|
|
|
Features
< Back
Sarbanes Oxley : Technology : Content Management
Meeting the Legal Challenge: A Platform for Compliance
By
Jen Rabe
|
|
Jen Rabe
Director of Compliance Solutions
Open Text
|
Over the past few years, regulations such as the Sarbanes-Oxley Act, as well as the explosion of digital content generated and exchanged by corporations, have increased the demand and necessity for corporate governance and regulatory compliance.
There is heightened awareness in the marketplace about the issues of compliance and how to manage businesses effectively to ensure that they abide by all relevant regulations. Following the wave of corporate scandals and the impact of Sarbanes-Oxley, companies must have processes in place to ensure that they are meeting required standards, whether these standards are voluntary or imposed by external governing bodies.
It is critical for any organization to be well managed and compliant, but there is more to compliance than simply following the rules ? it is also about documenting that rules are being followed. At the heart of each set of industry regulations and standards are basic principles for doing good business?principles derived from the experience of best practices, policies and procedures for each industry. They are often designed to prevent mistakes from being repeated.
Compliance and corporate governance is no longer solely a concern of the Financial Services industry. In recent years, we have seen the boom of compliance efforts from various businesses across many industries. As a result, corporations are focused on implementing solutions that meet compliance requirements as well as establish best practices in managing high volumes of valuable information within the enterprise.
How a company is managed and the measure of its compliance efforts has a direct impact on shareholder value. Poor management and non-compliance can lead to lost business, financial penalties, indefinite suspension of operations and even criminal charges.
Even though corporate governance policies and their associated controls vary from company to company, the general frameworks that need to be put in place to meet governance requirements are similar. Indeed, solutions based on Enterprise Content Management (ECM) platforms are helping many of the world's leading companies streamline and accelerate their compliance management.
Financial Services and Insurance Industry Challenges
Banks and insurers face huge challenges in complying with new regulations, which include Basel II, International Financial Reporting Standards, the Sarbanes-Oxley Act, and anti-money laundering legislation.
There are many regulators who are reacting to the dawn of digital content as a legal form of information. Corporations began documenting their internal controls with desktop tools, then moved to databases as the set grew larger, and finally moved to an ECM platform as it became clear that tracking and managing this information required structured data management and content and document tracking.
No other industry has been more revolutionized by the availability of real-time information than the financial services industry. Timely and relevant information is one of the most critical competitive advantages that banks can have.
The level of scrutiny on financial services firms varies widely. Business lines that deal with consumers are expected to provide comprehensive disclosures that might not be considered essential for other businesses that only deal with highly qualified financial professionals.
Financial services firms are vulnerable to the misrepresentation and misuse of information, and increasing emphasis is being placed on the need to understand the customer?s identity and business profile. Risk-based assessments are another increasingly adopted feature of financial regulation?especially in guarding against money laundering and similar criminal or terrorist-related activities. Management of the complex tradeoffs in a risk-based model requires sophisticated ECM tools to tag and classify information and provide structure and audited business workflows.
Compliance Management and ECM
ECM solutions enable organizations to manage content from initial creation to final archival stages, and allow users to work together across the globe, find vital information, and audit and report on regulated activities.
An ECM platform is well-suited to accommodate compliance activities, particularly those that are characterized by the digital content explosion in businesses today?for example, in the case of email, the exponential growth of the sheer volume of it within organizations makes it an increasingly difficult medium to work with in a compliant manner. Because ECM solutions are differentiated by their ability to manage unstructured data, they support a broad range of compliance activities to be performed, monitored, and reported around this content.
An initial investment in an ECM-based approach to compliance can then be leveraged to address other business needs, whether for compliance, content management or collaboration. Built on a common platform with a common data structure, ECM solutions are reliable and scalable.
Success depends on the ability to manage, preserve and leverage knowledge. It is inefficient to depend on uncontrolled email systems and shared network drives as a repository for corporate knowledge. Doing so can put an organization at risk of litigation or non-compliance with industry and government regulations. ECM enables financial services organizations to foster a knowledge-sharing culture that facilitates the flow of information throughout an organization in a compliant manner.
While compliance may prompt consideration of an ECM solution, compliance activities are best understood as a natural by-product of business process improvement.
A Platform for Compliance and Corporate Governance
Corporations face the difficult task of maintaining quality, innovation and performance while operating in an increasingly risky environment. Choosing and deploying a solution that complies with stringent industry and government regulations has become a top priority in companies across the globe.
The key to achieving compliance with high corporate governance standards is to ensure that consistent processes are rapidly deployed throughout the organization, that all critical information is managed, and that staff are fully trained and able to work together within the compliance framework. By using an ECM platform, organizations can meet compliance and corporate governance requirements in an efficient, cost-effective manner.
 The environment for governance and compliance
Although technology alone cannot satisfy compliance requirements, it can play a critical role when integrated with the proper processes and organizational structure. ECM platforms support governance by specifying particular policies and allowing the organization to enforce and audit compliance activities with these policies.
To comply with various government regulations around the world, organizations are called upon to collect, manage and archive critical business information. Records of all types must be easy to find and present, and ECM solutions can generate additional ROI by managing this process efficiently. Solutions that play a proactive role by securely storing records for a specified period of time, cross-referencing records and facilitating audit history create considerable additional value. Implementation of best practices for compliance protects the organization from risk while streamlining administrative and operational costs. Integrated ECM solutions allow organizations to be proactive in preparing for new or evolving compliance regulations.
Content and process management tools are essential to support regulatory compliance. Equally important is the value gained from ensuring that people work together more effectively and integrating governance into the core operations of an organization. The rising tide of regulation is creating operational challenges for all companies, but especially insurers. Documenting the internal processes, risks and controls identifies what the organization (and the regulator) wants to happen. Meeting these new regulatory requirements in an integrated way is essential for success.
Sustainable Compliance
ECM solutions are designed to address a number of governance needs: growth in regulatory reporting requirements; leveraging of existing investments in training content and certification programs; maintenance of detailed registration and licensing records for compliance management; and management of the records necessary to achieve regulatory compliance.
ECM solutions provide an infrastructure and applications which facilitate compliance with regulations such as ISO 9000, the US Patriot Act, SEC, DOE and OSHA, as well as providing the document and process management functionality required by Sarbanes-Oxley. ECM also reduces the risks associated with non-compliance by making control of information and processes more efficient and transparent.
Regulations are based on the desire for optimal business operations; thus, by meeting regulations, organizations are ensuring that their business processes follow industry-established best practices. Being compliant and promoting good governance is about much more than just mitigating risk?it guarantees the long-term success and quality of operations throughout your organization.
Even though compliance with Sarbanes-Oxley and other regulations may seem painful in the short term, it also provides an opportunity to review and improve the efficiency of all corporate operations. To derive long-term benefits from short-term investments, organizations need to select vendors that can offer comprehensive, well-supported solutions.
Smart companies are paying attention and investing in ECM-based solutions as the best way to ensure reliable, company-wide compliance with a range of regulations. Not only does investment in ECM solutions protect your organization from the risks associated with non-compliance, it also provides the foundation for innovation and accelerated growth.
Conclusion
The main reasons why organizations need to address issues of corporate governance are to mitigate risk and to optimize operations. The primary goal is to maintain and grow shareholder value. Poor governance exposes a company to unacceptable risks, which can have significant consequences.
Wisely, companies across the globe are striving to learn from?rather than simply react to?the enormous governance failures at Enron and Parmalat. Each industry has its own regulators and regulations, but much can be learned from those regulations that are applied to organizations across all industries.
Companies have tended to manage regulatory change in silos, focusing narrowly on compliance and using compartmentalized regulatory controls. The greatest challenge is to make sure that this integrates into the core operations of the organization. Companies that choose to go beyond compliance and implement best practices through ECM solutions can achieve competitive advantage through higher productivity and protect their brands.
ECM structures these processes and their underlying data so that nothing important is omitted and everyone is aware of who is doing what, why, how, where and when. This ensures that the organization is going about its business in an orderly way, and that time, money and other resources are used efficiently.
Compliance Continuum
 This diagram depicts compliance types and typical corresponding consequences for being non-compliant. It is important to identify that compliance needs to happen according to a defined rule (regulation, standard or policy) to have meaning, and that compliance is only one component of corporate governance.
Jen Rabe
Director of Compliance Solutions
Open Text
Jens joined Open Text in October 2004 when the company acquired IXOS. In his role as segment manager for Open Text?s records management and email archiving solutions, Rabe is also responsible for Open Text?s lifecycle management solutions strategy and execution.
|
|
|
|
|
