The Essence of Compliance

by Thomas Bookwalter, CEO FMDC

Estimates of the number of regulations that govern records management in the US range from 10,000 to over 20,000. It is not hard to believe. If those regulations were distributed evenly among just the states, that would be only 200 to 400 regulations per state. Actually, the estimate of 20,000 is probably low. Luckily, companies are not governed by them all.

There is an essence to compliance. That essence defines what a company needs to do with its records to be compliant. No matter how many regulations apply. Find the essence and the problem becomes far simpler. The trick is finding the essence.

A review of the regulations reveals a common thread. The interests of regulators focus on a few principles of honest business. For each industry, the issues of honest business vary. Some are concerned about protecting clients’ financial interest. Other industries are concerned about the safety of products. Still others are concerned about the health and wellbeing of employees. For public companies the concern is that the interests and investment of the shareholders be respected and protected. In some industries, the privacy of individuals is the focus. These concerns distill into a set of essential functions that need to be addressed by information management solutions. They include:

  • Protecting the interests and privacy of customers and employees
  • Dealing fairly and honestly with employees, customers, investors and competitors
  • Being truthful in describing the financial condition of the company
  • Being forthright and open about the condition and performance of products: both good and bad
  • Keeping accurate records of all business dealings so that events and actions in question can be researched
  • Preserving records long enough that they will be useful in the future if the delayed effects of actions or products is discovered years later
  • Taking measures to ensure that others not committed to the integrity of the business cannot tamper with or falsify the records of the company in any way
  • Establishing the authenticity of documents and clearly linking them to the authors

For electronic records these principles manifest themselves in a finite set of information management and storage capabilities. Once a company understands its regulatory requirements, it can determine which functions to enable. Once the necessary functions are enabled, they can be applied to any set of records without great additional expense. The result is very cost effective compliance.

Copyright 2007 FMDC. All Rights Reserved.