1. Automation. Collaboration. Integration.
The Dodd-Frank Effect on
Information Management
Today’s Speakers: Katey Wood Jacquie Safran
Analyst Director of Sales
ESG Exterro, Inc.
Shannon Smith John Isaza
Paralegal Partner
Rabobank Howett Isaza Law Group LLP
2. Today’s Speakers
Shannon Smith
Paralegal
Rabobank Group
Shannon Smith has worked as a paralegal in Rabobank Nederland, New York
Branch’s Legal Department since 2005. Her role includes litigation support and
she has been instrumental in implementing an e-discovery readiness program
for the bank.
Shannon received her BA from Hunter College in New York and will be
attending law school in the fall.
3. Today’s Speakers
John Isaza
Partner
Howett Isaza Law Group LLP
John Isaza, Esq. is a California-based attorney and partner of Howett Isaza Law Group,
LLP (HiL). Mr. Isaza is widely recognized as one of the country’s foremost experts on
electronic information governance, records management, and e-discovery
preparedness. His clients include some of the most highly regulated Fortune 500
companies.
Prior to forming HiL, Mr. Isaza served as in-house General Counsel to a publicly traded
medical device manufacturer now owned by Abbott Laboratories. At present, he is an
active speaker in the ARMA, AIIM, ABA and IT compliance circuits. Mr. Isaza chaired the
Chicago Program Committee for ARMA’s 2005 international conference; he is a
member of ARMA’s Electronic Discovery Advisory Group and the GARP® Metrics Task
Force and he has served on the Board of Directors of ARMA International. Mr. Isaza co-
authored a book entitled 7 Steps for Legal Holds of ESI & Other Documents released in
July 2009.
4. Today’s Speakers
Katey Wood
Analyst
ESG
Katey Wood joined ESG in 2011 covering Information Management, including e-
discovery, enterprise search, content management, archiving, and records
management. Prior to ESG, she covered e-discovery, enterprise search, information
governance, and text analytics as an analyst at the 451 Group. She also worked
previously on the rollout of New York State’s Statewide Access Child Welfare
Information System (SACWIS), a Federally-funded data warehousing and BI
initiative.
Katey holds a double Masters in Information Systems and Library Science from
Drexel University, and a BA from Wellesley College, and has studied at NYU’s Arthur
L. Carter Institute of Journalism in Cultural Criticism and Reporting.
5. Today’s Speakers
Jacquie Safran
Director of Sales
Exterro, Inc.
Jacqueline Safran brings more than 12 years of sales and marketing experience,
and nine years of experience focused on providing corporations and law firms with
e-discovery and information management technology.
Safran has successfully provided solutions covering every phase of the Electronic
Discovery Reference Model, and excels in understanding organizations' business
needs and providing clients with technology that best meets their requirements.
6. Todays’ Agenda
Overview of Dodd-Frank
• Brief overview
• Who is affected
• Status of agency responses
• Impact on non-financial companies
Impact on Information Governance Policies
• Establishing a strong information governance policy
• A unified approach to mission critical functions
New Record Keeping Requirements
• Proposed CFTC rules
• Creating an airtight retention and disposition policy
Impact on Legal Holds
• Trigger Events
• Crafting a defensible legal hold
7. Dodd-Frank Act Overview
Dodd-Frank Wall Street Reform and Consumer
Protection Act:
To promote the financial stability of the United
States by improving accountability and
transparency in the financial system, to end ‘too
big to fail’, to protect the American taxpayer by
ending bailouts, to protect consumers from
abusive financial services practices, and for
other purposes.
8. Status of Agency Responses
Soft Metrics re: Recordkeeping and the Act:
848- Page Document “Record” Mentioned “Recordkeeping” Only 1 supplemental
198 times mentioned 34 times comment
* Earliest deadline for regulators is 7/11, so too early to tell
* Supplemental comment provided by Federal Reserve (Official Staff
Interpretation)
• Reg Z, TILA, Part 226
• Nothing substantive re: recordkeeping
9. Status of Agency Responses
Title I, focusing on financial stability, creates…
• Financial Stability Oversight Council - tasked
with oversight of non-bank financial companies
• Office of Financial Research
• Both given authority to promulgate regulations
• No final rules reported at this time
10. Status of Agency Responses
Title I tasks FDIC (the “Corporation”) as follows:
• Unless otherwise required by applicable Federal law or
court order, the Corporation may not, at any time,
destroy any records that are subject to clause (i)
[recordkeeping requirements].
• The terms ‘‘records’’ and ‘‘records of a covered
financial company’’ mean any document, book, paper,
map, photograph, microfiche, microfilm, computer or
electronically-created record generated or maintained
by the covered financial company in the course of and
necessary to its transaction of business.
11. Status of Agency Responses
Title II, focusing on Liquidations, provides for new
recordkeeping requirements, and ostensibly tasks FDIC
with coming up with more:
• Agencies asked to jointly prescribe regulations
requiring that financial companies maintain such
records with respect to qualified financial contracts
(including market valuations)
• The Federal primary financial regulatory agencies
shall prescribe joint final or interim final
regulations not later than 24 months after the date
of enactment of this Act.
• No final rules reported at this time.
12. Status of Agency Responses
Title III, delegates powers to:
• Comptroller of the Currency
• FDIC (the “Corporation”)
• Federal Reserve’s Board of Governors
Title IV, Regulates Advisers to Hedge Funds and Others
No final rules reported at this time re: additional
recordkeeping requirements, other than those mentioned in
the Act
13. Status of Agency Responses
Title V, focusing on insurance sector, creates:
• Federal Insurance Office
• Another prospect for later regulations
• No final rules reported at this time
14. Status of Agency Responses
Title VI, imposes improvements to Regulation of Banks
and Savings Association Holding Companies and
Depository Institutions
• “Each supervised securities holding company and each affiliate
of a supervised securities holding company shall make and keep
for periods determined by the Board of Governors such records, furnish copies
of such records, and make such reports, as the Board of Governors determines
to be necessary or appropriate to carry out this section, to prevent evasions
thereof, and to monitor compliance by the supervised securities holding
company or affiliate with applicable provisions of law”
• “AVAILABILITY—A supervised securities holding company or an affiliate of a
supervised securities holding company shall promptly provide to the Board of
Governors, at the request of the Board of Governors, any report...”
• Availability is one of the GARP® Principles
15. Status of Agency Responses
Title VII, Wall Street Transparency and Accountability:
• “The Commodity Futures Trading Commission and the
Securities and Exchange Commission, in consultation
with the Board of Governors *Federal Reserve’s+, shall
engage in joint rulemaking to jointly adopt a rule or
rules governing books and records regarding security-
based swap agreements, including daily trading records,
for swap dealers, major swap participants, security-
based swap dealers, and security-based swap
participants.”
• No additional “final” recordkeeping rules reported at
this time
16. Status of Agency Responses
Title IX, Investor Protections and amendments to
securities regulations
• Affecting 1933 and 1934 Acts, including Investment
Advisers Act
• No significant or apparent changes to length of retention
requirements
• However, broad authority to impose more retention and
reporting requirements
• No additional “final” recordkeeping rules reported at
this time
17. Status of Agency Responses
Title X, establishes Bureau of Consumer Financial
Protection
• The Bureau shall seek to implement and, where
applicable, enforce Federal consumer financial law
consistently for the purpose of ensuring that all
consumers have access to markets for consumer financial
products and services and that markets for consumer
financial products and services are fair, transparent, and
competitive
• No final recordkeeping rules reported at this time
18. Status of Agency Responses
Title XIV, calls for Mortgage Reform and Anti-Predatory
Lending
• Regulate loan originations
• Minimum standards for mortgages
• Regulates high cost mortgages
• Establishes Office of Housing Council
• Regulates mortgage servicing
• Regulates appraisal activities
• No final recordkeeping rules reported at this time
19. Status of Agency Responses
Title XV, imposes:
• Restrictions on use of US funds for foreign governments
• Taxpayer protections
• Dealings with conflicts minerals (e.g., blood diamonds)
• Coal and mine safety
20. Impact on Non-Financial Companies
A number of provisions are included on corporate governance and executive
compensation which apply to all public companies without regard to industry
• Clawback requirement for incentive compensation paid to executives
based on misstated financial statements
• Increased executive compensation disclosures
Consumer Finance Operations
• CFPB will serve as regulatory authority over all consumer financial
products and services unless clearly exempted (charities, auto dealers
and professional services firms). CFPB will have the authority to regulate
covered persons offering consumer financial products or services.
• Will be subjected to considerable regulatory burdens that will include
extensive new record keeping and reporting requirements
21. Impact on Non-Financial Companies
The Whistleblower Provision…
Will apply to any company with a potential
securities or commodities law violation
May apply to violations of FCPA
Companies must be prepared to prove they
are in compliance
22. Impact on Information Governance Policies
Financial services firms are already struggling to
manage their vast data stores in a way that
satisfies existing privacy and regulatory
requirements
• The Dodd-Frank Act mandates a number of significant
changes that include improving regulatory reporting
capabilities
• Changes need to be executed in a coordinated fashion
across a number of business units
• Will require a well managed information flow across
different teams and stakeholders
23. Establishing a Strong Information
Governance Policy
Where to Start…
Form a Working Group Perform a gap analysis
• To improve • Determine groups
coordination among affected by proposed
the various segments legislation
of the organization • Determine processes in
• Clarify issues, place and those
formulate strategies, needed
and develop action
plans
24. Establishing a Strong Information
Governance Policy
The GARP® Principles:
A CCOUNTABILITY
T RANSPARENCY
I NTEGRITY
P ROTECTION
C OMPLIANCE
A VAILABILITY
R ETENTION
D ISPOSITION
25. A Unified Approach to Mission
Critical Functions
The shift to consolidate…
• The Act will boost regulatory requests
• Legal action against wall street firms such as Goldman Sachs illustrate
the need to be able to respond to an increase in both civil and criminal
legal inquiries
• New whistleblower provisions with increased monetary motivation will
likely spur whistleblower reporting leading to additional independent
internal investigations
Corporate legal departments at financial institutions should take a unified
approach to internal investigations, e-discovery, audit and compliance.
A shift to consolidate these areas will help drive efficiency, cost
effectiveness, and break down departmental silos.
27. New Record Keeping Requirements
proposed CFTC rules require companies to
maintain full and complete transaction and
position information for all swap activities.
• Records must be maintained in a “manner that is
identifiable and searchable by transaction and by
counterparty.”
• Require the retention of basic business records, including
corporate governance minutes, organizational charts, and
audit/compliance documentation.
• The Act’s data retention requirements even extend to
certain financial records (such as information related to
cash positions or forward transactions used to hedge),
records of complaints against personnel, and marketing
materials.
28. New Record Keeping Requirements
Have an air-tight retention and disposition policy
• Know your data, where it lives, who has access, its retention
requirements
• Make sure data is accessible to respond to requests
• Retain only what you need – regulators can collect data outside
of formalized retention requirements
• Delete de-commissioned data defensibly and thoroughly
• Coordinate routine retention and deletion with legal hold
preservation requirements to prevent spoliation
• Self-audit to gauge performance and ongoing-readiness
29. Impact on Legal Holds
The confluence of increasing data volumes along with expectations of
increased regulatory oversight and actions underscores the importance of
sound enterprise wide information retention and disposition programs.
This program, in combination with formalized legal hold protocols, is a
critical line of defense during a litigation event.
Close coordination Align information risk
Treat legal holds as an among key management and
enterprise process stakeholders — compliance objectives
rather than a legal corporate counsel, with your information
department task compliance officers, retention and legal
and IT managers. hold program
30. Developing a Strong Legal Hold Process
1. Trigger Event Preservation Not Required
2. Analyze Duty NO
To Preserve
YES
3. Define Scope
4. Implement
Hold Implementation / Oversight / Training /
Audit / Tracking / Legal Hold Releases
5. Enforce &
Examine
6. Modify
7. Monitor &
Remove
31. Crafting a defensible legal hold
What to communicate in the hold
why the recipient of the hold was identified
in laymen's terms provide information about the
preservation requirement, including relevant date ranges
explicit instructions for preservation efforts that must be
taken
the consequences of failing to comply with the hold
the contact information for whomever they can call with
questions
that they must affirmatively acknowledge their intent to
comply with the requirements outlined in the hold
32. Crafting a defensible legal hold
Ongoing Compliance
Policy to reassess the sufficiency of preservation
efforts as litigation progresses.
Process to evaluate the sufficiency of the notice in
light of any changes in scope or subject of the
litigation.
Process to modify and re-issue the hold.
Process to remind custodians of their preservation
obligations.
Policy and process to notify custodians of release and
disposition
Process to communicate requirements relating to
terminated employees to appropriate IT and HR
personnel.
33. Key Take-Aways
Some regulations have yet to be written, but financial institutions and
corporations who may be subject to the Act need to stay ahead of
impending rules
Keys to success
• Auditable processes and content
• Flexibility to adapt to these and other new regulations
• Consistent and timely management and disposition of documents
• A unified approach to internal investigations, e-discovery, audit and
compliance
• Use technology solutions to drive transparency, automation, and
workflow management
• Align information risk management and compliance objectives with
your information retention and legal hold program