NEW YORK -- IBM announced Monday the availability of new products designed to help businesses comply with a slew of new federal regulations that concern accounting processes, customer privacy and security.
The new products announced at the press event include IBM's Content Management for Message Monitoring and Retention, Lotus Workplace for Business Controls Reporting Version 2 and the Tivoli Security Compliance Manager, which will be released in May.
Because of regulations such as the Sarbanes-Oxley Act of 2002, Gramm-Leach Bliley Act, the Healthcare Insurance Portability and Accountability Act of 1996 (HIPPA) and other legislation, businesses are scrambling to meet deadlines for significant changes in how they handle data, said Susanne Ruschka-Taylor, partner and Americas leader for business risk management at IBM's BCS group.
While some vendors offer point solutions tailored to help organizations address today's individual regulatory requirements, Ruschka-Taylor said that IBM is taking a different approach.
IBM found broad commonalities among more than 100 new regulations and has designed systems that help businesses address multiple regulations with a unified approach. It also intends to allow businesses to both meet current deadlines and become more proactive in the future.
Adrian Bowles, director of education and research at the IT Compliance Institute, an online information service based in Chatsworth, Calif., said that businesses should take advantage of these regulations to help them build more flexible and responsive systems. And though these regulations are specific to different industries and have different goals, he said that they often force businesses to adopt better practices such as improved security or better archiving of data—measures they should implement anyway.
Bowles expects businesses to spend as much as $40 billion to come into compliance with federal and state regulations.
Many new regulations including Securities and Exchange Commission (SEC) 17 A-4 and National Association of Securities Dealers (NASD) 3010/3110 require organizations to better archive and retain e-mail. Financial services organizations are increasingly being forced to monitor e-mail for illegal correspondence, especially now that organizations are under a more intense regulatory microscope.
"As long as Elliott Spitzer has a budget we will have a budget," Bowles joked, referring to New York State's Attorney General who made a name pursuing wrong doing at the U.S.'s largest financial services firms.
IBM's content management product was developed in partnership with Reston, Va.-based iLumin Software Services, Inc. The product is able to scan incoming and outgoing e-mail before or after it is sent. If suspicious phrases such as "inside tip" or "no one knows," are used, those messages can be flagged and reviewed by a compliance officer.
The software helps to avoid errors by identifying not only words but also phrases and context. The product can differentiate between a message about someone who is planning to sue and someone setting up a lunch with Sue said Brett MacIntyre, IBM software group's vice president of enterprise content management.
Compliance officers can make notations about the message and even send a note to the message's sender letting that person know that the message is inappropriate. All activity around the message is also associated with that message.
The messages are then archived and can be searched in a similarly detailed manner. Attachments can be archived separately to help conserve space on e-mail servers.
The same product can be used for the archiving and tracking of any record within an organization. The iLumin software is capable of analyzing text in any legacy application, Macintyre said.
The IBM Lotus Workplace for Business Controls and reporting is designed to help businesses meet the needs of regulations such as the Sarbanes-Oxley Act of 2002 Section portions of which will go into effect at the end of this year. Among other things the act requires corporate officers to attest to the validity of the accounting in statements filed with the SEC.
At Huntington Bancshares Inc., a financial services firm based in Columbus, Ohio, upper management is quick to allocate resources and personnel to the issue, said John Benninger, senior vice president of risk management and corporate governance.
Huntington has created a separate group to address compliance issues and funded it with $500,000, which has been spent on consulting services with accounting firm KPMG (with whom IBM is partnering in order to provide a full range of compliance-oriented services) and technology from IBM. It is about to launch version two of the Lotus product.
Like other large organizations Huntington is facing a challenge when it comes to moving data from various departments into a central repository where it can be accessed across the organization. Benninger said that at Huntington, individuals from within each business unit are transferring files into such a central location a few groups at a time. In June, Huntington expects to have the project complete and begin testing with its outside auditor in October of this year.
IBM's Tivoli product will be released in May and is designed to help organizations cope with regulations such as HIPAA. The product gives security professionals early warning of a security breach and helps them pinpoint where the breach took place.
The Lotus Workplace for Business Controls and Reporting Version 2 is priced at $1150 per user. The content manager is priced individually.