This is the third and final installment of a series on the current financial crisis and what role technology might play in helping organizations adhere to forthcoming federal regulations.
As we have moved through this series of blogs investigating the current financial crisis and subsequent economic woes of the United States, we have hit upon several areas that are not at the forefront in today’s debate.
- In part 1, I looked at the impact of the elimination of the “up-tick” rule and the role hedge funds have played in this current financial crisis.
- In part 2, I highlighted the efforts by Senator Grassley (R-IA) to bring hedge funds under the purview of the SEC, and Rep. Kanjorski’s after-the-fact hearings on the Bernie Madoff scandal in the 111th Congress. In part 2 I also brought out how the SEC tried to reign in the hedge funds and how a ruling from the U.S. Court of Appeals in the D.C. District negated their inability to regulate the hedge fund industry.
All of these areas have had a large impact in leading up to the current crisis and will almost certainly result in new regulations but what role will technology play in complying with and/or enforcing these new rules?
At this time, that is a still difficult question to answer as the 111th Congress is providing little insight into what new rules it will pass. So often the best thing to do in times like this is to take a step back and look at the recent past in order to gain some insight as to what the near future may hold.
The largest scandal in recent history was the Enron scandal in 2001. Out of that debacle, the Sarbanes Oxley Act of 2002 (SOX) emerged as a regulatory remedy to provide the government greater visibility into a corporation’s debts and losses and it also increased criminal sanctions for corporate executives. SOX itself did not mandate any particular technologies but it is hard to imagine corporations complying with SOX’s terms without technology to ensure the proper internal controls.
So as this particular regulatory saga continues to unfold over the coming months it is a good idea to review best practices that not only helped organizations comply with SOX but should help them prepare to address the challenges that are bound to emerge out of this new Congressional session:
- Create an IT infrastructure that provides the ability to rapidly assess and report on critical events. Examples of events would be those that may materially affect a company’s operations or financial reporting.
- Put in place a robust records management program. Organizations need to rapidly respond to regulatory demands and legal disputes. Knowing what data you have, where it is located and how long to retain data is a necessity as it pertains to regulation and legal requests. Understanding the content of data and not just the type of data are keys to best managing regulatory data requirements and answering legal challenges.
- Converge, simplify and centralize data to ease regulatory compliance burdens. It is important to understand how convergence in areas such as data security and compliance, as well as simplified reporting, and centralization of data, can help organizations meet the internal requirements for checks and balances and mitigate the risk that forthcoming regulations pose.
- Deploy content management solutions that focus on email retention. Whether administrative, fiscal, or general operational email correspondence, information in these categories can have a material affect on a company as it pertains to both compliance and legal proceedings;
- Understand thresholds as it pertains to document retention. A solid understanding of legal retention thresholds as defined by federal or state law is necessary to guide an organization so they can know when data such as email can be destroyed and they can justify why specific data was removed. Improper destruction of documents can be at best a weakness in a case, or worse criminal negligence.
When examining these best practices it makes sense that organizations deploy technologies such as Estorian’s LookingGlass to meet both current and emerging regulatory demands. LookingGlass provides the ability to support these best practices by providing companies the ability to:
- Set policies and be alerted in real time when company standards regarding content have been breached. Alerts can be set based on company specific criteria such as regulatory compliance, control of intellectual property, or offensive material. Policies then decide if the e-mail should be blocked, quarantined for review, or allowed. LookingGlass provides the ability to report on activities through the use of standardized or customizable reports.
- Centralizes email communications by providing a central repository for all e-mail. This centralization eliminates the need to access and search individual PST file repositories through its real-time capture and indexing of all e-mails and centrally storing them for future reference. The indexing makes emails quickly searchable and also brings email under the umbrella of an organizational records management policy. Organizations can then set data retention policies that eliminate the ability of users to delete materially necessary information that is needed for regulatory compliance or to answer a legal eDiscovery notice.
When there is regulatory uncertainty as is the case today, there can be a tendency to overreact. But understanding how organizations have responded to past regulations such as SOX is still relevant in today’s environment plus the technology choices that organizations have today are far more numerous and mature than when SOX was passed a few years ago. Organizations face a great deal of uncertainty in 2009 but they can find some assurance that products such as LookingGlass will give the ability to take control of their unstructured email data stores so they do not accidentally find themselves in a compromised position from a compliance and regulatory viewpoint regardless of what new promised regulations that this current Congress passes.