Document Management Policy



Similar documents
Xplan Client File Procedures

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)

IFRS FOUNDATION DOCUMENT RETENTION AND DESTRUCTION POLICY

University of Louisiana System

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

An Approach to Records Management Audit

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Accepting Payment Cards and ecommerce Payments

Newcastle University Information Security Procedures Version 3

The Supreme Court of Hawaii seeks public comment regarding proposals of the Hawaii Court Records Rules and Hawaii Electronic Filing and Service Rules.

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Records Retention and Disposal Schedule. Information Management

NOT PROTECTIVELY MARKED FORCE PROCEDURES. Retention, Archiving and Destruction Procedure v1.2. Records Manager

CENTRAL KY RIDING FOR HOPE, INC.

Considerations for Outsourcing Records Storage to the Cloud

Sample County Plan to Implement Electronic Filing or Electronic Service Pilot Project

DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS

UNITED STATES BANKRUPTCY COURT DISTRICT OF ARIZONA

Clause 1. Definitions and Interpretation

Zinc Recruitment Pty Ltd Privacy Policy

Scanning Guidelines. Records Management

What are medical records? What is the purpose of the medical record?

SUTLEJ TEXTILES AND INDUSTRIES LIMITED DOCUMENT PRESERVATION AND RETENTION POLICY

4) Suspension of Record Disposal In Event of Litigation or Claims

Data Compliance. And. Your Obligations

The Superannuation Clearing House Online Product Disclosure Statement

DATA RETENTION, STORAGE & DISPOSAL POLICY

Policy Document Control Page

Administration Department. {Insert Name of Organization} Operating Policy Record Retention and Destruction

Contents LOGIN. Order an Official Transcript National Student Clearinghouse Tutorial Page 1 of 9

XPLAN PRACTICE MANAGEMENT

POLICY FOR PRESERVATION / ARCHIVAL OF DOCUMENTS

TRANSPORT NSW. Guidelines for the Use of Taxi Security Cameras in New South Wales

USER INSTRUCTIONS WELCOME TO THE CLERK S OFFICE ELECTRONIC FILING SYSTEM

DOCUMENT RETENTION POLICY Revised 01/2009

Information Technology

Going Home Staying Home

This note provides general guidance for NOTES RETENTION OR DESTRUCTION OF FILES. Technology Committee AND OTHER PAPERS AND ELECTRONIC STORAGE

IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009

Heritage Credit Union Mobile Deposit User Agreement Effective: April, 2016

Information Security Policy

Records Management - Council Policy Version 2-28 April Council Policy. Records Management. Table of Contents. Table of Contents... 1 Policy...

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Litigation Hold Notices & Electronic Discovery A R E S O U R C E F O R W S U E M P L OY E E S

Nevada Supreme Court Training Sessions

HIPAA BUSINESS ASSOCIATE AGREEMENT

How To Use A Court Record Electronically In Idaho

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

DOCUMENT RETENTION POLICY

WEBSITE TERMS OF USE

Basic Records Management Practices for Saskatchewan Government*

Should you have any questions please do not hesitate to contact the NIG Broker Support on * or by to

Securities Trading Policy

FDU - Records Retention policy Final.docx

The legal admissibility of information stored on electronic document management systems

Disposal Schedule for Functional records of the Electricity Supply Industry Expert Panel

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Federal Trade Commission Privacy Impact Assessment

SourceIT User Notes. Specific Clauses. Licence and Support Contract Commercial off-the-shelf Software RELEASE VERSION 2.

DOCUMENT RETENTION AND ARCHIVAL POLICY:

GUIDE TO ACHIEVING COMPLIANCE a South African perspective

Electronic Data Retention and Preservation Policy 1

Scanning and Tossing. Requirements for Scanning and the Destruction of Paper Based Records

PROCEDURE FOR CAPTURING, RECORDING AND USING ELECTRONIC SIGNATURES. Procedures for capturing, recording and using electronic signatures.

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Corporate Governance - The Importance of a Compliant Record Retention Program. by Christopher N. Weiss 1

Compliance in the Corporate World

RECORDS MANAGEMENT POLICY

Account Application Form

secure shredding Services Secure, Compliant, Cost-Effective, Environmentally Responsible Information Destruction Secure Shredding

ACE Advantage PRIVACY & NETWORK SECURITY

ALPHA TEST LICENSE AGREEMENT

How To Protect The Time System From Being Hacked

Merthyr Tydfil County Borough Council. Data Protection Policy

WRIGHT STATE PHYSICIANS

Disposal Authorisation for Information and Technology Management Records. Administrative Schedule No. 4

HIPAA Audit Risk Assessment - Risk Factors

Disposal Schedule for Functional records of Retirement Benefits Fund. Disposal Authorisation No. 2416

WHAT TO DO WHEN YOU RECEIVE A LITIGATION HOLD NOTICE. A Guide for University Faculty, Staff, and Others

Transcription:

Document Management Policy April 2014 1

Table of contents Introduction 1 Purpose... 1 Implementing a Paperless Office in Xplan 1 Introduction... 1 Benefits and Risks... 1 Issues to consider before transitioning to a paperless practice 2 Meeting RI Advice professional standards requirements 3 Records Retention... 3 Statutory obligations... 3 RI Advice Group business standards... 3 Electronic storage of advice process documentation 3 Fact Find... 3 Letter of Engagement (LOE)... 4 Statement of Advice (SoA) and Record of Advice (RoA)... 4 Declaration and Consent / Authority to Proceed (ATP)... 4 Application forms... 4 Confirmations and Notifications... 4 AML documentation... 4 File Notes... 4 Client Correspondence... 4 Trust deeds and Power of Attorneys (POA)... 5 Naming convention for files... 5 Disposing of records... 5 Possible consequences of failing to keep records (electronic or paper)... 5 Conclusion... 6 Version Date 1 March 2012 2 April 2014 Document owner Adviser Systems and Professional Standards Professional Standards Approved by Compliance Committee Date of approval 28 March 2012 Next review date March 2013 March 2015 Reason for current review Update and review of 2006 paperless office policy Heritage review and update

Introduction Purpose This document has been created to support RI Advice Group practices in developing and managing their specific record management requirements with a consistent approach. It should be read in conjunction with the Xplan Client File Procedures guide available on Adviser Services > Compliance > Policies and Professional Standards. The general requirement is that we must maintain adequate systems and controls for the creation, management, retrieval and disposal of all records. This ensures that RI Advice Group practices meet their obligations to the licensee and its regulators. The policy provides a general overview of the RI Advice Group approach to: Creating records Deciding which records are to be kept Protecting records required to be kept for business, regulatory or legal purposes Process for disposing of unnecessary records For the purpose of this policy, a record means any information captured about a client in written or electronic form. Examples of records include but are not limited to: File notes Working papers Fact Finds Advice Documents Applications Forms Client Correspondence eg. emails or letters Video or voice recordings Copy of Whiteboard workings Legal Documents eg. Trust deeds and Power of Attorney Implementing a Paperless Office in Xplan Introduction The paperless office can be defined as an electronic document management environment that provides an alternative to the workflow and storage issues associated with paper files. Securely managing business information with a records management system is the first step towards a paperless office solution. RI s approved software solution is Xplan. Benefits and Risks The benefits of storing client information on Xplan include: A uniform approach to the management of records Quick access to and retrieval of information Multiple staff in the office being able to access client information at the same time Cutting down the need for physical space associated with paper records Reduced storage and stationery costs 1

Less time taken to retrieve lost data as Xplan is web-based and data is backed up on a per minute basis on servers located throughout Australia Streamlined workflow processes for key client engagement steps using the tools in Xplan Ability to efficiently generate advice documents (Fact Find, SoA, RoA) and client letters through use of wizards and other tools Licensee visibility of all client information which can assist in the event of a complaint Enables off-site compliance reviews The risks of storing client information on Xplan include: Data manipulation (this is offset by the audit trail functionality available in Xplan) User processing error eg. Not scanning all pages of relevant documents, not completing all relevant client information in Xplan to assist in producing advice documents ie. Fact Find, SoA and RoA Hacking into Xplan server by unauthorised users Issues to consider before transitioning to a paperless practice Based on feedback from RI Advice Group practices that have gone through the process, we recommend the following key issues be considered before transitioning to a paperless process: 1. Establish a project plan including timeframes for your practice eg. Determine whether the practice will be fully or partially electronic. 2. Start small with just a single area of your business so you can address any problems before broadening the scope. 3. Determine capability of staff to cope with a paperless practice approach and upskill where necessary eg Xplan training for data management, how to use a scanner. 4. How will you handle paper reduction on an ongoing basis? Eg. Who will scan and store all incoming paper information on Xplan. 5. Establishing an Xplan champion within the practice to lead and implement the change 6. Maintain strong Xplan password protection for all users within the practice and change passwords frequently. 7. Ensure Xplan logins are promptly cancelled upon a staff members departure. 8. Is your internet (broadband) suitable with adequate upload and download ability from a reputable supplier? Eg. Telstra, Optus etc. 9. How does the practice want to treat historical client information ie. Do you want to scan all information into Xplan or do you want start scanning from a certain date and keep all existing information in its paper format? 10. Check if your current photocopier/scanner is adequate for the situation. 2

Meeting RI Advice professional standards requirements Records Retention Statutory obligations Many statutes require certain categories of records (including emails) to be retained for specified periods of time. Examples of some statutes include the Corporations Act 2001 (Cth) and Income Tax Assessment Act 1936 (Cth). The retention periods prescribed by statute, generally 7 years, should be regarded only as minimum periods. RI Advice Group business standards The RI Advice Group minimum requirement for record retention is 10 years. At what time the 10 year period begins will depend on the nature of the document For example, for investor records, the 10 year period begins after the last transaction, whereas for FOS matters the 10 year period begins after the date of the claim. After 10 years, we recommend information be archived rather than being destroyed. Electronic storage of advice process documentation Fact Find For the purpose of this policy, Fact Find means Personal Financial Profile (PFP), Risk Fact Find, Core and Modules for the new advice process and any other RI approved data collection forms. There are multiple ways of capturing client data. The following are the best practice approaches: OR 1. Capturing all data using paper fact finds and then scanning and uploading the final version into Xplan. Note: You would still need to input the information into the relevant fields in Xplan to generate all advice documents. 2. Alternatively, the practice can input the data collected from the paper fact find in the relevant Xplan fields and then safely dispose off the paper fact find. Note: This option requires the scanning and uploading of the signed client declaration page for current advice process documents or the signed Letter of Engagement client declaration in the new advice process. A Reverse Fact Find should then be generated once data has been entered in Xplan. The fact find should reflect all data captured and automatically dated in Xplan. A reverse fact find does not need to be in PDF format. At an annual review, any updated information should be entered into Xplan and an updated reverse fact find should be generated and saved. 3

Letter of Engagement (LOE) The completed and signed LOE must be scanned and stored on Xplan. The paper document can be disposed of in a secure manner. Statement of Advice (SoA) and Record of Advice (RoA) The final version of the SoA that is presented to the client should be in PDF format for data integrity. The simplest way to PDF the document is to save the file in PDF format. Note: You do not need print and scan the SoA to create a PDF. Electronic signatures for the SoA cover letter are now available for use in the new advice process. In the interim, if you are signing the final copy of the SoA, the practice needs to scan and save the signed cover letter along with the PDF format copy of the SoA. The same process applies to RoAs. Declaration and Consent / Authority to Proceed (ATP) The completed and signed ATP must be scanned and stored on Xplan. The paper document can be disposed off in a secure manner. Application forms The completed and signed application forms must be scanned and stored on Xplan., with the paper copy disposed off in a secure manner. For e-applications that don t require client signatures, practices must save a completed copy in Xplan, preferably in PDF format. Confirmations and Notifications Confirmation letters and other notices from fund managers and life offices must be scanned and stored in Xplan. AML documentation A copy of the relevant identification and completed IFSA/FPA form must be stored in the client file in Xplan. File Notes For the purpose of this policy, file notes mean handwritten or typed file notes, voice recordings, dictaphone and video messaging. File notes can also be directly entered into Xplan. Handwritten and typed file notes should be saved in PDF format for data integrity. Client Correspondence Mail and Faxes 4

You should not be serving as a mail hub for client mail. However, any client correspondence that you do receive (eg. fund manager confirmations) should be scanned and saved in PDF format in the client file in Xplan. Email Emails must be stored in Xplan. The procedures guide gives options on how to save. Trust deeds and Power of Attorneys (POA) Legal documents such as Trust Deeds and POA should not be destroyed upon scanning and saving in Xplan. Note: It is critical that the practice confirm that information has been correctly scanned and the contents of the documents scanned are legible, before destroying all hard copy documentation. Scanned documents should be saved in PDF format, date stamped and stored in Xplan in accordance with the procedures document accompanying this policy. It is RI Advice policy that the quality of scanned documents is the responsibility of the practice. Liability for any error, omission or unreadable signatures lies with the practice. This applies to any other important elements of a client file or other important documents. Naming convention for files Developing a standard protocol for the naming of documents within an office is extremely important to maximising the ability to easily and efficiently retrieve the documents required. This protocol may vary slightly from practice to practice, but a practice must ensure they maintain a standard naming protocol that all staff can understand and use. As a recommendation, practices should name the files by the client surname and date of transaction or vice versa. For example, the file for B. Jones with business transacted on 1st March 2006, would be named JonesB010306. Note: Privileged, confidential and sensitive materials are to be labelled and should be stored in secure places, if possible, separately from other records Disposing of records Any hard copy documentation disposed must be shredded or disposed of via a secured method. Acceptable secure methods include using a shredder and having a secured disposal bin. Possible consequences of failing to keep records (electronic or paper) Failing to keep records in breach of these obligations is extremely serious. It may be: A breach of court obligations Contempt of court/ interference with the administration of justice Breach of the Crimes Act (Federal and State) Breach of a relevant law 5

Destruction of records may also result in adverse inferences being drawn against RI Advice Group entities if litigation is commenced in which the records may be relevant. The consequences may adversely affect the reputation of RI Advice Group, their ability to defend or initiate legal action and may lead to fines imposed on RI Advice Group imprisonment and/or fines for individuals concerned. Conclusion Regular reviews need to be conducted of stored records to assess whether the records are required for business or legal reasons. Consideration is to be given, at the time of disposal, as to whether the records may be relevant to actual, threatened or reasonably foreseeable legal action or regulatory investigations. Irrespective of the retention period attached to the record, if the record could be considered relevant to any such action or investigation, the record must be kept. Secure disposal bins are to be used to dispose of confidential and restricted records. Only a reputable and reliable record management company is to be engaged if record disposal is outsourced. Check quality of scanned document before disposing off the originals. Double sided scanning is acceptable. Records should be reviewed regularly to determine whether information can be archived once 10 years has been reached. The practice needs to establish its own internal processes as to when documents should be scanned eg. upon receipt, at a set time each day, once the item is actioned etc etc. The process should be documented and followed by all employees within the practice. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information