Financial Services Firms Rein In Those Records Rogues Yesterday

Topics : Information Governance

When your firm’s rebels without a cause flout records and information management policies, you’re tempting fate—especially in this increasingly aggressive regulatory climate. Keep those renegades in line with proper RIM training and policy enforcement.


FAST FACT: FINRA has set a six-year default retention period for books and records that don’t already carry a specified retention period under FINRA or SEA rules.

DID YOU KNOW? Banking and securities stand to benefit more from Big Data than other industries, due to both the high volume and high velocity of data, according to a Gartner study.

There was no problem MacGyver couldn’t solve with a potato, duct tape and a candy bar. More recently, the big-screen Jack Reacher works outside the rules to deliver rough justice. So when some of your firm’s mavericks come up with similarly creative ways to access and use your records to close a deal or tailor a new financial instrument, you may be inclined to applaud their bold, creative savvy.

But when it comes to records management, regulators aren’t all that impressed with clever improvisations, especially in light of recent Wall Street reform measures such as the Dodd-Frank Wall Street Reform and Consumer Protection Act. Employees working outside your records and information management (RIM) rules can cause your firm fines, penalties and lost productivity, as well as a hit to its reputation in the marketplace.

Mavericks working outside the box can leave your data vulnerable to breach (say, if confidential files are left open on laptops) and increase your discovery exposure risk if they squirrel away nonessential but discoverable information. They may even add to your paper piles if they photocopy and distribute records among their team members.

Here’s another reason why mavericks must be kept at bay: Big Data is placing unprecedented stress on your enterprise. An IDC forecast estimates that 2.7 zettabytes (2.7 billion terabytes) of information are currently coursing around the planet. If you don’t whip rogues into shape now, the “black ops” they’ve put in place—and continue to create—can wreak havoc on new data, and you won’t be able to manage it properly.

So are you convinced that it’s time to invest in training? If so, here’s what to consider as you put your program in place:

1. Develop your RIM policy. Assess all aspects of your records management program and identify policy needs.

  • Cover all the bases. Develop a single RIM policy that governs all information types, both physical and electronic.
  • Apply it consistently company-wide. Create a timeline to implement your RIM policy objectives. It should include making (and enforcing) deadlines.
  • Give the rogues a voice. In the same way that companies bring in hackers to help formulate airtight security plans, put the creativity and tenacity of your MacGyvers to work creating RIM policy.

2. Make your policies intuitive and workable. Who’s going to stick with rules that don’t make sense or weigh down business operations with extra steps?

  • Match policy to workflow. Assess your information needs and understand how your organization shares data. Then develop a RIM program that dovetails with these existing best practices.
  • Keep it timely and topical. Be sure your new policies reflect the business and regulatory climate as well as your firm’s current POV. Consider new business goals and operations, shifting regulations, and emerging social media data sources.
  • Index everything. Tag every record to include descriptors such as author, record type and origination date. This makes it easier for employees to access what they need.
  • Be thorough and consistent. Build an all-encompassing policy, but make sure it’s consistently applied. Apple famously trains its employees on five steps of service to ensure a top-notch, consistent customer experience.

3. Invest in a thorough training program. Don’t skimp on this part. You stand to get plenty in return on your investment, including better-organized and more accessible records, as well as improved security and regulatory compliance.

  • Spread the word. Provide various ways for your colleagues to access, review and sign off on any new policy.
  • Brush up on the law. Make sure employees understand company obligations under federal regulations like the Sarbanes-Oxley Act, Dodd-Frank and SEC Rule 17a-4, as well as any applicable laws in states where you have a business presence. Emphasize the penalties resulting from not following a compliant records management strategy.
  • Leave no stone unturned. Take a multipronged approach to training, choosing the methods and timing that best fit your needs. On-the-job training may work in some environments, while online options and/or onsite training days are better for others.

4. Always follow through. RIM training never stops. Keep an eye on your program’s progress, and make adjustments as needed.

  • Monitor and enforce. Track employee habits to see if they’re sticking to the program. To be taken seriously, policies must have teeth; explain the consequences of failing to follow the rules, and then follow through. Otherwise regulators may do it for you. FINRA recently suspended a broker for advocating stocks in Twitter® posts without the knowledge of her company (oh, and also for not disclosing that she had an interest in those investments). And the SEC has also accused an adviser of posting fictitious stocks with a LinkedIn® account.
  • Don’t be afraid to retrain. Be prepared to do it all again as regulations, business practices and data sources change.

A trusted partner can help ramp up your training game and fill in the pieces of your RIM strategy—from indexing to storage to secure document destruction—that you may not be able to provide on your own. Your partner can also serve as an extra resource in corralling those MacGyvers onto the straight and narrow path.

Iron Mountain Recommends: Tame Your Social Media Mavericks

Tweets, blogs and social media sites are here to stay, and with good reason: They’re valuable means of soliciting and engaging clients. They’re also a nightmare for compliance and branding gurus.

Wall Street firms that used to routinely bar employees from tweeting and other social media messaging are reluctantly removing those obstacles. To avoid any calamities, however, many firms are setting clear social media usage guidelines. According to the New York Times DealBook, one bank requires its branding and compliance departments to approve an investment banker’s Twitter posts. Another bank offers mortgage consultants a database of preapproved content and encourages them to personalize their messages to homeowners. 

To get the most out of social media while keeping the rogues in line, consider teaming with a trusted records information partner that:

  • Archives tweets, posts and blogs. According to FINRA, the archive is at the heart of compliance. A partner can help you store social media content in discoverable formats, which FINRA says is key to reconstructing full threads of conversations.
  • Keeps abreast of regulatory changes. Regulations shift as the political climate, business objectives and technology change. An informed partner ensures that your archived information remains compliant, and can recommend adjustments to your information management strategy accordingly.
  • Indexes and tracks everything. By tagging and tracking social media content, your partner ensures that you can access it quickly when a regulatory or legal counsel comes to call.
  • Maintains retention and destruction schedules. A partner can help you develop retention schedules to meet regulatory requirements. By keeping you on track to destroy social media content you are no longer required to keep, a partner can reduce your discovery liability.

Do you have questions about information management? Read additional Knowledge Center Small Business resources, or contact Iron Mountain’s Small Business team. You’ll be connected with a knowledgeable product and services Small Business specialist who can address your specific challenges.

Related Content:

Say Goodbye to DIY Records Management

Disaster Recovery Best Practices: Finding Shelter From the Storm

Should You Appoint an IG Director to Lasso Renegade Records?