Transcript Document 7385468

Records Management
Benchmarking:
Choosing a
Standard
Presentation by Martin Bradley
The Compliance Environment
In a January 2005 survey of 1,300 chief
executives, the threat posed to business
growth prospects by overregulation
topped the list of concerns - for the
second consecutive year*
*PricewaterhouseCoopers' 8th Global CEO Survey: Bold
Ambitions, Careful Choices
The Regulations
• Basel II
• Sarbanes-Oxley
• MiFID
Basel II
Requires allocations of capital to be
made to cover credit, market and
operational risk, and oblige
internationally active banks (and other
financial firms in the EU) to make
detailed calculations on all transactions
and on actual or potential risk incidents.
Sarbanes-Oxley
Requires companies and their auditors
to assure the public that their accounts
are accurate, have not and cannot be
tampered with and that all incidents
that may impact the accounts are being
reported
Basel II / SOX Records
Management Requirements
•Governance
•Record keeping
•Risk management
•Documentation
MiFID
•Part of move towards a pan-EU transparent market in
instruments
• Focuses on the interactions between investment firms
and their professional clients
•Replaces the Investment Services Directive (ISD), which
has been in effect since 1995
•Part of EU Financial Services Action Plan, designed to
produce a single European market in financial services
and to harmonise regulations for all EU firms as well as
foreign firms operating inside EU
What do MiFID / Basel II / SOX
have in common?
All require risk techniques to achieve
their ends. To achieve their risk
measurement and assessment
controls they need core data and, in all
cases, this is provided by transaction
data, recorded incidents and
documented processes
In other words…
Good
Records Management
Records Management Statistics
• Offices worldwide used 43% more paper in 2002
than they did in 1999
• The average organisation makes 19 copies of
each document, loses 1 out of every 20
documents and office workers can each spend
400 hours per year looking for lost files.
• Between 1% & 5% of all documents are misfiled
• When e-mail is introduced into an office, the
percentage of printed documents increases by 40
per cent.
Incidence of having written
document policy*
Sector
Total
%
Finance
IT
Professional
Services
Public
Sector
62
60
38
40
Yes
44
63
88
No
56
37
12
*Drury Research
Document Disposal when
legal retention period is
uncertain*
Store it indefinitely
53%
Ask advice on how documents
29%
should be stored
Store it for a year
1%
Dispose of it anyway
1%
Dispose of it when think its appropriate
1%
Other
Don’t know
14%
1%
*Drury Research
What is a Record?
• Information created, received and
maintained as evidence and information by
an organisation or person, in pursuance of
legal obligations or in the transaction of
business – ISO 15489
• Format and Medium not primary issue:
Identify what are Records and include them
in Records Management Policy
Records Management Policy
• Assigns responsibility
• Covers all records
• Identifies Records at creation and follows their
life-cycle
• Sets out Retention Periods
• Ensures Security and Business Continuity
• Enables legal destruction of listed records
Creating a Records
Management Policy
•
•
•
•
•
Survey and List all Records
Create File Series Taxonomy
Decide on Retention Periods
Assign Responsibility
Index and reference records – create
metadata
• Electronic Records mirror Hard Copy
• Accreditation and Audit
Choosing a Standard
• ISO 15489 – Records Management
Standard
• BIP 0008 – Admissibility of E-Records
• BSI PD 5000 – Admissibility of Emails
• MOREQ/MOREQ II
• ANSI/ARMA 5-2003 – Vital Records
Protection
ISO 15489
•European Standard
•Flexible
•Best International Practice
•Certification available
Benefits
•
•
•
•
•
Legal compliance
Administrative efficiency
Public Perception - ISO Accreditation
Cost savings – manpower and storage
Business continuity through Vital
Records
Further Reading
•
•
•
•
•
Archives Ireland: www.archives.ie
NSAI: www.nsai.ie
BSI: www.bsi-global.com
ISO: www.iso.org
ARMA: www.arma.org