Changing the mindset
|Wang: Protecting against compliance risks|
Major financial scandals involving Goldman Sachs and Bernard Madoff have demonstrated the need for better information management systems that help protect against risk. The key to the effectiveness of such systems is transparency and accountability, which can be most effectively delivered through a technologically advanced system known as enterprise content management (ECM).
The focus on transparency and compliance is something new to the financial service sectors. Prior to the crisis, concerns regarding information management were centred around regulations such as the Sarbanes-Oxley Act and different kinds of privacy acts, explains Andy Wang, director of global ECM strategy of Laserfiche, a pioneer in the development of document management, ECM, workflow, and records management systems. Asset owners and asset managers, who value security, are having to contend with a framework for information governance which emphasizes transparency and compliance.
Laserfiche, with US headquarters in Long Beach, California, established its international headquarters in Hong Kong in October 2009 and recently expanded its office in Shanghai, where it has had a presence since 2004. The company has a total 750 institutional clients in the Asia-Pacific accounting for 3% of its global total. It has 240 Hong Kong customers accounting for 32% of it Asia-Pacific total. The region has an overall year-to-date growth rate of 25%. Within the Asia-Pacific market, Hong Kong has grown the most – 31%.
Laserfiche counts among its clients large banks such as the Bank of China and the Royal Bank of Scotland. “These days, questions that we get from our bank clients often concern the need to have transparency, so that they can demonstrate their accountability to regulatory bodies, such as the Securities and Exchange Commission in the US. Hong Kong has its own standards, and so does Australia. But the main question remains: How do you prove to the regulators that you are doing everything that the regulators say needs to be done?,” Wang says.
Changing the mindset of asset owners and asset managers and make them more conscious of transparency and compliance can be more challenging than it seems. To be able to meet such challenges, financial institutions are looking at a more granular level at what comprises ECM. “We have customers in the US who have been audited by the SEC in the past two years, and they’ve found that if you have a good ECM framework, the regulators can look at the lifecycle management, the lifecycle disposition of the document, they can look at the audit trail and accept that as regulatory compliant,” Wang says.
This means that financial institutions themselves need to examine what a good ECM platform for their organizations comprises. Usually they start with the ECM tools that are already at their disposal, such as transactional ECM, imaging records, conversion to a paperless office. “ECM is a powerful tool that gives organizations fast and secure access to their information. It gives organizations a central repository with tight security for all of their documents, along with an audit trail. That, by itself, is compliant and is a regulatory standard that is accepted in the US,” Wang points out.
Key role in Asia
In Asia, Laserfiche is aiming to play a key role by providing thought leadership in the development and evolution of ECM. Recently, Laserfiche director of global R&D and software engineering Kurt Rapelje presented a new framework for information governance at IDC’s Asia-Pacific CIO Summit 2010 in Hong Kong. This framework for information governance has four parts: people, policies, technology, and risk management.
The people element means that effective information governance requires the buy-in from an executive, from department heads, users, legal advisers, technology managers and records managers. While there is no one-size-fits-all suggestion that can be made in terms of governance policies, it is recognized that it is often helpful to focus on outcomes (value) rather than limits (lock-down).
The technology aspect refers to the implementation of ECM as a foundational component of information governance, automating the organization’s approach to information management and ensuring the standardization and reliability of information assets. Last but not least, risk management is conditional on the organization having a well vetted policy for managing records so as to both guarantee the consistency of information across the enterprise and minimize compliance risks.
“Establishing a framework for information governance is a critical necessity for CIOs who are concerned with compliance. It is a delicate balancing act: too much information, held beyond legal retention requirements, can cause e-discovery problems. Too little information can complicate audits,” Rapelje points out. “Without a solid information governance strategy, organizations run unnecessary compliance risks.”
1 Sep 2010