January 26, 2012

Credit Union Management magazine’s web-only “On Compliance” runs the fourth Thursday of the month.

There is quite a bit of confusion regarding exactly how long credit unions are required to store archived emails. Some institutions are operating with the idea that it is mandatory for credit unions, like most financial institutions, to archive all emails. However, others have said there is no regulatory requirement or legislation that requires CUs to archive email unless they perform brokerage services, in which case, they would be regulated by Financial Industry Regulatory Authority and the Securities and Exchange Commission.

To set the record straight, credit unions do not fall under the regulations of these supervisory bodies.

Since there are no definitive rules for credit unions to follow for email retention, they often look to the National Credit Union Administration for guidance. Although NCUA does not regulate email communications specifically, it does provide guidance on the appropriate length of time to retain various types of operational records. Depending on the type of record, the retention period ranges from one to 10 years, and sometimes credit unions are even required to keep certain records permanently. Examiners often cite seven years, because some regulations, such as the Bank Secrecy Act, refer to this timeframe.

Credit unions also need to take into account state law, and whether the records might be needed for legal purposes etc., to determine what is prudent.

The Federal Rules of Civil Procedure bring email and other electronically stored information squarely into the discovery process in court proceedings, so it’s imperative that all organizations rigorously manage electronic communications throughout their lifecycle.

Ultimately, there are three potential approaches to data retention: save everything, save selectively and save nothing. But no matter what policies organizations put in place, it is crucial that they be able to search what they do have and put records on legal hold when required.

Depending on the systems and resources credit unions have in place, this may be more challenging for some than others. But the FRCP requires any organization with the potential for involvement in litigation within the U.S. federal court system (which is most public and private organizations) to:

• Be able to produce emails requested as evidence in a federal court case in their native format.
• Have a clear understanding of where their data is stored and how to retrieve it in a timely manner.
• Honor a legal hold by halting any previous purging practices until the legal matter is settled.
• Prove authenticity of the communications in question (i.e., that they are tamper-proof).

When it comes to the question of how much data to save, experts recommend saving more rather than less. Although a strategy of preserving less data may save on expenses from an IT infrastructure perspective, this practice runs the risk of deleting information that should be preserved, which can prove to be even more costly in the long run.

If a CU hasn’t saved something a court wants, a number of factors come into play in what happens next. Broadly speaking, if an organization has a clear policy in place and followed it, it may be all right. In other instances, they could lose the case and potentially receive legal sanctions and fines.

Although clear black-and-white guidelines for email retention are basically nonexistent for credit unions, the days when judges or regulators might accept the excuse that an organization was having computer problems or just didn’t know how to retain emails won’t fly anymore. If an organization can’t produce emails in question during the discovery process, it might look like it is hiding something. To avoid this risk, it is imperative that institutions have a specific strategy for storing emails effectively. Simply said, credit unions just need to have a plan in place and follow it. Cloud computing offers a viable way to do so.

Cloud computing means IT services are hosted via the Internet, rather than being implemented and maintained via on-premise hardware and software solutions. Being on the cloud allows organizations to scale rapidly and add new capabilities with low upfront costs in additional infrastructure, personnel or software licensing. In effect, the cloud extends internal IT departments’ existing capabilities.

Some of the cloud’s greatest benefits for credit unions are email archiving, legal discovery and mailbox management tools. A cloud arranagement tends to be much less expensive to setup and maintain than in-house software. For example, cloud solutions include regular updates and don’t require in-house staff to run them. They are also more accessible and offer offsite backup for disaster recovery. You read about some client examples few in case studies on our website.

Credit unions can meet all the FRCP’s requirements with one comprehensive solution—without negatively impacting daily operations.

A cloud archiving solution helps credit unions seamlessly achieve retention needs, monitor communications for inappropriate usage, and search and retrieve content (emails and attachments) whenever necessary. Plus, many archiving solutions also serve as a backup in the event of downtime or a catastrophic loss.

The common per user, per month pricing structure ensures there are no surprises at the end of each month, and many vendors offer unlimited storage and retention. Depending on individual budgets and IT infrastructures, moving to the cloud is a great way for credit unions to cover all their bases without exhausting IT resources or overextending budgets.

Nick Mehta is CEO of Live Office.