Striving for Regulatory Compliance

The next three to five years will bring difficult challenges for companies trying to tackle increasing numbers of regulations. That is the key message of Gartner’s research published in its report “Regulatory Changes Ahead Disrupts Growth in Most Industries”. It points out that as companies bring IT systems into compliance, they can gain significant competitive advantage. Gartner analyst Jorge Lopez says CEOs cite difficulty in changing corporate culture as the top constraint to effective handling of new regulations. “The surprising thing was that the number two constraint cited by CEOs was changing underlying information systems,” he reports. Executives are worried about whether or not their technology solutions can handle the new regulatory rules. “Any software that runs an enterprise is extremely complex. That complexity helps exacerbate the constraint to change.”

On the executive’s radar

It’s a concern that SAP is trying to help alleviate. SAP has stepped up to the plate with an array of solutions designed to enable companies to comply with pressing regulatory requirements as well as standardize and optimize IT systems and business processes. Neetin Datar, director, product marketing, SAP Trade and Compliance Applications, says: “Regulatory compliance is on the radar for all C-level executives.” SAP NetWeaver, SAP Global Trade Services (GTS), SAP Compliance Management for Sarbanes-Oxley, SAP xApps Emissions Management, and a product code-named Orion for RoHS/WEEE (Restriction of Use of Certain Hazardous Substances directive and Waste Electrical and Electronic Equipment directive) legislations are among the products SAP offers. SAP customers are able to use them to help minimize the time, risk and cost of compliance and turn regulatory burden into competitive advantage.
There are three main reasons for the increasing regulation. First, financial fraud issues in the U.S. and Europe have caused government agencies to crack down on companies who don’t follow the rules or keep shareholders informed. The Sarbanes-Oxley Act of 2002 was a direct response to a spate of accounting scandals in the U.S. Its various sections are rolling out now, requiring companies to do more accurate, transparent financial reporting.
The second impetus for the growing level of regulation is the terrorist attacks on September 11, 2001. Both governments and companies want to avoid costly disruptions to global trade and the financial markets, such as those that occurred after the tragedy. Rules and regulations have been put in place to ensure the ongoing, secure flow of business.
And the third reason companies are being more highly regulated is a global effort to control health and environmental hazards via tighter safety rules. The Kyoto Protocol of 1997, for instance, requires countries and businesses to reduce polluting emissions. The business requirements of doing so are on the minds and agendas of many executives.

Burden and distraction for businesses

Regulatory compliance is becoming a burden and a distraction for businesses. Many companies would rather focus on the tasks necessary to conduct business profitably while keeping their customers satisfied, rather than on new compliance technologies and strategies. But the Gartner report refers that compliance can bring business benefits in addition to simple risk management: “Successful strategists know that regulations are a means of controlling the playing field”. Gartner’s Lopez says what seems like a short-term compliance headache can prove to be a competitive advantage in the long-run. He points to the example of DuPont, where safety is a strategic business value. The result was higher-quality products, happier employees and reductions in injury-related costs, giving the company a competitive advantage.
Datar highlights the usefulness of SAP NetWeaver to comply and to create a strategic advantage. “SAP NetWeaver,” he says, “is the foundation for proactive compliance management to systemically manage governance, risk and compliance throughout the business.” There are certain common IT requirements across all compliance challenges, including executive analytical dashboards, security management, alerts, process integration and interoperability of systems, content and records management, workflow and business process management. SAP NetWeaver helps enterprises standardize the IT requirements that are common for compliance and thus minimize time and cost while maximizing future reuse. It’s a solid foundation on which to build a comprehensive compliance program, a step that Gartner and other researchers strongly suggest.
Gartner offers a tool for companies to build a compliance program, called the “GartnerG2 regulatory radar scope.” It’s designed to help companies understand and meet regulatory challenges when they have customers from many different industries. The radar scope helps companies assess the industries that a particular regulation applies to and determine how much of its business the regulation will impact. It also helps companies plan for regulatory deadlines and keep track of when the business will experience the impact of the change.

Radar Scope
Radar Scope

And the radar scope lets companies keep track of the source of each regulation, whether it’s from international, national, state or local authorities. It can then be used to determine if additional strategies need to be put in place to handle it. The program should be part of a company’s comprehensive compliance-focused culture that an IT update alone cannot engender. “No matter how much technology you throw at a regulatory challenge, if people don’t have the mindset to change, it’s going to be very difficult,” Lopez says.

SAP solutions for compliance management

As part of compliance with the Sarbanes-Oxley Act, companies must report within 48 hours of their occurrence material changes that could affect the business. Such material changes, whether they are man-made or caused by market conditions or other external forces, have to be fully disclosed to all shareholders. Out of all the new regulations, Sarbanes-Oxley presents one of the biggest technology challenges. “One potential outcome that Gartner has forecast is that the government will want to see documentation of changes made in the system because those system changes could reflect process changes being implemented that can negatively affect the business,” Lopez says. SAP Compliance Management for Sarbanes-Oxley Act gives a company assurance that it is in compliance.
Another product, SAP Global Trade Services (SAP GTS), is a composite application for legally and effectively handling the complexities of global trade, which changed forever after the events of September 11. Due to the heightened awareness around security and global trade, businesses are replacing their manual and error-prone processes with GTS, allowing them to ensure smooth sailing for their global supply chains across borders, but more importantly to mitigate and manage risks of non-compliance.
SAP xApp Emissions Management is designed to help companies address the global Kyoto Protocol and U.S.’s Clean Air Act. The protocol puts binding limitations on greenhouse gases. The United States agreed to reduce emissions by 7 percent during the period from 2008 to 2012. To cut emissions by the deadline, companies must gear up now.

Reduction of emissions

As a cautionary tale, Datar explains that one company was fined $319 million for its poor emissions practices, a fate all would like to avoid. SAP xApp Emissions Management is designed to reduce the risk of falling out of compliance with the protocol. So far, five SAP customers are using this xApp. SAP would like to invite five other customers to participate in the ramp-up of this innovative new product.
The SAP product code-named Orion can help companies handle the two EU-based directives, the WEEE directive and the ROHS directive, which have some sections set to go into effect soon. The directives require manufacturers to control levels of toxic materials in products. They include a ban on heavy metals and toxic flame retardants and a reduction in the disposal of computers into municipal dumps.
With some two million computers buried in landfills each year just in the U.S., WEEE and ROHS make it a legal requirement that companies facilitate reuse or recycling of computers whenever possible. Further, the directives require companies to be up-to-date about the requirements of their trading partner nations when it comes to ingredients considered to be toxic. Since toxic ingredient restrictions vary from country to country, not knowing the facts can be a costly liability. Datar points to the example of one company that was stopped from shipping their product into the Netherlands as the product had too-high levels of cadmium. It cost the company around $100 million in market share as well as the price of reworking the final product.
And then there are the not-so-tangible but equally damaging problems that can come from a lack of regulatory compliance. At the top of that list is a bad reputation. If the public or shareholders or a national government gets the impression that a company is not eco-friendly, socially responsible or fiscally responsible, it can devastate the company’s future business.
Along with the implementation of the right selection of SAP solutions, Datar encourages companies to create the position of chief compliance officer. This executive is responsible to oversee all compliance activities, including the bolstering of IT infrastructure and the creation of compliance working groups.
AMR Research estimates that companies will spend some $5.5 billion on compliance with Sarbanes-Oxley in 2004. The effects of Homeland Security measures on global trade will cost U.S. enterprises $32.8 billion per year, analysts say. Information Week magazine reports that 64 percent of company executives fear that non-compliance with those and other regulations could negatively effect their careers. On a more positive note, the end result of compliance is greater than staying in the right job or on the right side of the law. It’s time and cost savings that give companies an edge over rivals.

Sarah Z. Sleeper
Sarah Z. Sleeper