Of course this responsibility at board level trickles down, becoming a burden for corporate finance and IT departments. But it does mean the requirements for strong identity authentication, controls and reporting are great, as are the fines if an auditor finds you non-compliant.