Written by Ana Canteli on 3 December 2018
Regulatory compliance seeks to apply risk management compliance to avoid the consequences that non-compliance can bring to the organization, analyze the statutory and regulatory changes and the consequences that can be derived from them. Regulatory compliance is also responsible for defining governance risk and compliance prevention measures and impact evaluation, providing training to the members of the legal entity; so that they know and apply the rules, which must be updated in accordance with the procedures.
Nowadays it is essential that companies have a plan regarding data security, information management, and compliance management, as the insurance portability and accountability act sets that legal persons can be punished by criminal law. The punishments can range from heavy fines to the closure of the company. Now companies become criminally liable for prison sentences for crimes committed, on their behalf or by their own account, by their legal representatives and administrators; but also by those who, being subject to their authority, commit them for not having paid attention to their superiors, or who have not exercised sufficient control over their responsibilities.
The figure of the Compliance Officer or person responsible for ensuring compliance in the company arose in the financial sector as a result of the global economic crisis of 2008. For a Compliance Officer to fulfil its role, it is essential to:
The main responsibility of the Compliance Officer is to implement a "risk management compliance model" based on procedures that ensure data security, records management, security management, and quality management in a broad sense. That is, the fulfilment of objectives is not everything, it also matters how they are obtained. Within the regulatory framework, in addition to considering the compliance standards - data analytics, data governance, and regulations - internal policies, commitments to customers, suppliers and stakeholders must also be included. This especially includes the ethical codes that the board of directors of the company has committed to respect, because there may be cases in which a performance may be legal but unethical.
The technological base as a vector of economic activity is a constant in almost all companies. With it, they improve their performance and help with data protection ensuring compliance regulations, including ISO standards; they expand their business and reach new markets.
OpenKM's document management software helps to implement risk management and regulatory compliance management system, which allows meeting ISO requirements. With OpenKM, the Compliance Officer can:
In OpenKM, the organization can parameterize the document management software, so that the system contributes to the achievement of top management objectives while ensuring compliance with legal and regulatory requirements - such as the ISO and ethical standards of the organization.
The ISO standards (International Organization for Standardization) are norms written to organize the management of a company in different areas. Its value lies in the prestige of the organization, which is why these regulations, although voluntary, enjoy great recognition and international impact.
The ISO standard that manages the subject of Compliance is the ISO 1960 entitled "Compliance Management Systems." This regulation aims to consolidate the growing interest and importance of compliance within companies.
Through the design of profiles and roles, in OpenKM management software, the company ensures that all activities and functions accessible to the user, are consistent with the performance of their professional activity and the most developed regulations regarding data security.
Once the possible risks have been identified, the objective of regulatory compliance is to prevent crime to avoid criminal liability of legal persons. Although this is not the only objective, the preventive activity in regards to a breach of regulations extends to fields related not only to legal compliance, for which legal notices are a good tool; but also the governance of information, corporate behaviour and relations with users, consumers, and stakeholders.
In OpenKM the Compliance Officer can make use of functionalities made to control the activity carried out, on the information and the documentation of the organization.
To begin with, in the document manager it allows the management of information security at the granular level. Each folder, document, email, including any attachments, and record can be subject to custom security. The read, write, erase, download, etc. permits can be managed at the group or individual level. Moreover, the file lifecycle can automatically change the security of business content, under the application of a business process. For example, once the document has been approved, OpenKM blocks it, so that it cannot be edited.
The subscription service on content makes it so the subscribed user receives a notification every time there is a change on the node (file, folder, e-mail or record).
In addition, on each piece of content, users can access the activity log of the file. In this way, they can reconstruct all the activities that have taken place on the document. On the other hand, the system can provide reports on any activity that we consider suspicious: elimination of volumes of files that exceed a certain entity, edits of old files, download of documents, and others.
The administrator of the platform has access to advanced functionalities that allow him or her to perform a thorough audit that satisfies even the most demanding criteria of official investigations.
The automation of business processes helps to control the activities and responsibilities of the staff.
OpenKM offers, through automation, the possibility of implementing procedures, business processes, protocols and ways of working in the entity, which contribute to the achievement of objectives in accordance with the regulatory framework, internal policies, codes of conduct, good practices and commitments with third parties.
The document management system, in turn, offers a workflow engine that serves to create a univocal channel of business process management, which also helps to avoid financial costs, penalties or fines for non-compliance.
Moreover, the zonal OCR engine can be used as a checking tool. The optical recognition of characters can be used for the recognition of digitized documentary types, which, if they meet the stipulated criteria, will be archived according to the procedure. However, if the OCR detects any error or non-compliance, it can archive the defective documents in a folder in which a subscribed user must verify the information or an automated folder that activates a verification workflow.
When, despite everything, a compliance problem arises, a solution must be found. In OpenKM, users can access documents of usual consultation, highlighted in the search engine of the document manager. You can also facilitate the use of extensive documentation in the Wiki space, linked both to files (you can check the standard, law or procedure on which the content of the document is based) and folders, records or e-mails. In the Wiki, the workers will be able to consult the code of conduct, the laws and mandatory regulations at the sectoral, local, regional, national or even international level. The Forum section provides users with a space in which to share ideas or different points of view.
From templates, we can provide pro forma documentation that serves as the basis to generate new documents, but also forms for the management of requests, suggestions or declaration of incidents.
The compliance system must guarantee the flow of communication. In addition to the establishment of feedback channels (complaints management, suggestions, and acknowledgements) in templates, or space for cross-communication between users in the Forum; The OpenKM document manager provides a chat that allows members of the organization to hold online conversations.
The Task manager included in the document management system helps coordinate events that affect several users in different business areas. The members of the organization must receive all the necessary information to carry out their work in accordance with current regulations. To contribute to effective monitoring, from the OpenKM task manager meetings can be convened to supervise the compliance model or establish training sessions for managers and employees so that they know the regulatory and legal framework and are up to date with any changes.
The integration of the monitoring of the regulatory framework and its implementation and application in the OpenKM document management system brings a series of benefits to the entire organization and its members:
In short, regulatory compliance allows organizations and legal entities to control and manage all legal issues of each area that makes up the company.