Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Google

    HP

    IBM

    Intel

    Microsoft

    Oracle

    Red Hat

    Salesforce

    SAP

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • AI
    • Amazon
    • Augmented Reality
    • CISCO
    • DevOps
    • Education
    • Sports
    • EPM
    • ERP
    • Gamification
    • HPC
    • IT Services
    • Metals and Mining
    • Project Management
    • Robotics
    • Salesforce
    • Simulation
    • Smart City
    • Enterprise Asset Management
    • Travel and Hospitality
    • Unified Communication
    More
    ERP Gamification HPC IT Services Metals and Mining Project Management Robotics Salesforce Simulation Smart City Enterprise Asset Management Travel and Hospitality Unified Communication
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    CIOs Need To Know Their Business, Not Just Tech

    John Sadowski, EVP & CIO, Sandy Spring Bank

    Your Next Law Firm Website Project

    Vic Peterson, CIO, Stinson Leonard Street LLP

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    The Digital Agency

    Ralph Chivers, CIO, Ministry of Business Innovation and Employment, New Zealand

    E-commerce and the Data behind it

    Klemen Drole, CIO, Lazada Group

    Need and Importance of IT in the Shipping Industry

    Anjan Deb, GM-IT (CIO), The Great Eastern Shipping

    At the Crossroads of Sports and Technology

    Jerry Mcglynn, CIO, Specialized Bicycle Components

    Proliferative Innovation via Platform+Agile

    Dr. Steve Hodgkinson, CIO,Department of Health & Human Services in Melbourne, Australia

    right

    Meeting Compliance to Mitigate Risks

    By Xavier Leschaeve, CISO, Remy Cointreau

    Tweet
    content-image

    Xavier Leschaeve, CISO, Remy Cointreau

    Trends in the Compliance Arena

    We are seeing more and more regulations in the compliance area, but hopefully also a convergence of the different regulations. In the past, it was very common to have conflicting regulations between countries or even states. While this still exists, it tends to be less frequent. Being a French based company, we can see that in Europe, some regulations are starting to converge, such as the new GDPR (General Data Protection Regulation). Voted in 2016 and applicable for 2018, the GDPR aims to harmonize Data Privacy regulations in Europe. This will have a significant impact on European companies but also on foreign companies operating in Europe. In most cases a DPO (Data Privacy Officer) will be appointed, data leakage will be escalated to the regulator within 72 hours and a fine of up to 4 percent of the worldwide revenue of the companies can be implemented. In France a specific regulation is also in place for cyber security, but only applicable for the companies critical to the nation (public services, transportation, energy, banks).

    "Compliance risk must be evaluated and monitored in the risk map of the company"

    Integrating Non-public Information

    In our open world of communication, with massive usage of cloud, mobility, and the BYOD trend, it is more and more difficult to keep track of the information flow. Some technology like DLP (Data Leakage Prevention) exists but implementation and operation is complex. For Cloud, CASB (Cloud Access Security Brokers) are emerging, enabling us to keep track of data even outside the perimeter of the company.

    “I feel strongly that treating compliance through the risk management prism is the best angle to take.”

    For Cloud, CASB (Cloud Access Security Brokers) are emerging, enabling us to keep track of data even outside the perimeter of the company

    Maturity of the Company Defines a CCO‘s Seat

    There are always never ending discussions on who should have a seat on the board, who should report to who… the CIO should report to the board, now CISO, CDO or CCO should be part of the Excom … There is no definitive answer on that. It depends on the industry the CCO is working in and the maturity of the company in this area. The two are often intertwined. In a highly regulated environment, the CCO should definitely be a member of the Executive Committee, and have a voice about the strategy of the company. In other domains where compliance is less vital, the role will always be important due to its compulsory aspect of compliance. Discussion with business users must be regular, to educate them about compliance and the impact their day-to-day responsibilities on compliance so that they and to implement the necessary controls. The executive team must be regularly updated about this topic.

    Risk Management Framework Brings Visibility to Compliance Risks

    I strongly feel that treating compliance through the risk management prism is the best angle to take. Compliance risk must be evaluated and monitored in the risk map of the company. But we shouldn’t only evaluate the risks associated with not being compliant. We also need to evaluate how being compliant will reduce other risks in the company. This avoids managing regulatory compliance as merely a “check the box” exercise. Regulations are there to reduce risks. So it is usually in the interest of the company to comply with regulations. Having solid financial practices, managing privacy of its customers, having a strong cyber security, fighting frauds… Doing that properly is by essence good for the Business and should be reflected in the risk mitigation plans of the company.

    No silver bullets Technologies for Compliance

    There is no technological silver bullet in the area of compliance. It is, before anything, a matter of processes and behavior. Nevertheless, technology can help of course.

    The market of GRC tools (Governance, Risk and Compliance) has existed for years but it is still very costly and complex to implement. One of the main wishes would be a tool that, based on the countries your company is operating in, would list all the regulations with which you would have to comply. Then it would produce a template of processes and controls to help roll out, allowing automation of controls, and storage of evidences. But it would always still require manual work and integration. I never trust a technology vendor that claims their solution will allow me to be compliant. I have seen that in the past with SOX, we can see it again with GDPR. Most of the time it can help—in certain conditions—for a specific scope.

    Read Also

    How GDPR can open opportunities for APAC businesses

    How GDPR can open opportunities for APAC businesses
    Keeping Pace with Technology

    Keeping Pace with Technology
    Adventures In Sourcing Compliance And Risk Systems

    Adventures In Sourcing Compliance And Risk Systems
    Customer Data: The New Compliance Frontier

    Customer Data: The New Compliance Frontier
    Top 25 Compliance Solution Providers - 2018

    Top 25 Compliance Solution Providers - 2018

     Top 25 Compliance Solution Providers - 2017

    Top 25 Compliance Solution Providers - 2017

     25 Most Promising Compliance Solution Providers

    25 Most Promising Compliance Solution Providers

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    Compliance Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/meeting-compliance-to-mitigate-risks-nwid-4392.html