New regulatory requirements along with high-profile court cases and jail sentences have made records management a top concern for many financial services companies-with good reason. Few people have a clear understanding of what they need to keep, for how long, and in what condition. The truth is, it doesn't need to be complicated. There are some simple facts you need to know to improve your compliance efforts, increase records management efficiencies, alleviate legal headaches and reduce your risk.
FACT: You're overpaying for storage.
Creating a digital landfill does not ensure compliance. Only your storage vendor and legal counsel benefit from a "save everything" approach.
In response to the records management challenge, many banks have adopted a "keep everything forever" strategy. In the short term, this may seem easier because you don't have to think about it. In the long term, you end up with ever-expanding storage expenses, and, in the event of legal action, pay outrageous legal fees for electronic discovery.
When one financial services company decided to evaluate its existing records management efforts, it discovered that it was storing 1,200 copies of the same document in five different versions across its network. Most organizations will find situations exactly like this throughout their document storage systems. Unfortunately, they will probably not discover the magnitude of the problem until they are served with a lawsuit.
FACT: You can get rid of half of the records you're keeping.
Records have a shelf life. They should only be kept for the length of time specified in a business obligation or by regulatory requirement.
It's bad enough you're keeping everything, but keeping everything forever could have even worse consequences. Of course, financial companies are required by law to retain a breadth of documentation ranging from loan applications and customer correspondence to transaction records and stock certificates to electronic communications as outlined in SEC Rule 17a-4. The larger issue is how long we are keeping those records.
It is estimated today that at least 50 percent of information kept on corporate file systems, back-up tapes, email servers, desktops, and laptops is already past its retention date. That means you are managing more than twice the information than you need to. Not only does this add to your storage costs, it also makes finding things that much more expensive. A large American company recently did a study of nine legal cases that occurred over a four-year period. They found that 50 percent of the information they had to pay an outside party to discover was already past its required retention date per their existing policy. The review of irrelevant records cost them more than $12 million.
FACT: Retention policies and records management.
Managing records is more complex than just keeping them.
Typical retention policies simply specify how long you keep documents and how to dispose of them. Implementing these policies is another matter. Records management is a program that applies your retention policies and actively manages the lifecycle of your records, from identification to storage to destruction.
Each step in the process is important. You need tools that accurately identify and retain only business relevant records. This can be accomplished by implementing automated records management procedures into standard workflows. Or, more sophisticated solutions also offer components that can sift through files, documents, and emails behind the scenes, using content and keywords to locate records and automatically incorporate them into your records management system. You then must store these records in a way that complies with regulatory requirements such as the Bank Secrecy Act. Ensuring your records are legally defensible is a critical consideration of any records management system. How you store them, as well as who can alter them, directly impacts their defensibility. And finally, you must destroy documents in a timely and legally compliant manner.
FACT: Your employees aren't good records managers.
Every employee files things differently. Don't depend on individuals to do a job better suited to IT.
Even if your institution has an established retention policy, in practice, your records management may be undisciplined and ineffective. By leaving application of the policy up to individuals, you are opening your company up to added expenses or worse -non-compliance. Every employee is different-they work differently, they act differently, and they file differently. By automating your records management, you take the individual out of the equation.
Records management is as much about process as it is about content. By leveraging technology to determine what constitutes a record, you can effectively manage both the content and the process. For example, there is no need to keep an email about scheduling a lunch date, but the one about a complicated loan application must be retained. Your records management tools should immediately be able to identify the difference between these documents. But, more importantly, these tools should take the process further by automatically applying your corporate retention policies and then capturing the record in your records management system, all without human intervention.
FACT: When it comes to records management, you must remain vigilant.
Automating records management is a first step. You also need the tools to constantly monitor records enterprisewide.
With millions of documents, emails and other files created each day, financial institutions face an ongoing records management challenge. While automating the records management process handles the large majority of your needs, there are inevitably instances where things are missed. Whether it's as a result of employees working on laptops remotely, instant messaging, or other activities, you need fail-safes.
One approach to this is continuous monitoring or content enforcement tools. These tools can crawl through your systems on a regular basis to find items that, per your retention policies, might be records and that are not currently part of your records management system. These tools can then automatically place the record in the system and apply the relevant retention timeframes. By making this a continuous process, these tools eliminate errors, improve productivity, ensure compliance and keep your records management system always up to date.
FACT: Records Management doesn't have to be hard.
Finding the right technology tools makes records management easier for financial services firms.
Despite all the buzz, complying with records management requirements can prove relatively simple as long as you implement the right policies, access the best tools, and work with IT. With automated systems and continuous monitoring, the chances of overspending on storage or ending up behind bars or in the headlines as a result of poor records management are virtually eliminated.
FACT: You can succeed at records management.
By following a few simple principles, your company can put its records management worries behind it.
* Don't rely on your business users or the systems that rely on your users. Rely on your processes instead.
* Capture the process information and data. Not only is it required by law, but you can use that information to improve those processes along the way.
* Retain what you need to for only as long as you need to as determined by law, regulatory statute, and sound business policy.
* Only destroy or delete records at the right time for the right reason and by the right process.
* Enforce your records management and compliance policies consistently and uniformly.
Craig Rhinehart is director of compliance markets and products for FileNet Corp.
