Information Governance in Financial Services
In this new era of risk management, the most successful financial services firms are those proactively managing the information, applications and policies that drive their business. From the first customer contact to the last back-office process, having 360-degree oversight makes the difference between a system with the basic mechanics and one that works effectively for the entire enterprise.
To effectively fulfill a firm’s various business obligations requires an integrated, comprehensive approach that facilitates proactive compliance, e-discovery and audit preparedness. The solution should also serve the needs of all business users including IT, legal and compliance staff to provide fast and accurate access to information whenever it is needed.
Email—the most relied upon and risk-laden communication tool. Two of the highest priorities for implementation of enterprise best practices are email and records management. With email recognized as the de facto mission-critical application driving financial institutions, any instance of loss or mismanagement can become a serious and expensive issue. Government regulations and requirements for discovery and audit all point to the necessity of properly archived and searchable email to help ensure business continuity. Without 24/7 accessibility and appropriate supervisory controls, e-discovery and audit preparedness become flawed processes that could cost the organization thousands, if not millions of dollars in fines and damaged reputation.
Records—the lifeblood of the organization. Effective records management also poses a formidable business challenge. With enterprise content expanding past capacity and corporate governance and compliance violations making headlines, a comprehensive records management solution can help organizations manage, control and discover information enterprisewide.
For the greatest level of agility, records should be managed in their native location to minimize business disruption. Using a federated approach, firms can effectively manage content in disparate repositories "in place" while centrally enforcing record-keeping policies on the distributed content to ensure consistency.
Data growth poses its own risks. When formulating a best practice, organizations must consider that data is growing at an explosive rate. This overload of business content complicates data and storage management in mission-critical, compliance-driven environments. Recent industry analyst reports show that although IT budgets are increasing by approximately 6% a year, the amount of data being managed is growing by 50% to 70% or more. An effective strategy will be one that ensures comprehensive discovery, supervision and mailbox management while integrating robust and proactive retention management capabilities to eliminate content when it is no longer a necessity to retain it and legally appropriate to do so.
Addressing governance, risk and compliance. To meet governance, risk and compliance challenges across the organization, a holistic enterprise approach should improve visibility of information, increase efficiencies, reduce costs and implement an on-going process to monitor investments and controls. In a recent speech at Compliance Week 2007 concerning how companies must adhere to the newly updated Federal Rules of Civil Procedure, Judge Lee Rosenthal, chair of the Civil Rules Advisory Committee, stated, "The new rules require increased planning, preparation and management at a level of detail that is much greater than was true for conventional discovery." In addition, Judge Rosenthal asserted that organizations should have written, carefully thought-out data retention and destruction policies and procedures to meet the new guidelines.
Even with these challenges and recommendations spelled out, many organizations make the mistake of focusing on passing audits and achieving compliance for specific guidelines and governing bodies. While this approach addresses immediate needs, it isn’t a long-term strategy. It can also lead to duplicated efforts and failure to adequately correlate risk management with organizational control. Moreover, it defines results of a controls program based on a specific moment, such as the result of the assessment/test, and creates a situation where cyclical and manual maintenance are the norm.
Comprehensive and integrated solutions. To address the information governance challenges discussed here, take a two-pronged approach. First, consider implementing a comprehensive email management solution that integrates discovery, supervision, archiving and records management. These robust features can help firms reduce the risk of non-compliance and the overall cost of discovery. Features to look for include automated capture, declaration, analytics and email supervision. By facilitating information governance for proactive compliance, an organization can not only ensure e-Discovery preparedness but cost-effectively manage a messaging environment for maximum efficiency and productivity.
Secondly, choose a solution that offers federated records management to maximize efficiency and reduce costs associated with growing volumes of information. The optimal solution should manage all content—including physical, electronic and email records—using one centralized console. Additionally, a federated records management approach enables the management of distributed content for comprehensive compliance and knowledge sharing. Further benefits include reduced administrative redundancy, records lifecycle management and convenient and automated records declaration.
CA is one of the world’s largest IT management software providers, delivering software and expertise to unify and simplify complex IT environments in a secure way across the enterprise for greater business results. CA Information Governance provides records management, email management, file management and discovery solutions to help clients proactively reduce risk, improve information governance and respond effectively to eDiscovery and audits—with minimal disruption to the business—lowering cost, improving returns, and promoting business agility.