As banking companies continue to struggle with mushrooming electronic data, the Financial Services Technology Consortium has begun an initiative to analyze these piles of unstructured content.
Michael Versace, the managing executive for security and infrastructure at the New York research organization, said that a transaction such as a stock trade can generate a lot of data that is relatively straightforward to maintain because the specific data fields are well defined and the information is archived in official systems of record.
But other important business information is in unstructured form — e-mail messages, instant messaging files, user-generated content, even voice systems. And this information can exist outside official systems of record, on a shared drive on a network, for instance; on somebody's PC desktop; or on a portable memory device.
"The distinction between structured and unstructured content is one of the fundamental challenges," Mr. Versace said in an interview Monday.
The industry has tightened its control of data records through policy and process management, but many parts of the program are not automated or not connected end-to-end across business lines, Mr. Versace said. "We don't see industry-level activities, apart from ours, that are focused on the technology challenge."
The issue has been painful, and expensive, for the industry in recent years. In 2003 and 2004, 12 investment banks agreed collectively to pay a $1.4 billion settlement for tying research recommendations to their underwriting practices, and e-mail retention was involved.
And the investment bank Morgan Stanley lost a $604 million jury award to the financier Ronald O. Perelman in May 2005. A pivotal issue was the company's failure to produce — or as its attorneys argued, its inability to locate — crucial e-mail messages.
The consortium's initiative grows out of a records management working group in the American Bankers Association. James Chessen, the ABA's chief economist, said the association plans by January to have a toolbox for its members, including checklists and worksheets on records retention.
"Content determines a record. What is the content? How do we store it? What is the retention schedule? How do we destroy it properly at the end of the retention period?" Mr. Chessen said in an interview, listing the key issues. "Banks are struggling with an onslaught of information that is pouring in through different channels."
The consortium is beginning with the question of content, as a broader definition than data, and asking at an early stage whether the industry should try to establish records management requirements for unstructured content, Mr. Versace said.
For example, board minutes that are stored in a pdf document may be assigned security classification "A" because of the confidential content, Mr. Versace said. "Now that the document has been classified in a certain way it needs to be protected in a certain way."
The consortium kicked off its records management initiative with a conference call two weeks ago that attracted about 40 groups as participants.
The project will try to determine whether the frameworks apply to this unstructured content, then to develop a business services library, and to define a technical architecture for managing it, he said.
Ultimately, the consortium participants could develop a reference implementation for managing the process and a validation scenario to help banks build their own systems, he said.
Mark Bubar, the vice president of worldwide financial services sales at CA Inc. in Islandia, N.Y., said the risk is great.
"There's such a huge amount of data, and there's no policy set to regulate how that data leaks out of the company," Mr. Bubar said. "You have the heart of the company on your memory stick, and there's nothing other than a verbal policy to regulate how you use that data."
