Over-compliance is the new compliance, says former SEC Chairman

Minimal muster is for losers

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Compliance. Compliance. Compliance. You can't escape it these days. The word has been tossed about in the public domain so often that the concept it represents has lost some of its meaning. Vendors of all types have stapled "Compliance" onto whatever product they find laying around, hoping fear might generate a sale.

Despite the magnitude of the compliance gush, many companies still don't quite comprehend what they're up against, according to former SEC Chairman Harvey Pitt. A select few companies have taken a leadership role, meeting regulatory standards and then going one step more. Others, however, continue to dawdle along, affected by irresponsibility or carelessness.

"There are a lot of people out there who are not getting the overall message," Pitt told The Register in an interview. "They either harbor a secret view that there is going to be a massive rollback in regulatory requirements, which is not going to happen, or they are really not interested in getting ahead of the curve. They are really just interested in passing muster - minimal muster.

"They may not like what we are witnessing, but it is what it is."

The bit companies don't like is the heavy load of new regulatory requirements dished out to protect customers, consumers, shareholders and employees. In particular, many companies have revolted against Sarbanes-Oxley, which added a bit of accountability backbone to existing laws.

Pitt knows the origins of this regulatory backdrop well. While SEC Chairman, he kicked off investigations into Enron and Arthur Andersen. But, upon his resignation after 15-months on the job, many questioned whether Pitt and the SEC had kept a close enough eye on corporate America to begin with, and voiced concerns over Pitt's strong past ties with the big accounting firms who he represented while practicing law.

Controversy aside, Pitt's current firm Kalorama Partners promises to put clients under the ultimate compliance microscope and then tell them just how up to snuff they really are.

"There are definitely clients who are unhappy with the proliferation of regulatory requirements, but I also think that most are very level-headed and sensible," Pitt said. "Our clients tend to be the folks who understand the importance of what we are trying to accomplish. I think there is a good sense on the part of many large companies that this is stuff that is not going away. It is serious. People have to be focused on all of it."

Kalorama likes to add a personal touch to the rubber glove treatment. The 10-person firm doesn't let young associates near its Fortune 1000 clientele. It's big-whigs only. In addition, Kalorama, unlike law firms, doesn't charge by the hour. It charges a flat fee.

The full list of Kalorama services can be found here. It's a pretty typical consulting menu. The company can look at your corporate structure, audit committee, compliance procedures and help with investigations.

Then there is a special list of services for the really compliance crazy folks out there.

"One of the ways you can resolve liability concerns and questions is by being appropriately proactive," Pitt said. "A number of companies actually get this. Their directors get this.

"For directors, merely coming to meetings and doing their job with respect to the issues that have been presented to them is important and critical but is not sufficient. You really have to show that you didn't just sit there, but you were trying to figure out how to best serve your constituents."

Kalorama won't release a customer list or even say how many customers it has, but Pitt insists the business is more successful than he imagined it would be. As a show that things are still moving along well, Kalorama has just rolled out a new service where customers can pass its compliance test and then receive up to 25 percent cuts on their insurance policies around corporate governance.

It would be easy to argue that Pitt is selling this over-compliance idea so hard in the hopes of drumming up more business. The hirsute lawyer, however, likes to put more of an altruistic spin on things.

"This is something I have wanted to do for a very long time," he said. "This is very rewarding because it's very constructive. We are helping companies deal with a very difficult environment." ®

Related stories

Does regulation work? 'Don't ask me,' says former SEC chief
US cracks down hard on WorldCom
UK IT bosses confused about governance
Test your own software code for infringement
Open source ahoy!
Veritas plans to hand SEC $30m to end accounting saga
Sarbanes Oxley for IT security?
BOFH: Let the games begin

Protecting against web application threats using SSL

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.