1 / 29

Part 1 John C. Monta ña, J.D. The PelliGroup

Records and Information Management in the Banking Industry Ensuring your Records and Data are ready for the post-bailout world. Part 1 John C. Monta ña, J.D. The PelliGroup. What is a record retention schedule?.

sarai
Download Presentation

Part 1 John C. Monta ña, J.D. The PelliGroup

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Records and Information Management in the Banking IndustryEnsuring your Records and Data are ready for the post-bailout world Part 1 John C. Montaña, J.D. The PelliGroup

  2. What is a record retention schedule? • It’s a list of records or record types, followed by dome indication of how long they should be kept • There may be additional information, such as media types, locations, etc

  3. How does it work? Why do we need one? • A retention schedule is a policy document. Personnel are supposed to use it as guidance when destroying records • In electronic records systems, a retention schedule may be used as a template • A retention schedule provides guidance to ensure the orderly disposition of records and data

  4. Records retention is a heavily regulated area: Banking Commissioner OSHA EEOC SEC DoL IRS FDIC EPA Etc., etc. State analogues of the above

  5. Other Standards and Authority Industry Associations ANSI (American National Standards Institute) AIIM (Association for Information and Imaging Management) ARMA (Association of Records Managers and Administrators)

  6. Jurisdictional and Preemption Issues: Potential concurrent state and federal jurisdiction Potential concurrent jurisdiction by different agencies Different regulatory regimes for different business processes Cross-border issues of regulation

  7. Issues with statutory and regulatory language • Vague or outdated statutory language • Poor match between records contemplated by law and those actually found • No or few implementing regulations when the statute calls for them • Unreasonable retention requirements • Verbatim state adoption of federal requirements • What if federal requirements change? • Conflicting or inconsistent requirements

  8. Some Basic Rules

  9. Records retention must be “in the normal course of business” Destruction must be done in good faith Mens rea is important –the goal cannot be to deprive other known parties of information

  10. Retention activities must conform to controlling law e.g., destruction prior to expiration of statutory retention period is presumptively bad faith destruction

  11. Retention Periods When There is No Law • Factors: • Business judgment • Risk management • Cost • Administrative efficiency • Statutes of limitation inform., but do not control the discussion

  12. Legal Holds Disposition activities must halt upon notice of actual or impending litigation Records responsive to litigation must be preserved That does NOT mean that all disposition activities must cease until the litigation is concluded The hold must be effectively communicated to stakeholders, and attorneys must exercise due diligence in follow-up The hold should be released at the conclusion of the matter

  13. Some Basic Tools

  14. Policies and Procedures Employees and technology implement rules No rules means no consistency No consistency means problems Problems mean costs

  15. Indexing and Data Structures • In order to manage a record, you must be able to accurately identify it • Indexing, data structures and metadata are the key to identifying records • Many repositories are poorly indexed, or not indexed at all; metadata is poorly chosen or left to default • Keyword searching or auto-classification is only partially effective

  16. Records Management Success • Written Policy • Low-level Nuts & Bolts • Indices • Data Structures • Metadata • Training • Know the Failure Points

  17. Common Failure Points • Poor understanding of what the organization actually needs • No implementation strategy • No enforcement mechanism • Inadequate resources • Poor employee training • Blind reliance on technology solutions • Poor technology implementations

  18. Problems with Technology Solutions • Buy first, vet later • Poor policy and procedural structure • Poor implementation • Lack of structured indexing • Lack of consistent file names • Poor metadata selection

  19. When Considering a Technology Solution • Buy software LAST! • Before that: • Develop policies and procedures • Develop indices, data structures and metadata standards • Develop a FULL functional spec • Make sure the software can implement the above

  20. The Number 1 Reason for Failed Technology Solutions is Poor Configuration No hard-coded indices or data structures Poor or no metadata capture Badly configured user interface Poorly thought-out workflow expectations (e.g., too many buttons to click) Usually Because Software Purchase was Step 1

  21. The Problem with People • People manage electronic data very poorly • Poor file names • Poor data structures • Aversion to management • Aversion to purging • Disgruntled employees

  22. Culture • Organizational culture may foster bad records and information management • My records are “mine” • I/my department makes its own rules • We don’t tell our people what to do • We don’t carry a big stick

  23. How to Change Things • What’s in it for me? • Personnel need to see a tangible benefit • Breaking bad habits • Takes time, takes nagging • Good new habits are quickly lost if not reinforced • Get a big stick • No penalties means no reason to change

  24. Compliance • Make compliance easy • If compliance is annoying or interferes with work, people will actively defeat the plan • Plan on: • Intensive initial training to break old habits • Ongoing lower-level reinforcement

  25. Where’s Your Data? • Outside the U.S.? • In the hands of third party service providers? • Financial or HR service providers • Commercial storage facilities or data vaults • Outside counsel • The Google cloud • It’s all discoverable!

  26. Records Management Responsibility is Non-Delegable • You are responsible for failings of service providers • Retention • Availability • Privacy and confidentiality • Discovery

  27. They Should be Able to: Apply your retention periods Enforce your privacy and confidentiality obligations Safeguard your records and data Give you back your records and data, and its metadata, back to you at the end of the relationship

  28. You should: • Include appropriate language in contracts • Inspect policies and procedures • Inspect facilities • Audit compliance • For electronic systems (e.g., external vaulting or backup), have your IT folks vet the provider’s technology

  29. Questions?

More Related