Three Ways to Create a Culture of Compliance in the Age of Information Governance
These days, regulations pertaining to internal communications and information governance require close attention within the enterprise. With the evolution of traditional communications channels, the SEC and FINRA have had to step up their regulatory communications and asset management codes to include not only email, but instant messaging, social media, phone and video communications, and collaboration platforms as well.
Growth in the use of real-time communications channels has inevitably led to the proliferation of business-critical information in channels well beyond email. Combined with stringent regulatory and corporate governance requirements, this has created demand for the capture and control of internal conversations, from upper management, operations employees, to the broker on the phone. Everyone is held responsible for complying with these regulations.
This year, LPL Financial incurred a $9 million fine from FINRA for systemic email failures rooted in the firms inability to meet its obligations to capture, monitor and review email communications. This is just one instance of a business exposing itself to hefty fines and litigation due to a lack of information governance and compliance solutions - imagine how these new forms of communications compound the risk. Organizations need to implement and abide by a comprehensive solution to help manage the use of these newly utilized channels, and to identify and retain business records. However, implementing software is just one step in the process of ensuring compliance and information governance within the enterprise.
According to Forrester Research, information governance defines a set of principles, critical success factors, roles, and responsibilities that are common practices to both content and data. An information governance program provides consistency to ensure that information, both structured and unstructured, is managed in a consistent fashion. There are three areas—structure, technology and education—that businesses need to address when establishing an effective information governance infrastructure. Doing so will not only help them avoid regulatory fines, but it will also create a true culture in which compliance is top of mind for all employees within an organization.
Structure
The components of an information governance program will lose their value if not a part of a larger strategy for corporate compliance. Upper management must evaluate an organization's internal structure to determine how to integrate compliance into its core values and objectives. Especially within highly regulated industries, re-establishing core values to mirror regulatory standards and impart a sense of urgency for all the company to uphold is key to creating a culture of compliance. These values should encompass a defined set of policies and procedures, standards for reporting and communication tools that align with governance and compliance requirements.
Technology infrastructure
Once goals are set, corporate governance technology must be implemented. This is the most effective way to capture and store all data within an organization. It can be incredibly overwhelming to think about having to file and archive millions of emails, instant messages, unified communications and collaboration messages, electronic file transfers and more. Deploying compliance technology with records management capabilities is critical to addressing this complexity and avoiding the possibility of files slipping through the cracks. For professionals involved in swap transactions, Dodd Frank even mandates that all voice calls, whether over phone or video, must be archived. Ultimately, governance technology is the best option to ensure full compliance as the regulatory landscape continues to introduce new requirements.
Education
It is imperative that education practices are in place to support the development of a 'risk intelligent culture', in which employees have an understanding of the compliance risks that exists in the industry. A culture in which staff understands the risks is empowered to direct that knowledge toward open communication and the adoption of processes as directed by upper management. Whether by a monthly seminar on new regulations or weekly memos sent by management to relay relevant industry news, education throughout an organization is essential to mitigating risk and protecting the organization. Additionally, while employees are typically the ones who must uphold regulatory standards day-to-day, it is the responsibility of upper management and the C-suite to lead by example. Executives need to set expectations with employees and follow their own advice when communicating and conducting business as usual.
Now more than ever it's necessary to make changes to ensure compliance in the information governance space. Mitigating the risk that comes with regular business operations is not only necessary to protect the wellbeing of an organization, but its key stakeholders as well. As daunting as regulatory compliance may be, it is completely manageable with the right framework and support.