Discussions about regulatory compliance generally focus on governance, risk identification and management, training, and testing. However, an important aspect of compliance is documentation. Namely, the defined records of the compliance program, for example, training and tracking records and client onboarding files. These records are the proof of compliance. ‘Trust but verify’ is the compliance mantra.
In many financial institutions, record management is a centralized business function. Although records management strategy may be centralized, each of the firm’s operations and functions are responsible for executing it. It is important to note that records refers to both paper and digital formats. Creating a records inventory with corresponding retention and purge dates in the form of a schedule ensures that firms do not place themselves at risk because records are maintained too long or discarded too soon, according to policy or statute. Similarly, periodic reviews of this schedule ensure the records management strategy remains effective and up-to-date. Mock requests test the firm’s ability to retrieve compliance records in a timely manner. Regulators and internal auditors consider ease of access and timely retrieval in their respective assessments.
Compliance records tell a firm’s compliance story.
Often overlooked until it is too late, record management should be a forethought when establishing a compliance program. Partnering with the records management function can ensure firms are able to put their best foot forward under scrutiny.
By: Sheryl Smikle PhD