Over-compliance is the new compliance, says former SEC Chairman

Minimal muster is for losers

  • alert
  • submit to reddit

Top three mobile application threats

Compliance. Compliance. Compliance. You can't escape it these days. The word has been tossed about in the public domain so often that the concept it represents has lost some of its meaning. Vendors of all types have stapled "Compliance" onto whatever product they find laying around, hoping fear might generate a sale.

Despite the magnitude of the compliance gush, many companies still don't quite comprehend what they're up against, according to former SEC Chairman Harvey Pitt. A select few companies have taken a leadership role, meeting regulatory standards and then going one step more. Others, however, continue to dawdle along, affected by irresponsibility or carelessness.

"There are a lot of people out there who are not getting the overall message," Pitt told The Register in an interview. "They either harbor a secret view that there is going to be a massive rollback in regulatory requirements, which is not going to happen, or they are really not interested in getting ahead of the curve. They are really just interested in passing muster - minimal muster.

"They may not like what we are witnessing, but it is what it is."

The bit companies don't like is the heavy load of new regulatory requirements dished out to protect customers, consumers, shareholders and employees. In particular, many companies have revolted against Sarbanes-Oxley, which added a bit of accountability backbone to existing laws.

Pitt knows the origins of this regulatory backdrop well. While SEC Chairman, he kicked off investigations into Enron and Arthur Andersen. But, upon his resignation after 15-months on the job, many questioned whether Pitt and the SEC had kept a close enough eye on corporate America to begin with, and voiced concerns over Pitt's strong past ties with the big accounting firms who he represented while practicing law.

Controversy aside, Pitt's current firm Kalorama Partners promises to put clients under the ultimate compliance microscope and then tell them just how up to snuff they really are.

"There are definitely clients who are unhappy with the proliferation of regulatory requirements, but I also think that most are very level-headed and sensible," Pitt said. "Our clients tend to be the folks who understand the importance of what we are trying to accomplish. I think there is a good sense on the part of many large companies that this is stuff that is not going away. It is serious. People have to be focused on all of it."

Kalorama likes to add a personal touch to the rubber glove treatment. The 10-person firm doesn't let young associates near its Fortune 1000 clientele. It's big-whigs only. In addition, Kalorama, unlike law firms, doesn't charge by the hour. It charges a flat fee.

The full list of Kalorama services can be found here. It's a pretty typical consulting menu. The company can look at your corporate structure, audit committee, compliance procedures and help with investigations.

Then there is a special list of services for the really compliance crazy folks out there.

"One of the ways you can resolve liability concerns and questions is by being appropriately proactive," Pitt said. "A number of companies actually get this. Their directors get this.

"For directors, merely coming to meetings and doing their job with respect to the issues that have been presented to them is important and critical but is not sufficient. You really have to show that you didn't just sit there, but you were trying to figure out how to best serve your constituents."

Kalorama won't release a customer list or even say how many customers it has, but Pitt insists the business is more successful than he imagined it would be. As a show that things are still moving along well, Kalorama has just rolled out a new service where customers can pass its compliance test and then receive up to 25 percent cuts on their insurance policies around corporate governance.

It would be easy to argue that Pitt is selling this over-compliance idea so hard in the hopes of drumming up more business. The hirsute lawyer, however, likes to put more of an altruistic spin on things.

"This is something I have wanted to do for a very long time," he said. "This is very rewarding because it's very constructive. We are helping companies deal with a very difficult environment." ®

Related stories

Does regulation work? 'Don't ask me,' says former SEC chief
US cracks down hard on WorldCom
UK IT bosses confused about governance
Test your own software code for infringement
Open source ahoy!
Veritas plans to hand SEC $30m to end accounting saga
Sarbanes Oxley for IT security?
BOFH: Let the games begin

High performance access to file storage

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.