Balancing innovation and compliance for business success

The need for greater innovation has become a key driver for companies looking to improve their market share and profit margins

Every company wants to be at the cutting edge when it comes to efficiency, leading them to seek out new IT systems that will help them meet this objective.

However, projects like these are bound to create some challenges. A recent report by UK Finance has shown that introducing more innovative technology into a business can actually pose a significant regulatory risk. With far reaching regulation such as the General Data Protection Regulation (GDPR) now in effect, it is therefore more important than ever to ensure that technical developments are compliant.

Improving technology, the right way

Compliance can be put at risk whenever a new technology is introduced into the business, even if it is just an upgrade that has been rolled out improperly. A company’s IT systems represent a delicate ecosystem that includes a lot of elements that interact together on a continual basis. As such, introducing new software or solutions can have a major impact on day-to-day operations. Moreover, even when these changes are phased in successfully, there is still a risk that the wider business may be unaware of the regulatory impact changes could bring.

It is important that a team is created to manage technical developments and changes within the business. IT teams and those responsible for compliance must both hold levels of accountability and responsibility when designing, building and rolling out a new system. All too often, anything technology related is immediately brought to the IT department, who are then made solely responsible and accountable for all operational and regulatory risks, which can affect take-up, roll-out and ultimately ROI.

However, it is important that those responsible for compliance take ownership of their area in relation to the company’s data. The issue often lies with those in compliance not being technical enough in their understanding of a new system, which ultimately needs to change. While compliance officials do not need to understand the technology in detail, they must know its core principles in order to better balance regulatory requirements and outcomes for the business.

Avoiding non-compliance

Whether it is the need for greater transparency with user data, improved reporting methods for the regulator or enhanced security measures, any new technology being introduced will need to carefully assessed so that businesses recognises and understand whether it is compliant with current legislation. While staff trials can often help to raise any last-minute concerns about the functionality of new IT solutions, management also needs to include the IT team and compliance teams in this activity. In many cases, the IT department is left out of discussions regarding data management and compliance, making it hard for them to identify any potential conflicts in this area.

In order to address this issue, IT needs to have a greater understanding of the wider business. In particular, the IT department needs to be as involved in the company’s wider compliance measures as it is with particular applications or systems, as this will make it much easier to establish what controls need to be put in place and also pre-empt any complications that could arise from rolling out new technology and system migrations.

Plan before implementation

While IT departments can review current regulatory standards to ensure any system changes are  compliant, this should not prevent them from planning ahead. Regulatory frameworks – even in their early stages – are readily available, which makes it easy to cross-reference any planned work with upcoming regulations.

This is especially vital for technology that is still rapidly developing, such as Artificial Intelligence (AI) , automation and Big Data. As with previous innovations, once these technologies reach critical mass and consolidation takes place, regulation is sure to follow.

By recognising and anticipating the regulatory challenges that come with the introduction of more innovative technologies like these, IT can get ahead of the curve. By doing so, businesses will be able to make major enhancements to their operations or market position with an eye on compliance, right from their inception. This will ultimately help to futureproof the business from regulatory change while also keeping the company embracing innovation and change.

Although innovation is something that every business wants to have as part of its IT strategy, there needs to be a tempered approach when it comes to upgrades and migrations– not only in the roll-out, but also in term of how the company prepares for new and evolving regulations. While innovation will help to keep the business competitive, compliance will ensure the company remains viable.

About the Author

Robert Rutherford is CEO of QuoStar. Robert has been working in information technology and business systems for over 24 years. After graduating in Business Information Technology at Bournemouth University, he spent his formative years consolidating IT systems and expanding IT infrastructures around the globe. He now leads QuoStar, providing vision and strategy for the business. He actively engages with clients, providing insight and solutions for various business challenges as well as regularly commentating on industry developments and IT issues in the media.