Taming the Beast: Planning for Effective Electronic Records Management
In sharp contrast to optimistic forecasts that imaging and computer technology would rid your bank of the ‘’Paper Beast”, computers seem to have exacerbated the problem, as we now are sending, receiving and storing information electronically and still printing lots of copies. And the extension of this now has grown to hand held devices that are used by bank personnel with the ability to create, relay, and store bank record information from the hip. Yes, it appears that documented information is still growing at viral rates and can still appear to be out of control.
Even though we may be able to live with the mess, at some point you’ll need to get your hands on one of these documents. How long would it take to find a copy of that accounts receivable report from last April? Where would you look if a court or the IRS demanded those critical loan or UCC filing documents from five years ago? Where is the spreadsheet that was created on your smart phone and sent to the secretary for board review, and the action taken now needs to enter the corporate records for permanent retention?
Chances are you’ll need all of it someday to help recall (or defend) decisions or actions. But even as technology evolves and improves, the “Beast” still seems to exist and we are constantly challenged to corral it. In fact, there is general agreement today that the volume of electronic information greatly exceeds the volume of information kept in paper format. Unfortunately, the processes around the technology have not progressed as quickly.
Today we have tools to easily convert documents to convenient image formats. Yet even these tools are often implemented without ever addressing related policies and best practices.
Furthermore, a recent surveys show that more than 90 percent of all documents produced since 1999 are now in electronic format, not to mention all the email messages, instant messages, blogs, chat room transcripts, databases, deleted documents and web browser files that we are also constantly storing, just to name a few.
As we continue to add so many more sources that will require the appropriate processes to maintain storage, retention and retrieval, the question becomes: where does it begin, where does it end, and what happens in between?
To be truly useful, these assets must be properly stored into a common, yet secure, referencible state with the integrity of backup, encryption and indexing/cataloguing. Without critical guidelines and practices, many banks are missing the keys to more effectively store and manage their records. How can such information be effective without these very critical and necessary components?
Best practices and policies must incorporate these new attributes so staff understand their responsibilities and obligations and do not bypass them.
They should be reviewed annually and a risk analysis performed to ensure proper mitigation by management for upcoming examinations.
Past examinations were focused only on direct records that involve customer information. Today exams include aspects of additional record items that can contain critical and pertinent information, and social networking components.
Potential items to include in a plan are:
- Internet browser information (cache files, cookies, download records);
- Word processing documents, spreadsheet, presentations;
- Instant messaging/chat records;
- Electronic calendars;
- Text messages;
- Chat room/bulletin board postings.
Proper training can also ensure that all bank staff and management are regularly aware of the other forms of record and information that can contain information that should be regarded as private and may be required in future litigation. The weakest link will be the person who does not understand or ask questions. Things to remember:
- Constantly review your records management to be aware of what you have today and what can be expected and created tomorrow
- As technology advances, the Beast continues to grow. Bankers need to be aware of all the many caches of information and records among their staff and organization.
- Best practices and policies need to be reviewed on a scheduled basis and appropriate risk analysis be performed and maintained.
- Train, train more, and train again on a scheduled basis to refresh both new and existing staff.
Robert R. Ross is former CSO and Senior Vice President of Network/Technical Services at Hutchinson, Kansas-based DCI (www.datacenterinc.com), a nationwide provider advanced core processing and technology solutions to the banking industry. For more information, visit www.datacenterinc.com or call 620.694.6800.