FinTechSystemsAn Effective Information Management Strategy

An Effective Information Management Strategy

In financial services and indeed most of the nation’s industry sectors, e-mail is now the de-facto standard for communication between employees and many corporate customers. According to IT market research company IDC, 35 billion e-mail messages are currently generated every business day; a dramatic increase from 10 billion e-mail messages daily five years ago. Alongside e-mail, instant messaging (IM) has rapidly become an equally important communication tool, particularly in certain domains of financial services, such as the capital markets, where real-time information is at a premium.

At the same time, the business community is faced with an increasing tide of information-related legislation, from international regulations such as Sarbanes Oxley, national laws such as the Data Protection Act (DPA) and sector-specific guidelines from regulators such as the UK’s Financial Services Authority (FSA). Most IT and compliance officers are now aware of the tremendous risk and litigation exposure that electronic documents pose to the business; yet many companies are floundering when it comes to defining an information management strategy that dictates to all departments how information should be treated and stored.

Generally, few companies are paying sufficient attention to e-mail within this strategy, and IM ranks even lower on their list of information risks. But taking the example of the capital markets, messages over and above formal trade processing need to be captured and archived so that when a problem occurs the institution concerned can immediately offer audit trail evidence to the regulatory authorities and potentially apportion blame away from the organisation, whether rogue trader or counterparty.

Importance of E-mail and IM

Firstly, let us highlight the importance of incorporating e-mails and IM within a document preservation strategy. Put simply, e-mails are business records. An e-mail can be issued by anyone in an organisation and as soon as it is sent, it is subject to the same audit and compliance standards as other business records such as invoices. Most regulations now encompass e-mail customer communications, but this is also interpreted to include internal corporate e-mails. As electronic documents they are now admissible as civil evidence, e-mails have become one of the most important discovery requests in corporate lawsuits. Merrill Lynch, for instance, took a serious blow to its reputation when damaging contents of e-mails were highlighted during a legal dispute; Andersen and CSFB have both had e-mails used as court evidence; and, in December 2004, five leading broker-dealers in the US were fined a total of $8.25m for breaching record retention requirements for e-mail.

Strategic Foundations

It has become a crucial business challenge to understand and prioritise data retention requirements, while at the same time containing cost and boosting operational efficiency. E-mail and IM must not be isolated from this process. The reality is that it is not necessary for all communications to be stored – in other words, a positive document destruction policy forms an integral part of any information management strategy – but a company must fully understand what it does need to keep. Steps must be made to classify e-mails according to their importance. Once business rules have been defined, important e-mails can then be moved from personal e-mail boxes and managed centrally as other business records; and insignificant e-mails can be managed within each individual’s mailbox and only kept for as long as required before being deleted. A properly defined information management strategy then forms the foundations for decisions regarding supportive technology and storage media.

Practical Solutions

In-house corporate e-mail server: The first question that many companies ask is whether it is sufficient to simply save all e-mails using their corporate e-mail server, ensuring that their in-house IT department is backing them up regularly. This usually requires further capacity to be added to the existing storage infrastructure. When relying exclusively on in-house back-up systems, companies must take measures to maximise ‘uptime’ – ensuring that their storage devices are covered by comprehensive, round-the-clock technical support and replacement services in case of hardware failure. Many storage equipment manufacturers now leverage the service network of a specialist third-party to provide support services.

However, the problem with the corporate mail server is that it does not actually save all e-mails. If a back-up is done at night, an e-mail that is sent and deleted during the same day will not be backed up. In addition, there is an increased retrieval difficulty and potential performance problems for mail servers that are incorrectly configured. Furthermore, if backups are done at the mail server, they are backed up in a proprietary format and restoring a single e-mail or group of mails is challenging.

Practically speaking, the very nature of ‘raw’ backup can become a nightmare in terms of time and cost when it comes to retrieval of specific documents by name, subject, date, and to/from address. From a corporate perspective, though, such a standard backup procedure is attractive because it is inexpensive, and does a reasonable job in capturing documents.

In-house dedicated e-mail archive server: These solutions are dedicated to handling this task and provide a managed way of tackling the problem. They require server and storage hardware and software along with regular systems management. However, they do work and can be the rescue mechanism needed when the regulator calls.

Hosted, online solutions: Traditionally, the in-house options described above have also been favoured because companies are perceived as retaining close control over their own assets. However, as e-mails have become legal documents, third-party e-mail archive solutions to ensure regulatory compliance is also an option. For example, although records in digital format now have the same evidential weight in court as faxes and photocopies, their authenticity as an original document itself still needs to be proven. With electronic records and technology becoming increasingly sophisticated, the British Standards Institute issued a code of practice on how to ‘maximise the evidential weight’ of e-documents (PD0008 – 1999), advising a set of very stringent, auditable security controls to be applied to the documents.

In practice, this can be difficult to implement to required standards in-house, and the specialist technical skills and built-in functionality of an outsourced solution can be appealing. For example, some firms have found it easier to prove high levels of evidential weight to regulators and courts when the e-mails are held by a third-party provider, with read-only access therefore removing them (largely) from the possibility of internal fraud or tampering.

Spreading Risk – The Role of Microfiche

As already noted, e-mail and IM lifecycle management is only just coming onto companies’ radars. The important principle is that both formats are actually no different to other documents in so far as it is sensible to spread the risk associated with long-term retention across a multi-format archive strategy. Despite the accessibility and security benefits of online, electronic solutions, particularly in financial services, the reality is that e-mails and IM may now have to be kept for many years and it is simply not cost-effective to keep them online for all this time. The solution is usually to choose at least two storage technologies – one digital and the other analogue.

Traditionally, microfiche is well recognised as one of the least expensive and yet most reliable long-term storage media; but its application for e-mail archiving is only just being recognised. Third-party service provision in this area is also adapting to changing market demand – for instance, outsourced microfiche conversion and retrieval services are now available, helping organisations meet long-term regulatory obligations cost-effectively. Although the microfiche stores are held off-site, requests for e-mail retrieval are filtered and then passed on to the third-party provider. Fiche copies or the scanned image of a fiche master record are then couriered or e-mailed back to the organisation.

Furthermore, microfiche is an ideal way of maximising evidential weight of e-mails, as it is unrivalled in retaining the integrity of the original document. As a non-technology dependant medium, microfiche also goes a long way to providing a foundation for business continuity and disaster recovery programmes.

Conclusion

E-mail and IM play a key role in a company’s information management strategy. Substantial fines have already been given out for non-compliance to legal requirements, so effective information management that incorporates both formats is a priority. There are varying procedures, systems and media for mitigating risk; such as in-house back-up; in-house managed e-mail archive solutions, hosted online archive solutions; and outsourced, managed microfiche services. Each option has benefits for different organisations – but an in-depth, structured understanding of an organisation’s electronic communications is critical to making appropriate decisions. Compliance must not be the only consideration; there are significant cost and operational benefits to be reaped from effective document management.

Comments are closed.

Subscribe to get your daily business insights

Whitepapers & Resources

2021 Transaction Banking Services Survey
Banking

2021 Transaction Banking Services Survey

2y
CGI Transaction Banking Survey 2020

CGI Transaction Banking Survey 2020

4y
TIS Sanction Screening Survey Report
Payments

TIS Sanction Screening Survey Report

5y
Enhancing your strategic position: Digitalization in Treasury
Payments

Enhancing your strategic position: Digitalization in Treasury

5y
Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation

5y