RIM And IG — A Needed Combination For Financial Services and Insurance Organizations

Download PDF

Records and Information Management professionals are not unlike any other professional group; we deliver specific services to our respective organizations, one of which is to safeguard information for our companies and our clients. While this is true for all of us, it is especially critical for those working in financial services and insurance, where more and more scrutiny is placed on information protection.

Do you ever wonder how your program stacks up against others in the industry? Like many Records and Information Management (RIM) professionals, are you looking for peer comparisons and proven practices? This year, financial services and insurance RIM and Information Governance (IG) professionals have a new window into what others in their industry are doing. Earlier this year, Iron Mountain underwrote the Cohasset Information Governance Benchmarking Survey report with input from ARMA and AIIM. We are now releasing a version of the Benchmarking Survey report specific to the responses from the financial services and insurance Industries.

The 2013 – 2014 Information Governance Benchmarking Survey for the Financial Services and Insurance Industries examines the survey responses of more than 200 professionals to provide benchmarking metrics on information lifecycle practices. It also compares financial services and insurance to the findings of all 1,400 people who took the survey, irrespective of industry, to give an indication of the maturity of IG in your industry. In this companion paper, we provide recommendations for modernizing IG in your industry so that you can formulate internal action plans and develop communications about your program’s strengths and opportunities, with facts to support your strategy.


This brief is a companion piece to the 2013 – 2014 Information Governance Benchmarking Survey for the Financial Services and Insurance Industries. It expands on Iron Mountain’s view of the four major drivers for strengthening financial services and insurance RIM/IG. It also incorporates financial services and insurance industry trends along with the challenges and opportunities that these present.

Iron Mountain provides services and solutions to 45 of the 46 insurers listed on the Fortune 500 as well as 48 of the top-ranked 50 banks in the United States and have over 2,400 financial services customers worldwide. We share our experience working with them as a trusted advisor as it relates to the findings in this brief.

Industrial Driver 1 : Financial Services And Insurance Are Ahead Of Other Industries When It Comes To Creating And Implementing Retention Schedules But Still Have More Than The Average Number Of Classes Or Categories.

96% of respondents for both financial services and insurance mostly or strongly agree that they have a RIM program with an approved retention schedule in place. This is more than the overall average of all respondents.

Of the respondents, both financial services and insurance were above the overall average for having updated retention schedules within the last three years.

Financial services and insurance were above the overall average for having a retention schedule that is clear and easy to understand.

Industry Insights:

Almost all respondents agreed that their institution could benefit from reviewing their retention schedules. Still, the priority for the type of review and enhancement varies. The top three improvements that our respondents indicated they needed the most were as follows:

  • Uniformity across business operations
  • Fewer categories
  • Fewer event-based/conditional retention periods

Too Many Retention Categories:

Despite the high occurrence of retention schedule updates, nearly 40% of both financial services and insurance respondents reported that the current retention schedule contains between 250 and 500 or more retention categories. Most industries strive for 100 categories, or less, to facilitate the management of electronic records.


Having a robust and effective RIM program does not guarantee that it is optimal. It should come as no surprise that information is being retained for longer than it needs to be. Only 28% of respondents strongly agree that they are doing a better job of routine disposition than they did 3 years ago. And 77% of respondents from both financial services and insurance agree that over-preservation of information occurs due to how legal holds are written or applied.

Legal holds have often been the proverbial speed bump (or even complete roadblock) in routine destruction of eligible information. However, as more and more RIM programs are reporting to the legal and compliance areas, we may see improvements in more targeted than blanket legal holds along with more timely releases.

Industrial Driver 2 : Building A Strong IG Program Depends Greatly On Who The RIM Group Reports To.

A distinct difference is demonstrated between financial services and insurance when it comes to where in the enterprise organization the RIM function reports. Nearly half of all insurance company respondents report into the compliance or legal teams while financial services are more in line with other industries with only 29% reporting to these areas. As legal and compliance are more in tune with the fundamentals of IG, such as accountability and metrics, insurance companies may have an advantage in implementing IG controls sooner than others. However, more financial services RIM teams report to IT than any other industry. This may give them an advantage when managing the variety, volume, and velocity of electronic content.

Legal Compliance/Reg Affairs
Financial Services 22% 7%
Insurance 27% 22%
All Organisations 21% 7%

Nearly half of all insurance respondents indicate that they now report to either the legal and/or compliance groups — 20 and 21 points higher than financial services and all organizations, respectively.

24% of the financial services respondents indicate that they report to information technology, which is 6 points higher than all organizations and 12 points higher than insurance.

Regardless of the reporting structure, it takes a village to implement and sustain an IG program. More than 80% of the financial services and insurance survey respondents affirm active engagement and support in their organizations from most key stakeholders.

Compliance/Regulatory Affairs:

  • Financial Services – 91%
  • Insurance – 96%
  • All Organizations – 87%

Privacy and Data Protection:

  • Financial Services – 88%
  • Insurance – 92%
  • All Organizations – 86%


  • Financial Services – 87%
  • Insurance – 86%
  • All Organizations – 83%

Risk Management:

  • Financial Services – 82%
  • Insurance – 83%
  • All organizations – 77%

Industry Insights

A strong IG program leverages active engagement across the enterprise. Much depends on the members selected to sit on the IG council who need to come to consensus about the management of information across the enterprise to mitigate risk, contain costs, and extract value.

While the trend over the past five years has seen RIM reporting up through the legal and/or compliance function, many financial services and insurance companies have moved their programs to the information technology areas. Whether legal/compliance or IT, it is clear that more and more RIM programs are moving out of the tactical facilities and administrative services areas and into more strategic and compliance areas.

Industrial Driver 3 : We Have Moved Into The Age Of Information Governance, And It Is Everyone’s Job.

While overall the respondents from the financial services and insurance industries indicated a slightly higher average than all organizations when it comes to having a mature or improving governance structure, insurance eclipsed financial services in terms of level of maturity although the latter is working hard to improve that.

56% of all organizations indicated a mature (19%) or improving (37%) governance structure.

58% of financial services respondents indicated a mature (19%) or improving (37%) governance structure.

62% of insurance respondents indicated a mature (32%) or improving (30%) governance structure.

The following disciplines are reported by both industries to be strong advocates of IG:

  • Compliance/regulatory affairs: Financial Services (91%) | Insurance (96%)
  • Privacy and data protection: Financial Services (88%) | Insurance (92%)
  • Legal: Financial Services (87%) | Insurance (86%)
  • Risk management: Financial Services (82%) | Insurance (83%)

Safeguarding Information

Financial services and insurance respondents assign the highest “mature” ranking to the protection of private, confidential, and sensitive information:
Financial Services: 59% Mature
Insurance: 73% Mature


Maturity results were decidedly lower when it came to ranking integrating RIM compliance terms with service provider contracts:
Financial Services: 17% Mature
Insurance: 20% Mature

Recommendations From Your Peers

Peers from the industry ranked the maturity of their RIM program with three specific IG disciplines:

  • RIM integration with other IG disciplines
  • Protection of private, confidential, and sensitive information
  • RIM compliance terms added to service provider contracts <

As seen in the Practical Guide to Information Governance for Financial Services, the next step in the evolution of your IG programs will need to focus (or continue to focus) on ensuring alignment between the RIM team and all other business areas that create and rely on information to function.

Industrial Driver 4 : Benchmarking For Electronic Information.

More than half of all respondents from the financial services and insurance industries indicate that their companies have at least partially automated the destruction of email, instant messages, and other electronic communications.

Results were better than the overall average when asked if their companies had a fully or partially automated process for the destruction of electronic media, such as email and instant messages.

As expected, the numbers are dramatically less for voicemails and social media content. When asked if a fully or partially automated process was in place for the disposition of voicemail communications, less than 20% of both financial services and insurance companies have partially automated the disposition of their social media content. Every industry, including financial services and insurance must continue to make strides in this area. As new technologies emerge, each industry will need to determine how policies and procedures will be affected.

Unstructured Content

While all industries struggle with their unstructured content, information stored on platforms such as ECRMs, SharePoint® sites, shared drives, desktops, or mobile devices poses a significant risk to both financial services and Insurance companies.

Electronic content/document management (ECRM)
Financial Services – 9% fully automated & 35% partially automated
Insurance – 8% fully automated & 38% partially automated

Collaboration tools (e.g., project sites, SharePoint)
Financial Services – 8% fully automated & 19% partially automated
Insurance – 6% fully automated & 24% partially automated

Network files (e.g., shared drives, file shares)
Financial Services – 8% fully automated & 16% partially automated
Insurance – 1% fully automated & 15% partially automated

Desktop/laptop (e.g., C: drive)
Financial Services – 5% fully automated & 14% partially automated
Insurance – 0% fully automated & 7% partially automated

Mobile devices (e.g., smart phones, tablets)
Financial Services – 8% fully automated & 12% partially automated
Insurance – 5% fully automated & 10% partially automated

As organizations grow, technologies continue to produce new content that your IG program will need to consider. As we see from the results of the questions regarding unstructured content, the majority of respondents indicate that virtually no process is in place to automate the disposition of critical information. One of the first responsibilities of an Information Governance Council is to identify the gaps and risks associated with all types of information and to institute a plan of accountable action.

In this age of “doing more with less,” financial services and insurance companies do not need to “boil the ocean.” Focused planning, implementation, measurement, and reporting of RIM initiatives and successes will help to get you to where you want to be.


Looking at the entire Cohasset 2013 – 2014 Information Governance Benchmarking Survey for the Financial Services and Insurance Industries, we continue to see the progress both industries have made in creating IG programs that will guide their enterprise information lifecycle management into the future. This commentary identifies only a handful of drivers that will continue to push RIM programs into prominence in the coming years. As RIM programs become more closely aligned with legal/ compliance and IT, the importance of having an Information Governance Council with the appropriate senior executive support and leadership will be critical. This is especially true if institutions are to continue the momentum in building information management best practices for mitigating risk, containing costs, and extracting value.

In this age of “doing more with less,” financial services and insurance companies do not need to “boil the ocean.” Focused planning, implementation, assigned accountability, measurement, and reporting of RIM initiatives and successes will help get you to where you want to be. Using information and insights from peers as well as guidance and support from internal and external partners will help support you on your journey.

Iron Mountain Authors

Jeff Picozzi
Senior Product Solutions Marketing Manager at Iron Mountain
At Iron Mountain, Jeff focuses on the financial services and insurance industries. Prior to joining Iron Mountain, he was responsible for product marketing for Wolters Kluwer Financial Services. He previously worked for Bank of America and SunLife Financial US. Jeff holds a BA from the University of Maine as well as a MA from the University of Massachusetts.
Follow Jeff on Twitter @jpicozzi

Sue Trombley
Managing Director of Thought Leadership at Iron Mountain
Sue has more than 25 years of information governance consulting experience. She previously led Iron Mountain’s Consulting group. Sue sits on the AIIM Board, the University of Texas at Austin — The School of Information Advisory Council, and is President of the Boston ARMA chapter. She holds a Master’s degree in Library and Information Science and recently was certified as an Information Government Professional.
Follow Sue on Twitter @sue_trombley