Achieving compliance with the different regulations might have first priority for projects but, in fact, such a renewal could have more benefits than just records management. While fire fighting the consequences of the latest legal requirement might solve the problem for the moment, why not step back and get down to the root of the matter?
Coming back from two recent meetings with heads of compliance at insurance companies, I once more concluded that potential benefits of changes are often forgotten due to the pressure of compliance topics. In view of the ongoing regulatory but also economical pressure, management’s view of solving the “problem” is very often to do just as much as is needed with not an extra stroke. While such thinking surely makes sense in the short term, more important questions, like how such changes could be exploited to bring about other beneficial changes, are not asked.
A common base for most of the regulatory topics
Many of the recent regulatory topics in the financial industry, from FATCA over Solvency II to data protection requirements, base on simple questions like:
- Does the enterprise know what data it owns?
- Is data of the right quality?
- Are the records appropriately managed and is access under control?
In view of this, wouldn’t it make more economic sense to have sound processes in place to manage records that will enable an enterprise to react to new external (but also internal) requirements with much less effort?
The benefits of compliance
As there is probably no sound way around compliance, why not find the benefits that go with it? Isn’t there maybe a process that can be improved? Do paper copies of a client order, a contract or an incoming invoice really need to be stored in the cupboards of all the departments involved? The numerous discussions I have had with clients on this topic showed that there are indeed benefits, they just need to be uncovered. For example, the paper invoicing that is changed to an electronic workflow will enable a much faster performance and easier control or previously manual controls are exchanged for automatic ones, saving time and money.
But where does records management start?
A sound records management starts with an actual inventory of the enterprise’s data (linked to internal and external requirements for each document type) and a risk assessment. Based on this inventory, management can then assess the risks and decide which ones they want to take and what strategy should be followed. Usually, the higher the risks, the more efforts should be put into proper records management. This raises the question of which strategies meet my company’s requirements and which standards to follow.
Reinvent the wheel or follow a standard?
Over the last years I have seen a large number of standards for records management, ranging from purely technical ones to large frameworks covering each and every detail: ISO 15489, the versions of the Model Requirements for the Management of Electronic Documents and Records (MoReq 1&2) or GEVER (electronic transaction management) for entities under public law to name only a few. However, up to now, I have seldom seen these seriously being followed or implemented in projects in Switzerland. While GEVER is being pushed as a de facto standard for the Swiss public sector to be implemented this year, no such handy standard existed for the private sector until now.
A handy standard that can help you
This gap was recently filled with the upcoming British Standard BS 10008 “Evidential Weight and Legal Admissibility of Electronic Information”. When I first encountered BS 10008 two years ago, I was impressed by its practical aspects. The standard comes with several implementation guides that also cover current topics like web forms, mobile (SMS) or instant messaging. In the discussions with clients, be it on technical but also on compliance or business aspects, I often received the feedback that the standard and its guides and checklists are very helpful to start off records management and to build up a sound electronic records management system.
This leads me to my last question: how can you benefit from compliance and why not use it as an excuse to optimize your processes?
Read more about this and other topics in the our iCircle magazine.