Rules, Rules, Rules

Rules, Rules, Rules:

Steven Marlin
InformationWeek

If Guardian Life Insurance Co. executive VP and CIO Dennis Callahan ever takes up tennis, he'll probably be thoroughly bored. Just a single ball, and only one person trying to sneak it past him? Callahan, whose main job the past 3-1/2 years has been to try to change the culture of the company's technology organization, spends a good chunk of his time -- and more than $4 million a year -- swatting back compliance balls flying in from securities regulators and California lawmakers.

Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley, the USA PATRIOT Act, the California Security Breach Law, Securities and Exchange Commission rule 17a-4 -- these are but a few of the compliance challenges he faces. That's along with his day job of managing a $150 million annual IT budget to help salespeople be more productive, simplify operations, improve customer service and diversify the lineup of insurance products.

To say regulatory compliance is a distraction for business-technology executives is an understatement. Four out of five say it's a challenge just tracking whether their organizations have met compliance goals, according to an InformationWeek Research survey of 200 business-technology professionals last month. A third say complying with government regulations has had a negative impact on productivity. And 59 percent say their spending on compliance will go up this year, while only 6 percent predict a decline. That's a bit less than in September, when InformationWeek Research conducted its first compliance study; then, 71 percent said they'd spend more and only 2 percent predicted less spending."