“Compliance is not sexy. People don't talk about it, but they sure spend on it,'' said Robert Galluci, general partner of Landmark Ventures, which assesses new businesses and helps raise capital for emerging technology firms. "Increased regulatory demands are the new stimulus package. The feds are going to (continue to) increase regulation, which will drive compliance budgets so high that it's going to represent the new trickle-down economy."
The securities industry will face four or more years of setting up systems to comply with the Dodd-Frank Wall Street Reform Act, as thousands of enforcement policies emerge from regulatory bodies such as the Securities and Exchange Commission and the Commodity Futures Trading Commission. And global companies will face different regulations in different locales, also driving up system requirements and costs.
Similarly, protecting customer and worker information will be complex, difficult and costly, he said.
Wednesday, for instance, the Wall Street Journal reported that Alabama's securities regulation agency "mistakenly released" sensitive information about thousands of Morgan Keegan & Co. customers, forcing the Memphis broker to notify some 18,500 account holders of the breach of security.
The customer information existed in a spreadsheet, the Journal reported, and included highly sensitive information such as the account holder's name, tax identification, a range of annual income and net worth and the losses the clients incurred.
The issue, worldwide, is the difference between regulations in Massachusetts, Nevada, Japan, Switzerland, France and other locales, Gallucci said. "There's got to be some sort of reality check on these privacy regulations," he told a gathering of information system professionals belonging to the Wall Street Technology Association Wednesday morning.
Privacy requirements however may be getting stricter in the United States. Gallucci noted the introduction of House Resolution 2221, the Data Accountability and Trust Act of 2010, and Senate Bill 3742, the Data Security and Breach Notification Act of 2010. Each is designed to require companies to “protect data containing personal information, and to provide for nationwide notice in the event of a security breach.’’
The domestic regulations may not be as strict as the most “draconian European ones,” Gallucci said. But, in setting up compliance systems, companies nonetheless will have to meet the standard of the strictest country.
In any event, Gallucci said he expects an “ever-enlarging government” will make it “increasingly onerous” to comply with its regulations.
This originally appeared on Securities Technology Monitor.
Tom Steinert-Threlkeld is the editor-in-chief of Securities Technology Monitor.
Be the first to comment on this post using the section below.