If there is any industry that understands the need for information governance and records management, it is financial services. The regulatory environment for banks, in particular, is complex and demanding. After a series of recent meetings with a regional bank in the US, I now understand that smaller banks, especially those acquiring other banks, is especially challenging.
Large banking organizations have big teams and sophisticated systems to ensure they are in compliance with record-keeping requirements. Smaller banks have to meet the same requirements, but with far fewer resources. Add on the complexity of acquiring banks with different systems and different practices, and the challenge – and associated risk – is enough to cause shortness of breath.
What makes smaller banks more vulnerable?
Typically, their transactional systems for managing accounts and lending activities are commercial, off-the-shelf systems, each with its own database or repository. That repository may or may not have effective retention management capabilities. So the bank may have three systems, from three vendors, each with its own data or content store. Imagine trying to put consistent retention policies in place and executing the resulting records disposition activities across multiple systems with different records management capabilities!
Similarly, a legal records request or litigation hold process must be executed across multiple systems, with different functionality for search, hold and retrieve capabilities.
Now add on a few acquisitions, and the picture gets even more complex. An acquired institution will have its own set of systems and records management processes. And they almost certainly will have physical records as well, stored both off-site and on-site.
As systems are integrated, and accounts are moved, active accounts and processes can be migrated into the bank’s production systems, but what about the inactive records stored in those systems? Where do those records and documents go?
What if that acquired institution is in another state? With different regulatory requirements when it comes to records retention rules?
What sounds like a major operational undertaking is, in fact, an even bigger compliance challenge. Ultimately, the bank needs to retain and manage its records and the records of any acquired institutions according to regulatory requirements. If records can’t be produced when required based on a legal action, there are potentially very serious repercussions.
And if all records are retained indefinitely, the “surface area” for legal discovery procedures creates the risk that documents that should have been destroyed end up in the hands of opposing counsel instead. Or, equally disturbing – a data thief.
There is no one, simple solution for a regional bank of an acquisitive nature. But there is a place to start.
Defining your bank’s Information Governance Strategy
Information Governance starts with decisions and policies, and that is job one. A file plan that acts as an inventory of records types and documents their location and the policies that govern them is essential. And soon after that, establishing an architecture for information governance can ensure that each successive phase of implementing records management processes and systems reinforces and advances the long-term vision.
Here is an example. The bank I was working with has enterprise solutions in place from a commercial vendor, and that vendor has a content repository for documents and images. But that repository does not capture all documents, nor does it have the records management capabilities needed to manage retention effectively.
The bank’s vision (architecture) for records management is to combine both manage-in-place models for some systems and ingestion into a central store for others. They also want a “single pane of glass’ that allows search, retrieval and litigation hold on records and documents no matter where they are located.
With a clear vision and architecture in place, they can implement a first phase project working with a specific class of records, and go ahead and implement an ingestion model for those records. The result is short-term progress and risk reduction that fits with their longer-term records management (information governance) architecture.
Size doesn’t matter where records management is concerned
What I learned from this customer is that a smaller bank can have bigger challenges when it comes to information governance than a “too big to fail” financial institution. But I also learned that the principles are the same – define a long-term information governance architecture while implementing departmental solutions that fit into the architecture in successive phases. Each phase results in better governance, lower risk and often, lower costs.
If you want to talk about information governance, whether in banking, life sciences, energy or any other industry, drop me a line. I would love to learn more about your situation and share whatever insights and experiences I have that might be helpful.
VP Customer Success