Cringley singles out the Sarbanes-Oxley Act (SOX or Sarbox), HIPAA, the Gramm-Leach-Bliley Act (GLBA), and the Family Educational Rights and Privacy Act (FERPA) in particular as regulations that corporate raiders could use as a tool to force companies into an acquisition.
Here's an example of how it will work. Imagine your bank is a medium-sized publicly traded bank headquartered in the U.S. midwest with a national charter (that is, regulated by federal, rather than state, banking authorities). Now imagine your bank is not in compliance with Section 404 of Sarbanes Oxley....If the bank isn't Section 404 compliant, which means they haven't applied sufficient internal controls to data, the auditors will report that.The trend is not limited to banks, according to Cringley. The same tactics could be used to gain control of any U.S. public company, and even educational institutions that receive federal money (i.e. virtually all of them).
Now what?
Well, if your bank isn't in compliance (many won't be), they'll have to very quickly get in compliance. They'll also have to pay a fine and perhaps one or more officers of the bank will do some time in prison. Really.
But there is a funny thing about banks, and that's the way they are regulated and controlled, which makes possible a very different outcome in the case of a Section 404 violation. Technically, the bank can't even continue to operate, because the legal definition of a bank is as a compliant organization. So a very real possibility is that your bank will be forced to merge with another bank that IS in compliance.
That's the new scam. Big banks with sophisticated IT operations are going to appear at the doors of smaller, less sophisticated, banks literally demanding the keys. They'll take over the building, the tellers, and of course the deposits for a price tag that may well be zero.
Cringley predicts the winners and losers from a technology perspective:
What this means for the IT profession is a rapid appreciation in the value of a Security CCIE (Cisco Certified Internetwork Expert) especially if that CCIE comes with a Federal security clearance. There are presently only 494 Security CCIEs. It means a boost for IBM and Oracle, and a kick in the head for Microsoft and Great Plains. It is good for datacom companies and bad for telecom companies. And it is the best time ever to be a Big 4 accountant.Read the whole thing on Cringley's website.
Related posts
SOX insanity takes hold in the IT department
Sarbanes-Oxley: stop the insanity
Making SOX compliance a meaningful exercise
Oracle moves into core banking applications
1 comment:
I don't see this as a bad thing. If companies are not getting compliant, then someone should be giving them the kick in the butt necessary to get them compliant.
I thought that a key comment in Cringely's story was
"Disk storage is cheap and getting cheaper, so in the most basic sense, complying with these new laws and regulations should be fairly simple. We already store data in digital form, so just stop erasing it. Oh, and keep the bad guys out of our personal information.
Only it isn't that simple. The laws, themselves, are arcane and sometimes difficult to interpret correctly, but mainly companies are incompetent and lazy. To archive data requires first knowing where that data is."
Cringely is right; keeping track of data and storing it is not that hard. It's just that a lot of businesses are run by people who hate accountants and IT people and spending money on those parts of the business. They see Sarbox as just yet another example of "government red tape."
Post a Comment