Document Management Policy

Transcription

1 Document Management Policy April

2 Table of contents Introduction 1 Purpose... 1 Implementing a Paperless Office in Xplan 1 Introduction... 1 Benefits and Risks... 1 Issues to consider before transitioning to a paperless practice 2 Meeting RI Advice professional standards requirements 3 Records Retention... 3 Statutory obligations... 3 RI Advice Group business standards... 3 Electronic storage of advice process documentation 3 Fact Find... 3 Letter of Engagement (LOE)... 4 Statement of Advice (SoA) and Record of Advice (RoA)... 4 Declaration and Consent / Authority to Proceed (ATP)... 4 Application forms... 4 Confirmations and Notifications... 4 AML documentation... 4 File Notes... 4 Client Correspondence... 4 Trust deeds and Power of Attorneys (POA)... 5 Naming convention for files... 5 Disposing of records... 5 Possible consequences of failing to keep records (electronic or paper)... 5 Conclusion... 6 Version Date 1 March April 2014 Document owner Adviser Systems and Professional Standards Professional Standards Approved by Compliance Committee Date of approval 28 March 2012 Next review date March 2013 March 2015 Reason for current review Update and review of 2006 paperless office policy Heritage review and update

3 Introduction Purpose This document has been created to support RI Advice Group practices in developing and managing their specific record management requirements with a consistent approach. It should be read in conjunction with the Xplan Client File Procedures guide available on Adviser Services > Compliance > Policies and Professional Standards. The general requirement is that we must maintain adequate systems and controls for the creation, management, retrieval and disposal of all records. This ensures that RI Advice Group practices meet their obligations to the licensee and its regulators. The policy provides a general overview of the RI Advice Group approach to: Creating records Deciding which records are to be kept Protecting records required to be kept for business, regulatory or legal purposes Process for disposing of unnecessary records For the purpose of this policy, a record means any information captured about a client in written or electronic form. Examples of records include but are not limited to: File notes Working papers Fact Finds Advice Documents Applications Forms Client Correspondence eg. s or letters Video or voice recordings Copy of Whiteboard workings Legal Documents eg. Trust deeds and Power of Attorney Implementing a Paperless Office in Xplan Introduction The paperless office can be defined as an electronic document management environment that provides an alternative to the workflow and storage issues associated with paper files. Securely managing business information with a records management system is the first step towards a paperless office solution. RI s approved software solution is Xplan. Benefits and Risks The benefits of storing client information on Xplan include: A uniform approach to the management of records Quick access to and retrieval of information Multiple staff in the office being able to access client information at the same time Cutting down the need for physical space associated with paper records Reduced storage and stationery costs 1

4 Less time taken to retrieve lost data as Xplan is web-based and data is backed up on a per minute basis on servers located throughout Australia Streamlined workflow processes for key client engagement steps using the tools in Xplan Ability to efficiently generate advice documents (Fact Find, SoA, RoA) and client letters through use of wizards and other tools Licensee visibility of all client information which can assist in the event of a complaint Enables off-site compliance reviews The risks of storing client information on Xplan include: Data manipulation (this is offset by the audit trail functionality available in Xplan) User processing error eg. Not scanning all pages of relevant documents, not completing all relevant client information in Xplan to assist in producing advice documents ie. Fact Find, SoA and RoA Hacking into Xplan server by unauthorised users Issues to consider before transitioning to a paperless practice Based on feedback from RI Advice Group practices that have gone through the process, we recommend the following key issues be considered before transitioning to a paperless process: 1. Establish a project plan including timeframes for your practice eg. Determine whether the practice will be fully or partially electronic. 2. Start small with just a single area of your business so you can address any problems before broadening the scope. 3. Determine capability of staff to cope with a paperless practice approach and upskill where necessary eg Xplan training for data management, how to use a scanner. 4. How will you handle paper reduction on an ongoing basis? Eg. Who will scan and store all incoming paper information on Xplan. 5. Establishing an Xplan champion within the practice to lead and implement the change 6. Maintain strong Xplan password protection for all users within the practice and change passwords frequently. 7. Ensure Xplan logins are promptly cancelled upon a staff members departure. 8. Is your internet (broadband) suitable with adequate upload and download ability from a reputable supplier? Eg. Telstra, Optus etc. 9. How does the practice want to treat historical client information ie. Do you want to scan all information into Xplan or do you want start scanning from a certain date and keep all existing information in its paper format? 10. Check if your current photocopier/scanner is adequate for the situation. 2

5 Meeting RI Advice professional standards requirements Records Retention Statutory obligations Many statutes require certain categories of records (including s) to be retained for specified periods of time. Examples of some statutes include the Corporations Act 2001 (Cth) and Income Tax Assessment Act 1936 (Cth). The retention periods prescribed by statute, generally 7 years, should be regarded only as minimum periods. RI Advice Group business standards The RI Advice Group minimum requirement for record retention is 10 years. At what time the 10 year period begins will depend on the nature of the document For example, for investor records, the 10 year period begins after the last transaction, whereas for FOS matters the 10 year period begins after the date of the claim. After 10 years, we recommend information be archived rather than being destroyed. Electronic storage of advice process documentation Fact Find For the purpose of this policy, Fact Find means Personal Financial Profile (PFP), Risk Fact Find, Core and Modules for the new advice process and any other RI approved data collection forms. There are multiple ways of capturing client data. The following are the best practice approaches: OR 1. Capturing all data using paper fact finds and then scanning and uploading the final version into Xplan. Note: You would still need to input the information into the relevant fields in Xplan to generate all advice documents. 2. Alternatively, the practice can input the data collected from the paper fact find in the relevant Xplan fields and then safely dispose off the paper fact find. Note: This option requires the scanning and uploading of the signed client declaration page for current advice process documents or the signed Letter of Engagement client declaration in the new advice process. A Reverse Fact Find should then be generated once data has been entered in Xplan. The fact find should reflect all data captured and automatically dated in Xplan. A reverse fact find does not need to be in PDF format. At an annual review, any updated information should be entered into Xplan and an updated reverse fact find should be generated and saved. 3

6 Letter of Engagement (LOE) The completed and signed LOE must be scanned and stored on Xplan. The paper document can be disposed of in a secure manner. Statement of Advice (SoA) and Record of Advice (RoA) The final version of the SoA that is presented to the client should be in PDF format for data integrity. The simplest way to PDF the document is to save the file in PDF format. Note: You do not need print and scan the SoA to create a PDF. Electronic signatures for the SoA cover letter are now available for use in the new advice process. In the interim, if you are signing the final copy of the SoA, the practice needs to scan and save the signed cover letter along with the PDF format copy of the SoA. The same process applies to RoAs. Declaration and Consent / Authority to Proceed (ATP) The completed and signed ATP must be scanned and stored on Xplan. The paper document can be disposed off in a secure manner. Application forms The completed and signed application forms must be scanned and stored on Xplan., with the paper copy disposed off in a secure manner. For e-applications that don t require client signatures, practices must save a completed copy in Xplan, preferably in PDF format. Confirmations and Notifications Confirmation letters and other notices from fund managers and life offices must be scanned and stored in Xplan. AML documentation A copy of the relevant identification and completed IFSA/FPA form must be stored in the client file in Xplan. File Notes For the purpose of this policy, file notes mean handwritten or typed file notes, voice recordings, dictaphone and video messaging. File notes can also be directly entered into Xplan. Handwritten and typed file notes should be saved in PDF format for data integrity. Client Correspondence Mail and Faxes 4

7 You should not be serving as a mail hub for client mail. However, any client correspondence that you do receive (eg. fund manager confirmations) should be scanned and saved in PDF format in the client file in Xplan. s must be stored in Xplan. The procedures guide gives options on how to save. Trust deeds and Power of Attorneys (POA) Legal documents such as Trust Deeds and POA should not be destroyed upon scanning and saving in Xplan. Note: It is critical that the practice confirm that information has been correctly scanned and the contents of the documents scanned are legible, before destroying all hard copy documentation. Scanned documents should be saved in PDF format, date stamped and stored in Xplan in accordance with the procedures document accompanying this policy. It is RI Advice policy that the quality of scanned documents is the responsibility of the practice. Liability for any error, omission or unreadable signatures lies with the practice. This applies to any other important elements of a client file or other important documents. Naming convention for files Developing a standard protocol for the naming of documents within an office is extremely important to maximising the ability to easily and efficiently retrieve the documents required. This protocol may vary slightly from practice to practice, but a practice must ensure they maintain a standard naming protocol that all staff can understand and use. As a recommendation, practices should name the files by the client surname and date of transaction or vice versa. For example, the file for B. Jones with business transacted on 1st March 2006, would be named JonesB Note: Privileged, confidential and sensitive materials are to be labelled and should be stored in secure places, if possible, separately from other records Disposing of records Any hard copy documentation disposed must be shredded or disposed of via a secured method. Acceptable secure methods include using a shredder and having a secured disposal bin. Possible consequences of failing to keep records (electronic or paper) Failing to keep records in breach of these obligations is extremely serious. It may be: A breach of court obligations Contempt of court/ interference with the administration of justice Breach of the Crimes Act (Federal and State) Breach of a relevant law 5

8 Destruction of records may also result in adverse inferences being drawn against RI Advice Group entities if litigation is commenced in which the records may be relevant. The consequences may adversely affect the reputation of RI Advice Group, their ability to defend or initiate legal action and may lead to fines imposed on RI Advice Group imprisonment and/or fines for individuals concerned. Conclusion Regular reviews need to be conducted of stored records to assess whether the records are required for business or legal reasons. Consideration is to be given, at the time of disposal, as to whether the records may be relevant to actual, threatened or reasonably foreseeable legal action or regulatory investigations. Irrespective of the retention period attached to the record, if the record could be considered relevant to any such action or investigation, the record must be kept. Secure disposal bins are to be used to dispose of confidential and restricted records. Only a reputable and reliable record management company is to be engaged if record disposal is outsourced. Check quality of scanned document before disposing off the originals. Double sided scanning is acceptable. Records should be reviewed regularly to determine whether information can be archived once 10 years has been reached. The practice needs to establish its own internal processes as to when documents should be scanned eg. upon receipt, at a set time each day, once the item is actioned etc etc. The process should be documented and followed by all employees within the practice. 6