E-mails: Should Advisers Try To Separate the Wheat From the Chaff?
Considering the torrent of e-mails sent and recieved every day, should you attempt to sort out the relative handful of e-mails that are required records under the Advisers Act books and records rule?
It can be done. However, as a practical matter, advisers that take this approach will need to rely on their employees to identify required records, according to Iron Mountain vice president Margaret Rimmler. In an interview with IM Insight, Rimmler explained that while the technology for automatically searching the text of e-mails and identifying and sorting out required records is improving, "itís not yet ready for prime time." Existing autoclassification software, she said, accurately identifies required e-mails only about "60 to 70 percent of the time." But, she added, "technology will be able to get there" eventually. "It always does."
Until then, Rimmlerís advice to advisers seeking to separate the wheat from the chaff: "If they donít want to keep it all, they need to train their end-users to determine what is a required record and what is not." She said that Iron Mountain offers a solution in which it sets up folders for required records, such as "client communications," "contracts," etc., on a firmís network. The folders are then "swept" on a periodic basis (typically daily) and the contents brought onto Iron Mountainís offsite archive. A "stub" left in the folder allows the employee to access the e-mail if necessary.
For cost-conscious advisers, Iron Mountain also offers a "keep everything" solution, which Rimmler described as "fairly simple" to put into place, particularly for firms that use Microsoft Exchangeô. The cost: about $2,500 to set up, with ongoing storage costs beginning at about $500 per month. Rimmler noted that depending on the amount of e-mail being stored, over time the storage costs may be higher than if the adviser had chosen to selectively retain only required e-mails.
Regardless of which approach is selected, once e-mails are stored, Iron Mountain will index them by date, by sender and recipient, and other fields. The e-mails are full-text searchable.
In deciding which approach to take, advisers should consider the costs and risks involved in saving all e-mails, particularly in the context of a regulatory inquiry or litigation discovery request. At a September 21 IDC Ė Kahn Consulting conference, Lehman Brothers counsel Joseph Steffan noted that whether a firm is hit with an SEC investigation, private litigation, or other sort of regulatory inquiry relating to e-mails, the best position to be in "is to have had a strategy for saving, organizing, and destroying things that facilitates an efficient response to such an inquiry, while maintaining compliance with legal and regulatory obligations."
If you are comfortable that your records retention system is capturing required records, he explained, you can delete everything else. Of course, he acknowledged, "where most firms are right now is that because they donít have a sufficiently systematic and comprehensive method to destroy records, they are effectively saving everything forever." That, he said, "is a terrible situation to be in." Not only does the "keep everything" approach impose expensive storage costs, all those records are "extremely costly to review" in the face of a document request. "Effectively, a lawyer must end up looking at every page, whether you needed to keep it or not," he said.
Moreover, having all those documents sitting around increases the chances that one will be viewed by a plaintiffís lawyer as a smoking gun. "In the absence of a compelling argument why a specific document benefits you routinely, you want to get rid of the document," said Steffan. "If you donít know that it benefits you, it could harm you."
However, if your firm does decide to implement an e-mail destruction policy, you need to be extremely careful that required records are not inadvertently destroyed. The Investment Counsel Association of America, in its compliance program guideline, suggests that firms diligently review samples of e-mails marked for deletion to confirm that required information has not been inadvertently or inappropriately marked for deletion. Also, the group recommends that firms document any surveillance or monitoring of e-mail communications prior to the e-mailsí destruction (ICAA members should check the ICAAís guidelines for more e-mail-related tips).
Speaking more generally, Steffan encouraged firms to develop a centralized records management system designed to maintain required records and to produce those documents upon request. Like other projects, development of such a system should involve affected constituencies (here, the firmís legal, compliance, IT, and records management personnel).
To get buy-in, said Steffan, play up the cost savings and risk management benefits. "Being able to get at documents when you need them and being able to comfortably destroy documents when you donít need them" has "huge benefits for the organization," he said. On that note, he noted that a firmís litigators and compliance people "who need to find these things" can be a powerful ally for records management personnel attempting to "sell this strategy." If you have a unified strategy and systems that can accomplish the goals of making the record-finding as well as record-keeping process easy, "itís a no-brainer," said Steffan. "Everyone wants that."
Ideally, all required documents should be captured electronically on one system, said Steffan. However, he noted that individuals typically store documents on their hard drives, diskettes, and even on multiple document management systems. You need to "tame that Wild West," said Steffan. If all required records are in captured in one place, end users within the firm (say, the firmís compliance officers responding to an SEC examinerís request for specific e-mails) can search for whatever they want, without the assistance of records management personnel and with the assurance that they are not overlooking information. "If you donít have such a system," said Steffan, "you should just acknowledge that you are a litigation support person."
Steffan recommended that records be captured at the point of creation. Every document should have a person associated with it, as well as an operational unit, legal entity, and other tags.
But how do you get people to save documents on the system? "The fundamental challenge in this context is project management," said Steffan. "If you donít have clear responsibility as to who owns identifying what a Ďrecordí is in fixed income, you canít even begin the conversation. Unless people are designated as having responsibility for that issue youíll never fix the problem."
Steffan emphasized that information has to be readily retrievable. Firms need to have a "dynamic mechanism for getting these things back." If you donít, he warned, "you are setting yourself up for a horror story because it is impossible to get things back off of tape, as a practical matter." A firm "cannot just have the information on a backup tape in New Jersey somewhere," he said. "If you have things on magnetic tape, you have a big problem." While some firms may feel confident that you can restore a back-up tape in a day, he added, consider that you could get hit with multiple actions affecting a "million" tapes.
When you are setting up a records management system, consider whether you need to save records in "silos," namely, separate data repositories for each of your firmís affiliates. This may be the case if your firmís various affiliates are subject to differing regulatory requirements. "Even though your affiliates may effectively share a single infrastructure, such as a global e-mail system, you need to be retaining these records and storing them by legal entity because each legal entity is potentially subject to a unique form of regulation," Steffan noted. He gave the example of a U.S. broker-dealer affiliated with a U.K. broker-dealer, noting that U.K. brokers apparently do not have a specific e-mail retention obligation. From the U.S. perspective, "I donít want U.K. e-mails in my repository."
He also noted that separating records is crucial if a firm plans to divest itself from an affiliate. If you canít say "nice knowing you, hereís your data," he said, youíll have a "huge problem."