Ensure regulatory compliance

Ensure regulatory compliance

Written by Ana Canteli on 3 December 2018

Regulatory compliance seeks to apply risk management compliance to avoid the consequences that non-compliance can bring to the organization, analyze the statutory and regulatory changes and the consequences that can be derived from them. Regulatory compliance is also responsible for defining governance risk and compliance prevention measures and impact evaluation, providing training to the members of the legal entity; so that they know and apply the rules, which must be updated in accordance with the procedures.

Nowadays it is essential that companies have a plan regarding data security, information management, and compliance management, as the insurance portability and accountability act sets that legal persons can be punished by criminal law. The punishments can range from heavy fines to the closure of the company. Now companies become criminally liable for prison sentences for crimes committed, on their behalf or by their own account, by their legal representatives and administrators; but also by those who, being subject to their authority, commit them for not having paid attention to their superiors, or who have not exercised sufficient control over their responsibilities.

The figure of the Compliance Officer or person responsible for ensuring compliance in the company arose in the financial sector as a result of the global economic crisis of 2008. For a Compliance Officer to fulfil its role, it is essential to:

• Guarantee their independence regarding the business.
• Have adequate and sufficient financial resources to achieve the objectives of the model.
• Moreover, above all a serious commitment to involvement by the top management of the company.

The main responsibility of the Compliance Officer is to implement a "risk management compliance model" based on procedures that ensure data security, records management, security management, and quality management in a broad sense. That is, the fulfilment of objectives is not everything, it also matters how they are obtained. Within the regulatory framework, in addition to considering the compliance standards - data analytics, data governance, and regulations - internal policies, commitments to customers, suppliers and stakeholders must also be included. This especially includes the ethical codes that the board of directors of the company has committed to respect, because there may be cases in which a performance may be legal but unethical.

The technological base as a vector of economic activity is a constant in almost all companies. With it, they improve their performance and help with data protection ensuring compliance regulations, including ISO standards; they expand their business and reach new markets.

OpenKM's document management software helps to implement risk management and regulatory compliance management system, which allows meeting ISO requirements. With OpenKM, the Compliance Officer can:

1. Identify the activities susceptible to crime and that, therefore, pose a risk to legal persons

In OpenKM, the organization can parameterize the document management software, so that the system contributes to the achievement of top management objectives while ensuring compliance with legal and regulatory requirements - such as the ISO and ethical standards of the organization.

The ISO standards (International Organization for Standardization) are norms written to organize the management of a company in different areas. Its value lies in the prestige of the organization, which is why these regulations, although voluntary, enjoy great recognition and international impact.

The ISO standard that manages the subject of Compliance is the ISO 1960 entitled "Compliance Management Systems." This regulation aims to consolidate the growing interest and importance of compliance within companies.

Through the design of profiles and roles, in OpenKM management software, the company ensures that all activities and functions accessible to the user, are consistent with the performance of their professional activity and the most developed regulations regarding data security.

2. Prevent the materialization of risks through the implementation of control procedures

Once the possible risks have been identified, the objective of regulatory compliance is to prevent crime to avoid criminal liability of legal persons. Although this is not the only objective, the preventive activity in regards to a breach of regulations extends to fields related not only to legal compliance, for which legal notices are a good tool; but also the governance of information, corporate behaviour and relations with users, consumers, and stakeholders.

In OpenKM the Compliance Officer can make use of functionalities made to control the activity carried out, on the information and the documentation of the organization.

To begin with, in the document manager it allows the management of information security at the granular level. Each folder, document, email, including any attachments, and record can be subject to custom security. The read, write, erase, download, etc. permits can be managed at the group or individual level. Moreover, the file lifecycle can automatically change the security of business content, under the application of a business process. For example, once the document has been approved, OpenKM blocks it, so that it cannot be edited.

The subscription service on content makes it so the subscribed user receives a notification every time there is a change on the node (file, folder, e-mail or record).

In addition, on each piece of content, users can access the activity log of the file. In this way, they can reconstruct all the activities that have taken place on the document. On the other hand, the system can provide reports on any activity that we consider suspicious: elimination of volumes of files that exceed a certain entity, edits of old files, download of documents, and others.

The administrator of the platform has access to advanced functionalities that allow him or her to perform a thorough audit that satisfies even the most demanding criteria of official investigations.

3. Monitor and detect risks and deviations in compliance

The automation of business processes helps to control the activities and responsibilities of the staff.

OpenKM offers, through automation, the possibility of implementing procedures, business processes, protocols and ways of working in the entity, which contribute to the achievement of objectives in accordance with the regulatory framework, internal policies, codes of conduct, good practices and commitments with third parties.

The document management system, in turn, offers a workflow engine that serves to create a univocal channel of business process management, which also helps to avoid financial costs, penalties or fines for non-compliance.

Moreover, the zonal OCR engine can be used as a checking tool. The optical recognition of characters can be used for the recognition of digitized documentary types, which, if they meet the stipulated criteria, will be archived according to the procedure. However, if the OCR detects any error or non-compliance, it can archive the defective documents in a folder in which a subscribed user must verify the information or an automated folder that activates a verification workflow.

4. Ensure compliance with applicable legislation and regulations

When, despite everything, a compliance problem arises, a solution must be found. In OpenKM, users can access documents of usual consultation, highlighted in the search engine of the document manager. You can also facilitate the use of extensive documentation in the Wiki space, linked both to files (you can check the standard, law or procedure on which the content of the document is based) and folders, records or e-mails. In the Wiki, the workers will be able to consult the code of conduct, the laws and mandatory regulations at the sectoral, local, regional, national or even international level. The Forum section provides users with a space in which to share ideas or different points of view.

From templates, we can provide pro forma documentation that serves as the basis to generate new documents, but also forms for the management of requests, suggestions or declaration of incidents.

5. Supervision of compliance program and advice

The compliance system must guarantee the flow of communication. In addition to the establishment of feedback channels (complaints management, suggestions, and acknowledgements) in templates, or space for cross-communication between users in the Forum; The OpenKM document manager provides a chat that allows members of the organization to hold online conversations.

The Task manager included in the document management system helps coordinate events that affect several users in different business areas. The members of the organization must receive all the necessary information to carry out their work in accordance with current regulations. To contribute to effective monitoring, from the OpenKM task manager meetings can be convened to supervise the compliance model or establish training sessions for managers and employees so that they know the regulatory and legal framework and are up to date with any changes.

Benefits of regulatory compliance in a document management system

The integration of the monitoring of the regulatory framework and its implementation and application in the OpenKM document management system brings a series of benefits to the entire organization and its members:

• Consolidation of the documentation: it is easier to identify duplicate, amortize or obsolete contents, simplifying the navigation and use of the repository.
• Promotes continuous improvement through the systematic application of regulatory controls, which help reduce costs in time and effort and budget dedicated to the regulatory and legal control system.
• Increase personal participation as it creates a coordinated work environment that improves the performance data of staff.
• Through the identification and detection of weaknesses and threats, improvements are promoted that contribute to enhancing the brand image of the organization.
• It provides tailored solutions for the company and is adaptable over time.
• In the family business sector, compliance models identify the members of the family entity that are managers or those that are only part of the board of directors.
• In the event that the management is developed by a hired professional and another person retains ownership of the company, the compliance program serves to protect the interests of the owners of the activity of the professional manager.
• In these moments, the implementation and use of a compliance system is a useful and valued tool by executives since it provides them with a platform of legal, and regulatory guarantees.
• For companies that want to operate abroad, having a regulatory compliance program will help their operations internationally.

In short, regulatory compliance allows organizations and legal entities to control and manage all legal issues of each area that makes up the company.