Naked CIO: It's time compliance quit crippling SMEs

The Naked CIO asks: could the banks' hard times lead to better times for smaller businesses?

I know it is unkind to hit someone when they are down, however in this case I believe it is warranted.

Over the last decade I have seen the power of the banking community cripple IT processes and increase IT departmental spending exponentially. The power of their influence has systematically transferred risk from their once deep pockets to the balance sheets of small and medium businesses across the UK.

It started with the implementation of additional compliance - brought about by accounting mismanagement and a lack of controls at financial institutions - which businesses then had to comply to. Then the arrival of chip and PIN switched the burden of accountability for credit card fraud from the banks to the businesses. This included the banks making millions through charging businesses for new credit card machines that were chip and PIN-enabled.

During this time the banks raised credit card interest rates significantly, although they had less risk to compensate companies and customers for fraud. And due to worries about internet fraud banks raised merchant rates for online and ecommerce credit card transactions.

Now in the US they have something called PCI standards, which UK companies must observe if affiliated with US operations. PCI compliance can be debilitating for businesses as it requires very detailed management of all IT controls for data and financial processing standards.

I have been informed that companies can be charged thousands by the credit card companies for every month their systems are not in compliance - and yet the cost of developing software, implementing new hardware and additional resources to adhere to the check and balances is substantial to any business.

PCI compliance requires the expense of comprehensive external audits and additional labour and controls within the IT department to meet and then as part of the requirement monitor these processes.

While it is discouraging to see that banks are currently at the forefront of our financial strife, it is still a travesty that for the last decade they have continually squeezed SMEs for the cost of managing and securing what should have been the banks' responsibility.

I sincerely hope that banks, now that the billions in profits have diminished, work with businesses and demonstrate a more balanced approach towards compliance in particular. They must ensure that our ability to do business is not crippled by the cost of having to adhere to multiple layers of compliance that have little to do with the business model of the SME.

Over the last two decades the rise of compliance and governance is having a very real impact on the ability for businesses to control costs. There has to be a better way to manage the need to secure information and ensure common sense best practice without creating a goliath of governance that is, from a cost perspective, totally out of line with the cost structure of most businesses.