An information governance program provides consistency to ensure that information, both structured and unstructured, is managed in a consistent fashion. There are three areas—structure, technology and education—that businesses need to address when establishing an effective information governance infrastructure. Doing so will not only help them avoid regulatory fines, but it will also create a true culture in which compliance is top of mind for all employees within an organization.

The components of an information governance program will lose their value if not a part of a larger strategy for corporate compliance. Upper management must evaluate an organization’s internal structure to determine how to integrate compliance into its core values and objectives. Especially within highly regulated industries, re-establishing core values to mirror regulatory standards and impart a sense of urgency for all the company to uphold is key to creating a culture of compliance. These values should encompass a defined set of policies and procedures, standards for reporting and communication tools that align with governance and compliance requirements.

Technology infrastructure

Once goals are set, corporate governance technology must be implemented. This is the most effective way to capture and store all data within an organization. It can be incredibly overwhelming to think about having to file and archive millions of emails, instant messages, unified communications and collaboration messages, electronic file transfers and more. Deploying compliance technology with records management capabilities is critical to addressing this complexity and avoiding the possibility of files slipping through the cracks. For professionals involved in swap transactions, Dodd Frank even mandates that all voice calls, whether over phone or video, must be archived. Ultimately, governance technology is the best option to ensure full compliance as the regulatory landscape continues to introduce new requirements.


It is imperative that education practices are in place to support the development of a ‘risk intelligent culture’, in which employees have an understanding of the compliance risks that exists in the industry. A culture in which staff understands the risks is empowered to direct that knowledge toward open communication and the adoption of processes as directed by upper management. Whether by a monthly seminar on new regulations or weekly memos sent by management to relay relevant industry news, education throughout an organization is essential to mitigating risk and protecting the organization. Additionally, while employees are typically the ones who must uphold regulatory standards day-to-day, it is the responsibility of upper management and the C-suite to lead by example. Executives need to set expectations with employees and follow their own advice when communicating and conducting business as usual.

You can read the rest in at Three Ways to Create a Culture of Compliance in the Age of Information Governance