Regulatory compliance, whether governmental or a self-regulating body, has always been a primary concern of business. In recent years, a number of comprehensive regulations have come into effect due to financial scandals involving several financial institutions. Both Sarbanes-Oxley and Dodd-Frank address record keeping practices that prevent fraud against investors by financial institutions. Affected companies are turning to technology to enable and ensure compliance with regulations that pertain to their particular business. These companies wish to comply with applicable regulations while minimizing any disruptions to their daily business operations in a cost effective manner.
This technology includes software for securing data storage and retrieval, data capture and producing copies of data when requested by a regulating body. Hardware is also involved in data capture and data storage and retrieval. Several software products have emerged to provide compliance in the wake of the recent regulations. Non-compliance can be expensive as well as disruptive to business. HIPAA violations can result in fines up to $250,000 and 10 years in prison. Violations for Sarbanes-Oxley regulations can reach $20 million or 20 years in prison. Other penalties include being unable to obtain or hold certain certifications or bonds. This could result in everything from lost revenue to complete loss of business. Therefore, compliance is vital to the continuation of business.
Compliance and Technology
Businesses are acutely aware that both government agencies and self-regulating industrial bodies will strictly enforce new regulations. These regulations are subject to revisions at any point that the regulating body sees or perceives a need to reassess them. Typically, these revisions result in more restrictive regulations and increased penalties. Understanding the specific requirements of each regulation is essential to avoid penalties (either monetary or criminal). As an example, SEC Rule 17a-4 states that broker-dealers must preserve all electronic records in a format that is non re-writable and non erasable. The rule also states that broker-dealers are able to produce the electronic records on demand.
This rule does not specify a particular media for storage, only that it meets the aforementioned requirements. Therefore, software such as cloud storage or network storage systems is available for these purposes. Other rules, such as SOX, involve the process of information management along with the monitoring and reporting on the content of retained information. Companies can acquire software products that manage the required information while providing the ability to monitor the content of the records. These products would also include the ability to produce records on demand in the event of litigation or audit.
The Upside of Compliance
Although most organizations regard the ever-increasing list of regulations to be a formidable challenge, the technologies available for compliance may also provide other substantial benefits from the management of information. These software products could also provide a better understanding of the underlying process of business through the increased effectiveness of information management. Compliance software can also provide improved support in the area of litigation discovery. Companies typically settle litigation out of court because settling is typically more cost effective.
Software solutions for compliance can provide for quick, accurate access to information requested in a legal discovery process. This would also be an advantage during an audit. The ability to ensure business continuity during a disaster such as fire or flood could be another advantage of compliance software. Additionally, compliance software can also provide improvements in a company’s operational efficiency by reducing the need for paper storage as well as providing quick access to any needed documents for customer service. This improvement in efficiency can translate into increased revenue for the company not only through cost savings, but also through improvements in customer satisfaction, retention and through the addition of new customers.
Recommendations to Ensure Compliance
– Know the regulations that pertain to your company or business.
– Develop an enterprise compliance strategy that incorporates both processes and content since both are required for compliance.
– You should fully document all retention policies, procedures and schedules. This will not only show regulators that you have them in place, but it will also communicate these policies and procedures to your employees so that they can comply with them.
– Determine the specific technological requirements that will enable your company to implement the compliance strategy plan and support your retention policies and procedures.
– Determine if your current technology is sufficient for your requirements. Note any deficiencies and determine how to correct them.
– Research any needed technology and incorporate it into your compliance strategy plan.
|SEC 17a-4||Electronic records must be stored in a format that is non-rewritable and nonerasable. Defines what records are required for compliance.||Financial brokers, dealers and exchange members||Retention periods specified for each type of record. The latest revision allows for storage in a central location as long as records are available to regulators on demand.|
|Sarbanes-Oxley 404||Provides for monitoring of the production and changing of financial records||All publicly traded companies, public accounting firms, auditors, brokers, securities analysts||Provides requirements for audit committees, financial reporting, insider trading, change disclosure and management’s assessment of controls for public companies|
|Sarbanes-Oxley 409||Mandates the disclosure on the material changes in the financial condition or operations of issuers in a timely and current manner||All publicly traded companies, public accounting firms, auditors, brokers, securities analysts||The same as for Sarbanes-Oxley 404.|
|Dodd-Frank||Gives the SEC authority to oversee credit rating agencies, insurance companies and hedge funds||Financial institutions, non-bank financial firms, insurance companies (except auto) and credit rating agencies||Give SEC authority to break up an institution that becomes “too big to fail”|
|Affordable Patient Care Act||Requires companies with over 200 employees to automatically enroll new full time employees in coverage, requires disclosure of the value of the benefit of coverage provided by the employer||All public and private companies||Provides tax penalties for failing to comply with the health care coverage mandate, creates an excise tax on certain medical equipment|