Compliance and Regulation: Impacting on the Global Business Community

Following the fallout from major corporate crashes such as Enron and Worldcom, stricter compliance legislation has been introduced around the world to ensure that business managers and principals are more accountable for their actions.

The latest compliance standards focus on greater accountability and control in key business processes – most importantly document flows and data management.

There are two central aspects to enforcing compliance:

• The corporate duty of care in enforcing standards
• The need for legal protection in the event of litigation or a dispute

Non-compliance is not an option, companies risk stiff fines and executives can be held personally liable if information is not in order. Therefore, it is important that the business examines all regulations, not just those affecting their specific area of operation, but also generic legislation affecting general business activities.

The consequences of non-compliance are extremely serious; in December 2002 the SEC fined five Wall Street brokerages a total of $8.25m for improperly storing e-mail communications (Forrester Research).

Distributing documents for approval, whether in hard copy or electronic form, raises security issues. Who is authorised to access documents, and what information can they access within them? This is particularly important to ensure compliance with legislation such as the Sarbanes Oxley Act, which applies to US companies and their foreign subsidiaries; and in the UK, the Data Protection Act and the Freedom of Information Act.

Document processing software such as Tokairo's TokOpen system addresses these challenges and automatically enforces compliance. Every action relating to individual document access is audited, access is limited to specified personnel, and actions they can undertake are also controlled. Software can also restrict access to different information within a document, to different specified users or groups within an organisation.

This ability to allow different information in a document to be seen by different users means that the divergent needs of the Data Protection Act and the Freedom of Information Act can both be met automatically, without the need to make copies of documents.

This flexibility can also extend to the hierarchy of approval based on the value of an invoice. So if a member of staff is not allowed to approve payment of an invoice of over £500 for example, it can still be checked by them, but then can automatically be escalated to a superior for payment sign-off.

The following are some of the most recent regulations, and the effects they can have on corporate document management strategies: