Automation. Collaboration. Integration. The Dodd-Frank Effect on Information Management Today’s Speakers: Katey Wood Jacquie Safran Analyst Director of Sales ESG Exterro, Inc. Shannon Smith John Isaza Paralegal Partner Rabobank Howett Isaza Law Group LLP
Today’s Speakers Shannon Smith Paralegal Rabobank Group Shannon Smith has worked as a paralegal in Rabobank Nederland, New York Branch’s Legal Department since 2005. Her role includes litigation support and she has been instrumental in implementing an e-discovery readiness program for the bank. Shannon received her BA from Hunter College in New York and will be attending law school in the fall.
Today’s Speakers John Isaza Partner Howett Isaza Law Group LLP John Isaza, Esq. is a California-based attorney and partner of Howett Isaza Law Group, LLP (HiL). Mr. Isaza is widely recognized as one of the country’s foremost experts on electronic information governance, records management, and e-discovery preparedness. His clients include some of the most highly regulated Fortune 500 companies. Prior to forming HiL, Mr. Isaza served as in-house General Counsel to a publicly traded medical device manufacturer now owned by Abbott Laboratories. At present, he is an active speaker in the ARMA, AIIM, ABA and IT compliance circuits. Mr. Isaza chaired the Chicago Program Committee for ARMA’s 2005 international conference; he is a member of ARMA’s Electronic Discovery Advisory Group and the GARP® Metrics Task Force and he has served on the Board of Directors of ARMA International. Mr. Isaza co- authored a book entitled 7 Steps for Legal Holds of ESI & Other Documents released in July 2009.
Today’s Speakers Katey Wood Analyst ESG Katey Wood joined ESG in 2011 covering Information Management, including e- discovery, enterprise search, content management, archiving, and records management. Prior to ESG, she covered e-discovery, enterprise search, information governance, and text analytics as an analyst at the 451 Group. She also worked previously on the rollout of New York State’s Statewide Access Child Welfare Information System (SACWIS), a Federally-funded data warehousing and BI initiative. Katey holds a double Masters in Information Systems and Library Science from Drexel University, and a BA from Wellesley College, and has studied at NYU’s Arthur L. Carter Institute of Journalism in Cultural Criticism and Reporting.
Today’s Speakers Jacquie Safran Director of Sales Exterro, Inc. Jacqueline Safran brings more than 12 years of sales and marketing experience, and nine years of experience focused on providing corporations and law firms with e-discovery and information management technology. Safran has successfully provided solutions covering every phase of the Electronic Discovery Reference Model, and excels in understanding organizations business needs and providing clients with technology that best meets their requirements.
Todays’ Agenda Overview of Dodd-Frank • Brief overview • Who is affected • Status of agency responses • Impact on non-financial companies Impact on Information Governance Policies • Establishing a strong information governance policy • A unified approach to mission critical functions New Record Keeping Requirements • Proposed CFTC rules • Creating an airtight retention and disposition policy Impact on Legal Holds • Trigger Events • Crafting a defensible legal hold
Dodd-Frank Act Overview Dodd-Frank Wall Street Reform and Consumer Protection Act: To promote the financial stability of the United States by improving accountability and transparency in the financial system, to end ‘too big to fail’, to protect the American taxpayer by ending bailouts, to protect consumers from abusive financial services practices, and for other purposes.
Status of Agency ResponsesSoft Metrics re: Recordkeeping and the Act:848- Page Document “Record” Mentioned “Recordkeeping” Only 1 supplemental 198 times mentioned 34 times comment * Earliest deadline for regulators is 7/11, so too early to tell * Supplemental comment provided by Federal Reserve (Official Staff Interpretation) • Reg Z, TILA, Part 226 • Nothing substantive re: recordkeeping
Status of Agency Responses Title I, focusing on financial stability, creates… • Financial Stability Oversight Council - tasked with oversight of non-bank financial companies • Office of Financial Research • Both given authority to promulgate regulations • No final rules reported at this time
Status of Agency Responses Title I tasks FDIC (the “Corporation”) as follows: • Unless otherwise required by applicable Federal law or court order, the Corporation may not, at any time, destroy any records that are subject to clause (i) [recordkeeping requirements]. • The terms ‘‘records’’ and ‘‘records of a covered financial company’’ mean any document, book, paper, map, photograph, microfiche, microfilm, computer or electronically-created record generated or maintained by the covered financial company in the course of and necessary to its transaction of business.
Status of Agency Responses Title II, focusing on Liquidations, provides for new recordkeeping requirements, and ostensibly tasks FDIC with coming up with more: • Agencies asked to jointly prescribe regulations requiring that financial companies maintain such records with respect to qualified financial contracts (including market valuations) • The Federal primary financial regulatory agencies shall prescribe joint final or interim final regulations not later than 24 months after the date of enactment of this Act. • No final rules reported at this time.
Status of Agency Responses Title III, delegates powers to: • Comptroller of the Currency • FDIC (the “Corporation”) • Federal Reserve’s Board of Governors Title IV, Regulates Advisers to Hedge Funds and Others No final rules reported at this time re: additional recordkeeping requirements, other than those mentioned in the Act
Status of Agency Responses Title V, focusing on insurance sector, creates: • Federal Insurance Office • Another prospect for later regulations • No final rules reported at this time
Status of Agency Responses Title VI, imposes improvements to Regulation of Banks and Savings Association Holding Companies and Depository Institutions • “Each supervised securities holding company and each affiliate of a supervised securities holding company shall make and keep for periods determined by the Board of Governors such records, furnish copies of such records, and make such reports, as the Board of Governors determines to be necessary or appropriate to carry out this section, to prevent evasions thereof, and to monitor compliance by the supervised securities holding company or affiliate with applicable provisions of law”• “AVAILABILITY—A supervised securities holding company or an affiliate of a supervised securities holding company shall promptly provide to the Board of Governors, at the request of the Board of Governors, any report...”• Availability is one of the GARP® Principles
Status of Agency Responses Title VII, Wall Street Transparency and Accountability: • “The Commodity Futures Trading Commission and the Securities and Exchange Commission, in consultation with the Board of Governors *Federal Reserve’s+, shall engage in joint rulemaking to jointly adopt a rule or rules governing books and records regarding security- based swap agreements, including daily trading records, for swap dealers, major swap participants, security- based swap dealers, and security-based swap participants.” • No additional “final” recordkeeping rules reported at this time
Status of Agency Responses Title IX, Investor Protections and amendments to securities regulations • Affecting 1933 and 1934 Acts, including Investment Advisers Act • No significant or apparent changes to length of retention requirements • However, broad authority to impose more retention and reporting requirements • No additional “final” recordkeeping rules reported at this time
Status of Agency Responses Title X, establishes Bureau of Consumer Financial Protection • The Bureau shall seek to implement and, where applicable, enforce Federal consumer financial law consistently for the purpose of ensuring that all consumers have access to markets for consumer financial products and services and that markets for consumer financial products and services are fair, transparent, and competitive • No final recordkeeping rules reported at this time
Status of Agency Responses Title XIV, calls for Mortgage Reform and Anti-Predatory Lending • Regulate loan originations • Minimum standards for mortgages • Regulates high cost mortgages • Establishes Office of Housing Council • Regulates mortgage servicing • Regulates appraisal activities • No final recordkeeping rules reported at this time
Status of Agency Responses Title XV, imposes: • Restrictions on use of US funds for foreign governments • Taxpayer protections • Dealings with conflicts minerals (e.g., blood diamonds) • Coal and mine safety
Impact on Non-Financial CompaniesA number of provisions are included on corporate governance and executivecompensation which apply to all public companies without regard to industry • Clawback requirement for incentive compensation paid to executives based on misstated financial statements • Increased executive compensation disclosuresConsumer Finance Operations • CFPB will serve as regulatory authority over all consumer financial products and services unless clearly exempted (charities, auto dealers and professional services firms). CFPB will have the authority to regulate covered persons offering consumer financial products or services. • Will be subjected to considerable regulatory burdens that will include extensive new record keeping and reporting requirements
Impact on Non-Financial CompaniesThe Whistleblower Provision… Will apply to any company with a potential securities or commodities law violation May apply to violations of FCPA Companies must be prepared to prove they are in compliance
Impact on Information Governance Policies Financial services firms are already struggling to manage their vast data stores in a way that satisfies existing privacy and regulatory requirements • The Dodd-Frank Act mandates a number of significant changes that include improving regulatory reporting capabilities • Changes need to be executed in a coordinated fashion across a number of business units • Will require a well managed information flow across different teams and stakeholders
Establishing a Strong Information Governance PolicyWhere to Start… Form a Working Group Perform a gap analysis • To improve • Determine groups coordination among affected by proposed the various segments legislation of the organization • Determine processes in • Clarify issues, place and those formulate strategies, needed and develop action plans
Establishing a Strong Information Governance PolicyThe GARP® Principles: A CCOUNTABILITY T RANSPARENCY I NTEGRITY P ROTECTION C OMPLIANCE A VAILABILITY R ETENTION D ISPOSITION
A Unified Approach to MissionCritical Functions The shift to consolidate… • The Act will boost regulatory requests • Legal action against wall street firms such as Goldman Sachs illustrate the need to be able to respond to an increase in both civil and criminal legal inquiries • New whistleblower provisions with increased monetary motivation will likely spur whistleblower reporting leading to additional independent internal investigations Corporate legal departments at financial institutions should take a unified approach to internal investigations, e-discovery, audit and compliance. A shift to consolidate these areas will help drive efficiency, cost effectiveness, and break down departmental silos.
A Unified Approach to MissionCritical Functions
New Record Keeping Requirements proposed CFTC rules require companies to maintain full and complete transaction and position information for all swap activities. • Records must be maintained in a “manner that is identifiable and searchable by transaction and by counterparty.” • Require the retention of basic business records, including corporate governance minutes, organizational charts, and audit/compliance documentation. • The Act’s data retention requirements even extend to certain financial records (such as information related to cash positions or forward transactions used to hedge), records of complaints against personnel, and marketing materials.
New Record Keeping Requirements Have an air-tight retention and disposition policy • Know your data, where it lives, who has access, its retention requirements • Make sure data is accessible to respond to requests • Retain only what you need – regulators can collect data outside of formalized retention requirements • Delete de-commissioned data defensibly and thoroughly • Coordinate routine retention and deletion with legal hold preservation requirements to prevent spoliation • Self-audit to gauge performance and ongoing-readiness
Impact on Legal Holds The confluence of increasing data volumes along with expectations of increased regulatory oversight and actions underscores the importance of sound enterprise wide information retention and disposition programs. This program, in combination with formalized legal hold protocols, is a critical line of defense during a litigation event. Close coordination Align information risk Treat legal holds as an among key management and enterprise process stakeholders — compliance objectives rather than a legal corporate counsel, with your information department task compliance officers, retention and legal and IT managers. hold program
Developing a Strong Legal Hold Process 1. Trigger Event Preservation Not Required 2. Analyze Duty NO To Preserve YES 3. Define Scope 4. Implement Hold Implementation / Oversight / Training / Audit / Tracking / Legal Hold Releases 5. Enforce & Examine 6. Modify 7. Monitor & Remove
Crafting a defensible legal hold What to communicate in the hold why the recipient of the hold was identified in laymens terms provide information about the preservation requirement, including relevant date ranges explicit instructions for preservation efforts that must be taken the consequences of failing to comply with the hold the contact information for whomever they can call with questions that they must affirmatively acknowledge their intent to comply with the requirements outlined in the hold
Crafting a defensible legal hold Ongoing Compliance Policy to reassess the sufficiency of preservation efforts as litigation progresses. Process to evaluate the sufficiency of the notice in light of any changes in scope or subject of the litigation. Process to modify and re-issue the hold. Process to remind custodians of their preservation obligations. Policy and process to notify custodians of release and disposition Process to communicate requirements relating to terminated employees to appropriate IT and HR personnel.
Key Take-AwaysSome regulations have yet to be written, but financial institutions andcorporations who may be subject to the Act need to stay ahead ofimpending rules Keys to success • Auditable processes and content • Flexibility to adapt to these and other new regulations • Consistent and timely management and disposition of documents • A unified approach to internal investigations, e-discovery, audit and compliance • Use technology solutions to drive transparency, automation, and workflow management • Align information risk management and compliance objectives with your information retention and legal hold program