Compliance is a very broad term. At the top level, one can
divide it into two categories: business related compliance such as adherence to
service level agreements;
regulatory compliance such as adhering to Sarbanes-Oxley Act,
the USA PATRIOT Act, or industry-specific regulations such as Basel II for
banks, or HIPAA in healthcare.
In most discussions, compliance refers mostly to the latter.
Though there are industries other than the traditionally regulated ones like
banking, finance and pharmaceuticals that are showing interest, investments are
due to regulatory enforcements.
A McKinsey article based on the firms study of CIO spending
last year noted that, "they (CIOs) are enhancing the finance and accounting
modules of their ERP systems to comply with governance regulations such as
Sarbanes-Oxley." That is the basic minimum though. However, in realistic
terms, thats where current investments are taking place. A CFO magazine
research earlier found that finance executives call for improving their existing
ERP systems and processes that support regulatory compliance efforts, instead of
looking at new classes of technology.
The biggest opportunity lies within the Indian outsourcing industry |
A Holistic Approach
While the initial response to meet with compliance requirements was more of
a patchwork approach, today there is a significant market for what are called
compliance solutions.
According to MR firm, The Radicati Group, "The compliance
market is shared by anti-spam, e-mail archiving, IM management and pure-play
vendors. The total worldwide market value of these solutions is expected to
reach over $674 mn in 2007, and grow up to $2.4 bn by 2011."
EMC, which has now popularized the phrase Information Lifecycle
Management, was an early pioneer. The firm introduced the Centera Compliance
Edition way back in 2003. It bundled storage hardware and data management
software that addressed compliance markets for HIPAA, SEC Rule 17a-4, and 21CFR
Part 11. It then added SOX too. IBM joined the race later by introducing the IBM
TotalStorage Data Retention system.
But these were largely storage-centric data management
solutions. The scope since then has expanded to include business process
management, enterprise content management as well as risk management and
governance. Forrester tracks this market calling it GRC or Governance, Risk and
Compliance platform market and predicts that from $590 mn in 2006, this market
will grow to $1.3 bn by 2011.
Forrester identifies four areas that these solutions must
address: Policy, procedure, and control documentation; Risk and control
assessment; Risk analytics; Loss, event, and investigations management.
In 2006, Forrester identified Axentis, BWise, IBM, and QUMAS as
leaders, from among ten suppliers. Of late, IT service providers such as TCS,
Wipro, and HCL have aggressively targeted this space.
In India, it is still very early days! With India becoming a
major base for the pharma industry, this market is likely to pick up. But, the
biggest opportunity lies within the Indian outsourcing industry. Dealing with
clients from multiple segments geographies require them to comply with a variety
of regulations.
Shyamanuja Das
shyamanujad@cybermedia.co.in