The Financial Services (Distance Marketing Directive) Regulations 2004 make it a legal requirement to be able to prove what a customer agreed to. It is estimated that a staggering 90 per cent of all companies in the UK aren’t actually fully compliant and cannot prove satisfactorily that the agreements they store are unchanged (a requirement of the regulation). With Codel on-line form authentication they can, for less than the price
of a text message!
Codel is ideally suited to help organisations address their compliance needs and provides one of the most unique and incontrovertible ways of establishing data authenticity. The Codel solution is designed for a variety of industry sectors including healthcare, central and local government, financial services, telecomms, retail, and many others.
The Freedom of Information Act
With the introduction of The Freedom of Information Act an individual has:
- the right to be told whether the information exists
- the right to receive the information
It is essential, therefore, that the authenticity of records is unquestionable. Indeed, it may be necessary to conclusively prove origin, integrity, priority date and ownership in a court of law. The Codel solution makes this possible. Codel is a unique but simple process for registering and proving the authenticity of any digital object. This process does NOT require the object to be sent outside the owning organization.
Essentially the Codel software, which resides in the user’s system, creates a digital fingerprint of the object which is a unique reference. That fingerprint is then recorded in the Codel database with its time and date stamp and its creator’s reference. The database, which can be in the public domain, maintains an audit trail of all activity. At the end of each day the digital “fingerprint” of that audit trail, again a unique reference, is published in The Financial Times thus providing open and lasting proof of the integrity of the audit trail.
Proof of Authenticity
In order to prove authenticity of an object at some later date, the system creates another digital “fingerprint” of the object in question. If this “fingerprint” exactly matches the stored “fingerprint” then the objects are identical. The system provides incontrovertible mathematical proof of the authenticity of the object.
The public can therefore have confidence that the information released as a result of The Freedom of Information Act is original and unaltered and that its origin and ownership can be checked. The Government will have the peace of mind knowing that, if challenged, it can prove the originality and integrity of the published information.
Burden of Proof: Proving Compliance in a Litigious Age
The sheer proliferation of acts and regulations in the last few years has put tremendous pressure on companies to closely monitor internal processes and ensure that they are compliant at all times. In practical terms, this requires organisations to provide controls that prove the integrity of records and their authenticity.
Ensuring this is no easy task, but one that is vital, given that the board of directors is now personally liable if the company does not comply with corporate governance law and health and safety law. Internal audit trails do not typically provide this evidence, nor do many record management systems. Codel bypasses these problems by proving beyond doubt whether a record is original and unaltered. As well as ensuring good corporate governance, Codel authentication also secures electronic contracts and agreements, protects intellectual property, secures e-mail systems, and proves the origin and authenticity of products as well as documents.
Scandal after Scandal
Corporate governance has never been as high on the business agenda as it is now in the wake of several high-profile corporate and accounting scandals that have affected such well-known names as Enron, WorldCom, Adelphia and Global Crossings.
Scandals like these make front-page headlines and have certainly helped to raise the profile of corporate governance amongst the public and executives alike. But there are other reasons too, for the renewed focus on corporate governance: more companies are operating across national borders, capital markets are becoming increasingly integrated and new technologies are enabling companies to operate as global businesses.
- ‘First Enron Criminal Trial Involving Former Enron Corp. Executives’ - The Associated Press
- ‘Citigroup settles WorldCom investors suit for £2.65bn’ - Reuters
- Adelphia witness says auditors deceived’ - The Associated Press
- ‘WorldCom reveals new $3.3bn error -the company also said it may now write off $50.6bn in intangible assets - a figure equivalent to last year's gross domestic product for the Czech Republic and Hungary combined.’ - BBC News
- ‘Bankrupt telecoms carrier Global Crossing is to write off $8bn for the final three months of last year, to make up for the precipitous drop in the value of some of its assets.’ - The Times
Legislation such as Sarbannes-Oxley
Legislation has been a key driver behind compliance and corporate governance initiatives. Recent legislation such as the 2002 Sarbanes-Oxley Act requires executives, boards of directors and auditors to take precise measures to bring about greater corporate accountability and transparency. The Act expressly applies to any non-US company registered on US exchanges under either the Securities Act or the Exchange Act, regardless of where that company is incorporated or based.
The first corporate governance initiatives under the European Commission Action Plan on ‘Modernising Company Law and Enhancing Corporate Governance in the European Union’ were introduced in the second half of 2004. These cover areas such as the role of non-executive directors, directors’ remuneration and company financial statements.
In practical terms, compliance with corporate governance initiatives means providing controls to prove the integrity of records and their authenticity – otherwise known as e-compliance.
The burden of compliance falls heavily on the shoulders of company directors – who are now personally liable for compliance under new corporate governance laws. Even in cases where there has been no intention to misreport information and incorrect data has occurred inadvertently – possibly as the result of corrupted data, malicious interference or a genuine human mistake – responsibility still lies with the directors. It is, therefore, paramount for them to be able to demonstrate the process by which reporting occurred and to show that records and the controls for them are complete and unaltered.
In most existing companies, manually provided internal audit trails do not provide this evidence but an alternative solution lies in IT. Many companies have already taken the step of auditing and updating their current systems in attempts to meet corporate governance requirements and the expectations of the boards, investors, regulators and key stakeholders.
An exhaustive choice of IT applications that claims to manage a company’s corporate affairs is already available. These are mostly transaction and records management systems, which create, maintain and retain records electronically for organisations of any size.
However, these applications manage record integrity on the assumptions that the originating source is genuine and internal application controls are sufficient to prove authenticity. Neither of these are necessarily true. It is probably true to say that few, if any, applications publish either proof of record integrity or legitimate audit trails, thereby, removing any element of doubt over authenticity and integrity of corporate records. Although PKI is viewed by some to be the answer to a lot of these problems, PKI still remains somewhat of a niche technology, because of its complexity, operational costs and complex trust hierarchies. However the Codel system has none of these drawbacks, which makes it ideally suited for authentication and integrity applications.
Proof Beyond Reasonable Doubt
Codel is an authentication system that can prove beyond doubt whether a record is original and unaltered. The security system does this by taking a digital fingerprint of the electronic record (it can also authenticate a physical item) at the time the record is created. This fingerprint is then recorded along with the originating source and time. At no time does Codel store any of the original content – this means that Codel is never privy to sensitive or confidential information.
A key feature of Codel, which distinguishes it from other authentication systems, is that it can be accessed by anyone with the appropriate security authorisation from anywhere. Codel also has in place its own audit trail validation protocol, which ensures that the data cannot be altered once a digital fingerprint has been posted to its authentication database.
All digital fingerprints posted to the database each day are written to an unchangeable file format, further reinforcing the integrity of the Codel system. To demonstrate that the data held in Codel is unimpeachable, another digital fingerprint is created from the entire database and published in Hex format in a national newspaper – The Financial Times.
This process of publishing the audit trail fingerprint has two purposes. First, it takes control of the audit trail out of Codel’s hands, which makes it a truly independent standard. Second, the audit trail is published in the public domain making it irreversible and unimpeachable.
The Codel Standard Codel is establishing a global, public certification standard for authentication, which is now registered in 80 countries and continues to expand.
Codel Benefits and Peace of Mind
By providing proof of the true authentication of records and, therefore, enabling companies to comply with corporate governance requirements, Codel gives peace of mind to shareholders, customers, trading partners, and the board of directors.
With corporate governance still a top priority for many organisations in 2005, Codel’s strengths in the area of corporate governance will continue to be one of the key drivers behind its take-up. But Codel authentication also has a strong role to play in other areas, such as content management, securing electronic contracts and agreements, protecting intellectual property, securing e-mail systems, and proving the authenticity and origin of digital content.
To find out more about how Codelmarking works click here.