the overall message," Pitt told The Register in an interview. "They either harbor a secret view that there is going to be a massive rollback in regulatory requirements, which is not going to happen, or they are really not interested in getting ahead of the curve. They are really just interested in passing muster - minimal muster.

"They may not like what we are witnessing, but it is what it is."

The bit companies don't like is the heavy load of new regulatory requirements dished out to protect customers, consumers, shareholders and employees. In particular, many companies have revolted against Sarbanes-Oxley, which added a bit of accountability backbone to existing laws.

Pitt knows the origins of this regulatory backdrop well. While SEC Chairman, he kicked off investigations into Enron and Arthur Andersen. But, upon his resignation after 15-months on the job, many questioned whether Pitt and the SEC had kept a close enough eye on corporate America to begin with, and voiced concerns over Pitt's strong past ties with the big accounting firms who he represented while practicing law.

Controversy aside, Pitt's current firm Kalorama Partners promises to put clients under the ultimate compliance microscope and then tell them just how up to snuff they really are.

"There are definitely clients who are unhappy with the proliferation of regulatory requirements, but I also think that most are very level-headed and sensible," Pitt said. "Our clients tend to be the folks who understand the importance of what we are trying to accomplish. I think there is a good sense on the part of many large companies that this is stuff that is not going away. It is serious. People have to be focused on all of it."

Kalorama likes to add a personal touch to the rubber glove treatment. The 10-person firm doesn't let young associates near its Fortune 1000 clientele. It's big-whigs only. In addition, Kalorama, unlike law firms, doesn't charge by the hour. It charges a flat fee.

The full list of Kalorama services can be found here. It's a pretty typical consulting menu. The company can look at your corporate structure, audit committee, compliance procedures and help with investigations.

Then there is a special list of services for the really compliance crazy folks out there.

"One of the ways you can resolve liability concerns and questions is by being appropriately proactive," Pitt said. "A number of companies actually get this. Their directors get this.

"For directors, merely coming to meetings and doing their job with respect to the issues that have been presented to them is important and critical but is not sufficient. You really have to show that you didn't just sit there, but you were trying to figure out how to best serve your constituents."

Kalorama won't release a customer list or even say how many customers it has, but Pitt insists the business is more successful than he imagined it would be. As a show that things are still moving along well, Kalorama has just rolled out a new service where customers can pass its compliance test and then receive up to 25 percent cuts on their insurance policies around corporate governance.

It would be easy to argue that Pitt is selling this over-compliance idea so hard in the hopes of drumming up more business. The hirsute lawyer, however, likes to put more of an altruistic spin on things.

"This is something I have wanted to do for a very long time," he said. "This is very rewarding because it's very constructive. We are helping companies deal with a very difficult environment." ®

Related stories

Does regulation work? 'Don't ask me,' says former SEC chief
US cracks down hard on WorldCom
UK IT bosses confused about governance
Test your own software code for infringement
Open source ahoy!
Veritas plans to hand SEC $30m to end accounting saga
Sarbanes Oxley for IT security?
BOFH: Let the games begin

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.