Many credit unions have implemented various document imaging systems over the past few years to stave off the increasing costs of paper-retention and improve member service. In doing so, however, many of these same CUs may unwittingly be putting themselves at risk due to inadequate document-retention policies and lack of a formal business continuity process.
Credit unions for years have led the financial industry in terms of technology adoption, which has been great for members and credit unions alike. Core system providers have been crucial in getting the level of data disaster recovery raised to the point where most credit unions these days have the process, plan, and procedures down to a science and know exactly what they will do in the event of a critical incident.
Unfortunately, many credit unions have by default treated their imaging data as just that, data. They may not have put together the other critical pieces required to meet compliance of a true records management document imaging system.
According to Alan B. Sterneckert, a retired FBI agent and author of the best selling technical resource book titled "Critical Incident Management," most financial institutions have neglected to document all of their paper processes. In other words, they may have their core data backed up but have failed to implement document-retention schedules. And in reality, they have missed out on the opportunity to distinguish between data processes and their key business processes that are so critical to them.
Sterneckert points out that post-9/11 and Katrina events really have emphasized that point. "Core data was backed up safely, but most of the businesses and credit unions impacted cease to exist today partly because they could not recreate their core business processes," he adds.
Free Help Is Available
Fortunately, help is available in the form of a free guideline established by the Department of Defense titled DoD 5015.2. This guideline establishes criteria that organizations need to meet to have an effective records management and retention policy. In fact, DoD 5015.2 is required by most governmental agencies and is adhered to in many other industries as well.
A simple explanation of DoD 5015.2 basically requires that policies be developed around the storage, retention and destruction of an institution's key records. This is very different from the backup processes used to backup and restore data from a core data processing system. DoD 5015.2 requires the institution to identify its most critical documents, establish definable criteria, and provide a process of continuity for the life of these documents as well as electronic files and their associated meta data.
We will see the day coming in the near future where the NCUA, as well as other governmental regulatory agencies, may require these processes and procedures such as DoD 5015.2 to be put in place before destruction of any documents will be allowed.
The ability of a credit union's document imaging solution to meet DoD 5015.2 or whatever Records Management regulatory environment is established that may be forthcoming may very well determine that institutions long term viability in the event disaster strikes.
It is important to raise the awareness about the potential exposure credit unions face with the implementation of a document imaging system and their current document destruction processes (or lack thereof). As time goes on, however, we will begin to see the separation of their core data processes from their business processes and records retention policies so that there is a greater capability to insure their long-term survival.
For more information on DoD 5015.2 visit: www.archives.gov/records-mgmt/initiatives/dod-standard-5015-2.html
Scott Cowan is Vice President of Sales at Millennial Vision, Inc. a Document Imaging Reseller. He may be reached at scottc
