As the U.S. Patriot Act and other controversial legislation
threaten to make criminals of bankers, librarians, and others, those
same people are hoping an old friend, software, will keep them out of
trouble.
“The
last thing these people want is to be on the front page for
noncompliance,” explained Steven Lindseth, founder and Chairman of Axentis.
Axentis
recently released the results of a six-month study; it indicates that
most companies are still scrambling to implement operations to comply
with legislation such as the Patriot Act, Sarbanes-Oxley, and the Health Insurance Portability and Accountability Act (HIPAA).
And just as they’re figuring out that much, the Domestic Security
Enhancement Act of 2003, or “Son of Patriot Act,” is coming soon.
As
they scramble, they also realize the legislation is more than a little
vague and comes with no guarantees. “There is no silver bullet,” said
Jeff Guilfoyle, founding partner and vice president of e-security for Solutionary, Inc.
“There is nothing you can do that will guarantee you are fully compliant.”
That
bitter fact was clear before President George Bush signed the Patriot
Act in October 2001. The act broadly expanded law enforcement's
surveillance and investigative powers. It also, for the first time,
made businesses responsible for seeking, detecting, and reporting
computer trespasses. Banks, in particular, are expected to identify,
discover, gather, amass, investigate, and report on financial activity
to a far greater degree and depth than ever before.
“For
example, they may need to verify not only the owner of an account but
also the originator of a transaction involving that account, the
individual at the bank who may have approved a transaction, and any
other individuals who may have been involved in executing that
transaction,” Lee Kidder, TowerGroup wholesale banking director, said in an interview
released by Sun Microsystems. “If the transaction failed, they will
need to know why it failed and how it was reconciled. In other words,
every financial transaction has multiple tidbits of information
associated with it, and the new regulations are forcing banks to be
able to break down that transaction more and more finely so that the
tidbits of information can be sorted and reassembled according to
reporting requirements.”
Penalties and culpability The
penalties for not complying with the Patriot Act are steep. A bank
could find itself hit with a $1 million fine for civil or criminal
violation and complete forfeiture of any money that might have been
loaned to an individual or group found to be questionable. Individual
executives can also be fined. Then there’s the inevitable bad press
about activities labeled not only criminal but traitorous.
“A
lot of these transactions are handled completely over the Internet,”
Guilfoyle pointed out. This means an account can be opened and money
can flow in and out of it without any face-to-face contact between the
financial institution and the account holder. It doesn’t take much
imagination to realize how easy it could be for a terrorist or anyone
else to open an account or compromise an existing one to launder money.
And the thought of being held potentially culpable in that illegal
activity is enough to keep any bank president up nights.
Businesses
and business executives need to know what they’re going to tell law
enforcement “or the jury” if the worst should happen, Lindseth warned.
“If it happens and they don’t know about it and they don’t find out
about it and they don’t report it, then they’ve broken the law,” he
said.
It wasn’t long before companies like Axentis and
Solutionary began hearing from banks, librarians, universities, and
others covered by the act. “The question became, is there a way to
apply software to this problem,” Lindseth said.
|