It is clear that companies failing to put procedures and systems in place will undoubtedly compromise their operational efficiency. However, document management, storage and access is no longer simply an internal matter. It has become a legal responsibility to ensure that important data and documents can be easily accessed. The recent raft of industry-wide regulation, for instance the Freedom of Information Act and the Data Protection Act, impose compulsory data access and security requirements on UK companies. Then there is the matter of sector-specific legalities. In financial services, for instance, this encompasses both international regulation - Basel II, the US Sarbanes Oxley Act, IFRS ? and national stipulations from the Financial Services Authority (FSA). The challenge for private companies and public institutions is to balance each of these differing legal and business considerations, define an integrated data retention strategy and underpin this with supportive technology.
Mitigating Risk
It is a widespread perception that UK regulation is less prescriptive and stringent than in the US. But US regulation tends to have far-reaching effects, either directly impacting UK companies, or profoundly influencing the nature of future European and UK rules. In any case, FSA guidelines already require organizations to prove that data is stored, secure and accessible, and ready for presentment at any time. And from 2005, the FSA responded to the global trend in tightened regulation and brought in new rules, aimed at enforcing even clearer, more comprehensive reporting and greater transparency. In practice, this means organisations must be able to present demonstrably transparent document control mechanisms, attest to the quality and precision of reporting processes and manage massive quantities of data from disparate sources.
Leaving a Legacy
So how are institutions implementing these principles to mitigate document risk, and how are the technologies responding to the changing needs of business?
Firstly, we have stated that many organisations use online solutions to manage current documents. Certainly, customers? expectations of near real-time information retrieval to answer their calls and queries have made the rapid availability of recent data and documents a necessity for many industry sectors. Yet strategies also need to be put into place that ensure speed and ease of accessibility of ?older? information is determined by a matrix of regulation, versus cost, versus customer service benefit. For instance, a leading UK institution recently discovered that the volume of data held within its online solution had swelled to 10 terabytes! There is an urgent need to have disciplines that transfer ?old? data to a secure archive that can be accessed when necessary. For instance, when there is no longer a regular need to access bank statement line data for customer service requests, the data can be deleted from online applications and the statement itself archived to an archive medium.
Tried and Tested Solutions
Within the scope of this article, we do not have the opportunity to analyse the various requirements of all document types ? but particular attention must be paid to email and Instant Messaging (IM). Merrill Lynch, for instance, took a serious blow to its reputation when damaging contents of emails were highlighted during a legal dispute; Andersen and CSFB have both had e-mails used as court evidence; and last December, five leading broker-dealers in the US were fined a total of $8.25 million for breaching record retention requirements for email. At the moment, the Financial Services Authority (FSA) requires all UK financial institutions to store all business email for up to six years. But it is expected that the FSA will follow the US? example and adopt a tougher stance. The fundamental lesson is that electronic communications must not be isolated from document preservation strategies. Interestingly, many financial institutions are realising that they can apply the same technology principles to email as to other documents.
Conclusion
Document control has become a board-level issue. Substantial fines are being imposed for non-compliance to local, European and international regulations, and companies without the systems to adhere to rules effectively will expose themselves to huge risk. Furthermore, legally compliant document management practices also deliver significant business benefits - improving operational efficiency, reducing costs, boosting customer service and knowledge sharing. A balance of electronic and analogue media formats is essential in implementing storage strategy, and both companies and public sector organizations need to push the urgency of this issue up the agenda if they are not to fall foul of legislative, regulatory and reputational penalties.
 ShareThis
Tags: Compliance |
