On the right side of the law

Customer information, financial reporting and audit, exports, waste -- almost every part of an organization's inputs and outputs are increasingly driven by regulation.

Indeed, regulation is often seen as a cost center, operational headache and financial burden in terms of the potential fines an organization could be liable for if found to be non-compliant -- not to mention the incalculable damage to brand reputation that can be incurred if public sanctions are applied.

But the necessary evil that compliance is often seen as can be turned into a positive, if looked at as an objective way to measure whether processes and policies are up to standard. It can also be a means to an end of putting the best practices in place for maximum competitive advantage.

"Our compliance efforts can be seen as a way to enable a seamless effort to implement regulation. That allows the company to put more effective controls in place in a way that increases the efficiency of our processes and doesn't hold back the business," says James Stearns, director of regulatory compliance and senior counsel at Intelsat.

And, if anyone should know about compliance and its legal implications, Stearns should. This is because Intelsat is the world's biggest global satellite communications service provider, involved in areas of utmost importance to both international and industrial security, with reported revenue last year of $1.7 billion (£839 million).

In fact, in 2006 the US Bureau of Industry and Security (BIS) issued over $16 million (£7.7 million) in fines to companies for violating export regulations, which essentially means they did business with the wrong people. And trading with an entity on the US restricted party list can result in administrative fines of up to $120,000 (£59,218) or criminal penalties, including 10 years imprisonment. Or, in Intelsat's case and, as Stearns half jokingly told CIO: "We have to make sure we're not selling satellite bandwidth to Osama Bin Laden".

This might sound an exaggeration, but 'Bin' is a popular name in Middle Eastern countries, just as Smith is in the UK and Patel might be in certain parts of the Indian sub-continent. Stearns says: "Intelsat provides satellite capabilities in over 200 countries, but as a U.S. company we are subject to export regulations that hold places like Cuba, Iran and Sudan as countries we're not allowed to trade.

"Added to this the business moves at a very fast pace, where we can be asked to provide satellite capacity that's up and running in a matter of days, but we can't know each and every detail about the people requiring that satellite capacity."

Managing this regulation is a mission-critical requirement for Intelsat -- but one that has historically been a headache to comply with. Stearns explains that when he first joined the company in 2004, the company relied on manual means, including web searches, to check the provenance of customers. But in 2006, the company merged with video distribution satellite specialist, PanAmSat in a $6.4-billion (£3.3 billion) deal that radically changed the sheer scale of its compliance requirements. Stearns adds that the events of 9/11 also changed the dynamics of its regulatory environment, adding to the burden. "We briefly considered building new capability in-house, but with tremendous effort on the part of IT," he says. "So we decided to outsource."