Banking Technology Magazine | Banking CIO Outlook
bankingciooutlook
JULY 20168By Scott Blake, SVP & CIO, Bangor Savings BankIf there is one thing all bankers agree on, it is that our regulatory burden is a heavy weight to bear. For IT, some shops spend a lot of their time just on compliance. Should compliance be the main driver for our work? Are our resources best spent on being compliant? Does compliance accomplish anything useful? Some regulations around disclosures and retention, among others, can seem very arbitrary, perhaps even capricious in a few cases. Auditors and examiners who take a very rigid interpretation of the rules can amplify this perception. Most of us have more than one story of a seemingly ludicrous finding, mandate, regulation, or law that we got hit with requiring an over-the-top or expensive response that added nothing to our security.As much as the facts themselves, we often struggle with what appears to be inconsistency. Most of us know a peer who was compelled to do something that we were not required to do. Sometimes, we have been told to change a practice we have had for a long time, but seemingly all of a sudden becomes unacceptable. A situation that was fine last year becomes a problem this year.Although I have my share of these stories, too, I find that a bit of perspective is helpful. I saw a bumper sticker recently that read, "Everything happens for a reason. Sometimes the reason is that you make bad choices." Similarly, every banking regulation exists for a reason. In almost every case the reason is that a bank (or perhaps many banks) behaved poorly. It wasn't our bank (of course), but we now have to make up for the bad apples. Like so many things in life and law, an incident or pattern created a perceived need to, "do something about it," on the part of our lawmakers or regulators. We may not like it and we may not agree with it, but it is always possible to find the reason for the rule.A recent example might be the push to convert off Windows XP when support ended for that platform a couple years ago. We were all asked by the powers that be to have a plan and demonstrate execution of the plan to be converted to a supported platform on time. Most of us even accomplished the task (at least mostly) before the deadline. The hardest part for many of us was converting the ATM fleet. What was the reason for this rule? Is end of Forget About IT ComplianceIn My Opinion
< Page 7 | Page 9 >