The fact of the matter is you simply can’t afford a regulatory compliance lapse that damages your reputation or your effectiveness – or more likely, both. Two forces are colliding to raise the stakes of a regulatory compliance “oops” higher than ever before:
- There is simply more documents, data and content floating around our organizations – and that swirl of stuff is getting larger and more complicated by the day.
- Everyone wants to dictate how this information is managed – individual businesses, local and national courts, regulatory agencies, international standards bodies, and many more – and each has a different perspective and agenda.
Here are just three examples (and there are hundreds!) of regulatory compliance obligations that ought to be on your watch list.
Sarbanes-Oxley (or, as it’s commonly called, “SOX”) – SOX compliance focuses on the documentation and processes surrounding financial reporting of public companies. Compliance remains a challenge for many companies due to three factors: 1) constantly increasing volumes and varieties of information; 2) adoption of “SOX-like” requirements by other national governments; and 3) and the spread of SOX requirements beyond public companies.
SOX non-compliance penalties range from loss of exchange listing to fines upwards of millions of dollars. In addition, CEOs and CFOs are also held personally accountable and can incur hefty penalties for the company’s actions, especially if they disclose inaccurate information. Even if an executive is unaware of wrongdoing, he or she still could face a one million dollar fine and up to ten years imprisonment. If the violation is willfull, the CEO or CFO can be fined up to five million dollars and face up to 20 years in prison.
ISO 9001 compliance – Organizations have adopted ISO 9001 quality standard for three reasons: 1) the value of the standard itself; 2) the sales and marketing advantage it gives a company; and 3) company requirements. To achieve ISO 9001 compliance (technically, ISO 9001:2008), an organization must collect, update and share its large library of ISO documents and provide a single access point to the latest documentation. This is even more complex given that a new standard was published September 15, 2015, specifying the current ISO 9001:2008 standard will become obsolete on September 14, 2018 and that all of your core ISO information management processes must be reexamined – or risk losing your certification. The impact of this loss can be significant, as may organizations require this certification as a pre-condition to even do business with a supplier.
EU GDPR (the new European Union General Data Protection Regulation) – A new set of European rules and standards related to privacy and data protection goes into effect in May 2018 and has set in motion a mad compliance scramble not just for European companies, but for any company doing business in Europe or with European customers. The new requirements are dramatically more onerous than past regulations – and carry with them a set of very steep fines (up to 4% of worldwide revenues!) for violation.
These are just three examples. Most organizations must comply with hundreds of multiple and often conflicting regulatory requirements related to how they manage documents and other unstructured information. These regulatory compliance requirements vary widely by both industry and country.
This is a house of cards growing increasingly unstable as the complexity and volume of information rises – and creates an information management challenge that simply cannot be solved without secure document management and flexible, document-centric process automation.
Ready to see for yourself how DocuWare's all-in-one ECM solution can help your business comply with growing regulations? Schedule your personalized demo today.