Increasing Confidence in Your ELECTRONIC RM Program

By Susan Goodman CIP, IGP, CRM, CIPP posted 06-03-2010 14:25

  

In several of my initial posts, I wrote about foundational laws and acts in the US that establish the equivalency of hard-copy and electronic records and record-keeping systems, unless specified exceptions exist. The electronic records and technologies that house and manage them must, of course, be trustworthy. Additionally, all unique requirements for those electronic systems (e.g., promulgated by regulators such as the SEC, FINRA, DoD, IRS) must be followed. Important too is following established defacto standards for electronic record-keeping (DoD 5015-2 and MoReq2 – to be superseded by MoReq 2010 in July 2010). The key premise here is that “going digital” is fine – as long as the above caveats are met. (Note: This is not a legal opinion, but I’ve found this to be the expressed opinion of many lawyers).

If this premise is accepted, then the next steps are to socialize it within the organization and establish and implement a compliant electronic records program where electronic record-keeping for official records and data is not prohibited. It is necessary, as part of this, to conduct the additional research needed to discover any exceptions and special requirements. The additional legal/regulatory research task usually falls upon the organization’s Legal and/or Compliance teams or outside counsel.

Contrary to appearance, my posting today is not about the requirements. Please see earlier blog posts for that.  It is about gaining the confidence of key stakeholders in this premise and in the trustworthiness of the electronic records management program that is being developed. Assuming  – of course – that it is trustworthy.  

Without their confidence in the acceptability of “going digital” and in the fact that that will be achieved in a manner compliant with all legal and business requirements, the effort will fail. It will fail because – despite the “big bucks” that can be saved by eliminating paper processes, without confidence in the electronic records program, those who need to approve, fund and allocate resources to it - simply won’t do so. It will feel too risky to them.

Here are tips for increasing their confidence:  

  • Ensure that the foundational Legal requirements (e.g., UETA and E-Sign in the US) are reviewed by Legal and Compliance and that the premise that digital is OK (with the caveats I listed above) is supported.
  • Make sure that “C” level Execs assess the relative risks, costs and benefits to the firm “going digital,” and visibly approve and support the program.   
  • Embed the foundational requirements and key premise above in a firm-wide electronic records policy. In the policy, clearly state that the firm will transition to electronic record-keeping with approved exceptions. Exceptions may include – for example - where it is specifically prohibited by law, regulation or contractual obligation; where it is not cost-effective; or where substantial risk exists.
  • Ensure that the policy is approved by the Business heads, the General Counsel, heads of Compliance and Risk, CIOs, Business Executives, Records Management (likely the program “owner”) and other key stakeholders.
  • Socialize the policy, the foundational requirements that establish the equivalency between hard-copy and digital records and the roles and names of the approvers.
  • Distribute communications to associates by senior execs that supports “going digital” and reiterates the core legal premise of the program, steps to ensure trustworthiness and its importance to company goals.
  • Document requirements for trustworthy record-keeping and publish them in an easily accessible location (e.g., Intranet site).
  • Establish and implement an assessment of current business processes and technologies that identifies any gaps compared to requirements, mitigate the gaps and certify compliance. Socialize that effort.
  • Provide a section on your internal website for Legal and Compliance Resources for use by support partners that reinforce the decision to go digital and provide links to sources of requirements (laws, regulations, standards). 
  • Create orientation presentations for stakeholder groups, targeting the presentation to their interests and roles (e.g., to Legal, Compliance and Risk).
  • Ensure that core program precepts and requirements are included in the policies, procedures and training materials of internal business units and support partners throughout the firm, with bulleted benefits and requirements of the program and a link to the program site.

Using these techniques (and more…) will result in the greater confidence and comfort level of your key “going digital” stakeholders and help ensure electronic records program success.

Regards until next time,

Susan

The opinions expressed here represent my own and not those of Bank of America (BAC) or AIIM

 



#MoReq2 #ElectronicRecordsManagement #records #digitization #trustworthiness
0 comments
3 views