Technology will not prevent another 'Enron' scandal

No amount of IT investment to comply with regulations such as Basel II and Sarbanes-Oxley can prevent the kind of deliberate fraud that led to the Enron and Barings Bank scandals – but it will make it easier to prosecute the guilty parties and ensure greater transparency, according to industry experts.

Compliance is building up to be the next Y2K for CIOs and IT directors, with warnings that failure to comply with new regulations could lead to huge fines and possibly jail for executives of organisations that fall foul of the legislation. Analyst Datamonitor predicts Western European banks will spend €1.7bn just on Basel II projects this year, while Barclays alone spent 20 per cent of its IT budget on compliance initiatives in 2003.

At a compliance event in London today, Debra Logan, research director at Gartner, admitted it is impossible to prevent the kind of scandal that saw trader Nick Leeson bring down his bank, but she said investment in things like automation and data tracking will be vital for firms to show they acted responsibly.

"It will also be easier to find where the blame lies and justice will be swifter," she said.

She said organisations should be wary of hype from vendors around products that claim to solve their compliance headaches. "We don't see any vendor being able to provide a compliance solution."

One area that Gartner is seeing banks invest in is corporate instant messaging products that allow full monitoring and archiving, as well as stronger email monitoring.

"One of the things we are seeing is financial services firms investing in active email policy management and filtering. You write rules and it looks for certain kinds of email – it might block it or it can bring up the policy for the user [who sent the email]."

Doug Coombs, product manager at content management firm FileNet, agreed that compliance is not just about technology. "There's a balance to be struck on both sides," he said.

Jim Fleming, former head of corporate authorisation at the Financial Services Authority and director of consultancy CStarr, said an organisation-wide approach is needed, with the CIO involved at an early stage.

"Best practice is having an enterprise-wide risk management committee," he said.

Logan said CIOs need to treat compliance as a "way of life" and not just a set of individual regulations.