IT's Burden of Compliance

Comment | Print | RSS

• Login to Rate

The Burden Tracker, as Committee Chairman Spencer Bachus says, “will help the public better understand how the cumulative weight of these new rules -- layered upon existing outdated, unnecessary and duplicative red tape -- hurts small businesses and financial institutions.” Of course, that’s a loaded description from a partisan opponent of the original bill.

Here’s another one from Oversight and Investigations Subcommittee Chairman Randy Neugebauer: “It will take over 24 million man hours to comply with Dodd-Frank rules per year. It took only 20 million to build the Panama Canal.”

I suspect that those of you in Financial Services IT find that argument pretty convincing. Why should so many man hours be put into something as onerous as compliance?

I won’t argue the merits of Dodd-Frank. As the press release admits, only 185 of the 400 rules required by Dodd-Frank have been written so far. We’re still figuring out what Dodd-Frank is. Until then, it is silly to argue whether it is good or bad.

Instead, I want to remind you of the heady days of Sarbanes-Oxley. In 2005, The Economist published an article asking whether the cure of SOX was worse than the disease. The article said large enterprises were wasting 70,000 man hours to SOX compliance and that the net cost to the economy of SOX was $1.4 trillion. SOX had passed 423-3 in the House and 99-0 in the Senate, and yet the whining commenced almost immediately.

But it soon became clear that man hours and cost of compliance would go down as IT applied its special brand of ingenuity to it. Even from 2004 to 2005 at the very beginning of SOX, the cost dropped 46 percent. Even that early Economist article admitted that the upfront cost was the worst. Costs and man hours continued to drop as more was automated and the process was built into daily business. According to this 2011 survey, SOX costs between $100,000 and $1 million per year for most companies, when the cost shown in the 2004 survey was $4.6 million.

There were side benefits to SOX, as well. It gave companies a better understanding of what they were doing, helped them avoid risk, and even led to new best-practices that saved money elsewhere. Of course, I’m not going to argue for the success or failure of Dodd-Frank based on SOX. I’m sure one could point to failures in SOX as well.

I merely use it as an example to show that the estimate of man hours required in Dodd-Frank is grossly exaggerated. Those figures, if accurate, will only be accurate for the first year of the process at best. The costs and labor will go down as IT applies itself to automating the process.

Burden trackers are a great idea. We need to know exactly what we’re asking the enterprise to do. But to be honest about it, they need to take into account IT’s immense skill in turning a big problem into a small one in very short order. I don’t think we know enough about Dodd-Frank to make a judgment yet, but I do know financial services CIOs will have their departments ready to respond.