Data Management

07:30 AM
Andrew Waxman
Andrew Waxman
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

The Discipline of Information Lifecycle Management

Banks need to build discipline around the information lifecycle and the process of deleting data that is no longer required from a legal or business standpoint.

Much is made of big data and its potential to solve big business problems. The huge increase in data that is created every year by firms and their employees also creates big challenges, due to both the cost of maintaining large volumes of data as well as the operational risks associated with the retention and deletion of that data. Here we look at how the problem manifests itself and what some banks are doing to address the issue.

To put the cost issue into context, over 90% of the world’s data was created in the last two years. Most experts in this area believe that for most organizations, the volume of data will double every two years. Now of course the unit costs of storing data have seen some significant declines due to technology and business process advancements in recent years. But even with that decline, the cost of storing data consumed about 10% of the typical IT budget in 2011.

As well as the cost problem, there is also significant operational risk associated with this increase in data. Banks have faced increases in litigation from investors and state and federal regulators over the past decade. That has been coupled with a general increase in regulatory curiosity, as evidenced by the increase in examinations visited upon banks on a routine and extraordinary basis, mortgages, LIBOR, and FX, to name a few of the more recent examples. Careful risk management is needed to address two related aspects of the parallel increase in data and litigation. First, banks have to manage the process carefully by which data and evidence required by litigants and regulators is retained and collected. Second, banks have to review their stored data in relation to legal and business criticality retention requirements.

Whatever data then that does not need to be retained, should, as a general rule, be considered for deletion, and banks can save money and reduce risk accordingly. Most, however, have failed to dispose of unnecessary data accumulated over the last decade and have excess applications, data, back-ups, and tapes that no longer have any utility, but which will add cost and risk. The deletion of old data must be legitimate of course, and it can be if it is managed within a published archive and deletion schedule. Email deleted within that context of a broader policy framework can be legitimately defended. Without such a framework, deletion of email can appear suspicious and difficult to defend against.

Data retention, litigation, and e-discovery
When lawyers set out on the process of litigating a case only a few decades ago, before email was invented, the process was very different than today. Then the process of identifying and collecting evidence was a matter of combing through physical documents. Today, while the volume of documents to review has gone up considerably, the process of mining documents for relevant information is far easier. This is due to technology and computer keyword search techniques used to identify the relevant data and information. There are, however, still many obstacles to making the process efficient and fail-safe.

First, once a new case has been brought, there needs to be a process for ensuring that all related information and data is put on hold (i.e., not deleted), requiring individuals who are involved to, for example, retain email and any relevant data. The process also requires that such individuals confirm receipt of the hold request and that they comply with its requirements. For a large and complex company, this can be challenging, because it is not always clear who is a party to an action.

People leave. New people arrive and computer hardware gets replaced. It becomes hard to keep track. Second, data needs to be identified that is relevant and then retained until the case is closed, which again, is a fact that needs to be tracked and then acted upon at the appropriate time. That is far from straightforward and furthermore its continued retention can pose additional risk by making it subject to litigation where it need not have been (for banks that have retained data that could have been deleted from a legal and business perspective).

What should banks be doing to address the costs and risks associated with storing data? To start, deploying and managing a document management system effectively enables companies to keep track and control over different versions of a document. Knowing which is the final executed version of, say an investment banking engagement letter achieves two things: First, it enables the firm to discard redundant versions of documents and to save on time spent trying to find the final document. Second, it enables the firm to fight any claims against it more effectively.

In addition, banks need to build discipline around the information lifecycle and the process of deleting data that is no longer required from a legal and business standpoint. This is more complex than it sounds since different types of documents are subject to different legal and regulatory retention requirements. Given this complexity, it behooves banks to ensure they have access to an authoritative source of laws and regulations for each country they do business in and link their retention schedules to that legal and regulatory framework. Such a link should be clearly documented and traceable within a database that is internal to the bank. This process known as “defensible disposal” can help to ensure that banks can justify their data deletions to regulators, judges, litigants, etc.

Lastly, banks should consider tools to support the e-discovery process and its associated workflows, for example, by: automating the process of notifying the custodians of the data that is subject to legal hold, automating their confirmations that they will abide by the request, and automating the process of identifying and retaining the data that is associating with the case.

Deploying these various tools and techniques inked to information lifecycle governance will help both reduce costs and operational risk exposure. Like the adoption of any tools and processes that involve change, this is hard to do, but in the long run it should pay off for the far-seeing leaders in the industry.

 

Andrew Waxman writes on operational risk in capital markets and financial services. Andrew is a consultant in IBM's US financial risk services and compliance group. The views expressed her are those of his own. As an operational risk manager, Andrew has worked at some of the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
7/1/2014 | 9:52:04 AM
Battling the "Keep Everything" mindset
We are all guilty of this to some extent, but most people tend to keep more data than they should just in case they find some use for it in the future. Chances are, most emails and documents that you haven't looked at in 5 or 10 years are worthless, but we keep them anyway. Outside of retention that is required by law, how can firms battle the 'keep everything' mindset?
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
7/1/2014 | 11:01:00 AM
Re: Battling the "Keep Everything" mindset
I am the worst offender of holding onto everything and never looking at it again.  In the corporate world, holding onto data and documents can expose a firm to legal risks. We've heard of hedge funds that don't use emails because it could be used as evidence in a eDiscovery for a case.  Organizing data is very important because there also needs to be a deletion schedule. Based on Andrew's advice, financial firms need to track and manage every document through a document management system. If a legal case arises, they are required to retain documents. By using key word searches and indexing they can relate each piece of information to a specific legal case.

 
KBurger
50%
50%
KBurger,
User Rank: Author
7/1/2014 | 12:31:03 PM
Re: Battling the "Keep Everything" mindset
Ivy, I still had a few rolodexes until a few years ago! And I'd probably still have them if we hadn't moved to an office with VERY limited space for storage and files. In fact, I'd wager that real estate considerations often for the issues around storage and retention. There's a tendency to keep what the file cabinet/s will hold. I suspect that cost considerations will continue to force financial services firms to look at their real estate very carefully and look for ways to occupy increasingly smaller footprints. People will scream but it will force some serious decisions around storage. Also, as people become more accustomed as consumers to cloud-based storage, they may expect to have that capability at work. But IT, legal, compliance, security et al will have to overcome some major concerns on that front.
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
7/1/2014 | 1:15:28 PM
Re: Battling the "Keep Everything" mindset
Kathy,  I agree metal file cabinets are definitely on their way to extinction in the modern office. While individual workers can choose cloud-based storage, this can pose a problem for regulated FSIs.  In financial services, I think most of these documents are stored in electronic format because they need to be searched for key words and available to regulators on demand. This is really part of the big data problem of organizing, filtering, tagging and discarding information.
KBurger
50%
50%
KBurger,
User Rank: Author
7/1/2014 | 1:26:34 PM
Re: Battling the "Keep Everything" mindset
Ah, yes, it always comes back to compliance!
More Commentary
Shore Up Cyber Security Now
Knowing that a data breach can and will happen at some point, asset management firms can manage new operational and regulatory risk with a layered approach to cyber security.
Is Big Data a Problem or an Opportunity?
When it comes to data, financial services firms are, as a rule, quite circumspect. They fear cyberattacks, data theft, data loss, security breaches, data privacy, and human error.
Data Integrity: A Necessity, Not an Option
Financial institutions that have taken on the data integrity task in the past now have to spend more money on hardware, software, and people just to keep up with the demand.
What Colombia’s New IT Campaign Means for Latin American Tech Investment
Colombia’s campaign is the latest example of how Latin America is trying to edge into the global technology space.
Initial Margin: When Does More Turn Out to Be Less?
Changing margin regulations are set to affect the OTC derivative market, including initial margin risk models for non-cleared OTCs.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
5 Things to Look For Before Accepting Terms & Conditions
5 Things to Look For Before Accepting Terms & Conditions
Is your corporate data at risk? Before uploading sensitive information to cloud services be sure to review these terms.