information governance maturity for financial services

HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Information Governance Maturity in Financial Services

HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2

Key Regulatory Changes• Record Keeping in Dodd Frank and EMIR

Multi - Jurisdictional Regulatory Requirement• FINRA (Financial Industries Regulatory Authority), SEC (Securities & Exchange

Commission), CFTC (Commodities & Futures Trading Commission), BoE (Bank of England)

Past Legal or Regulatory Issues or Fines• Data Protection, Collusion, Corruption, Harassment, Insider Trading, Money Laundering,

80+ others

Reputational or Event Risk• Keep out of the headlines

Intellectual Property (IP) or Non-Public Info (MNPI) Leaks

Cost Containment• Storage

• Discovery

Typical Information Goverance Drivers in Banking


Risk & Cost Impact Increasing Year on Year


Example Regulation - Dodd Frank Background

• Regulations under Dodd Frank introduced new requirements for reporting and record keeping of Swaps and Derivatives related content

• Generally require that relevant records be duplicated and retained for 5 years following termination, execution, or expiration a contract

• Includes all of the information that is associated with execution of an agreement, and provide basis for economic terms of a deal

• Retain records according to specific regulatory requirements for immutability and third-party access within 24 / 36 / 72 hours


HP Autonomy’s Information Governance Solution

Business Analytics

Search & Collaboration

Information Governance

Legal Hold & eDiscovery

Deal ReconstructionSupervision

IBM CMODSymantec

EVEMC Centera

NICEOther

Sources File Shares

Social Media Video Audio Email Texts TransactionalData

IT/OT Search Engine ImagesDocumentsMobile

HPBi-directional Connector Framework

RainStor


Information Governance Defined

HP Autonomy Information Governance

A portfolio of modular solutions that help organisations access and understand human and computer-generated information without bias to repository or location, organise and control this data with a centralised policy engine, and intelligently manage and take action upon this data in accordance with business, legal/compliance, and data management objectives.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.


Unaware:unmanaged

Aware:formative

Aware:developing

Aware:competent

Stages of Competency

• Vital records at risk

• Non-compliance

• Duplication of work

• High storage and e-discovery costs

• No authoritative versions

• No info sharing

• Uncontrolled retention

• Decisions based on incomplete info

• Incomplete chain of custody

• No recognisable business context

• Poor information security


• High e-discovery cost


• No sharing of information

• Poor retention

• Decisions based on incomplete information

• Incomplete chain of custody





• Minimal sharing of information

• Decisions based on incomplete information



• Cost of manual capture

• Distributed silos of records


Stages of Competency – ARMA GARP Maturity Model

• There is no clear definition of the records that the organisation is obligated to keep

• Records and other business documentation are not systematically managed according to records management principles

• Business groups define this to the best of their ability based upon their interpretation of rules and regulations

• There is no central oversight and/or consistently defensible position

• There is no defined or understood process for imposing ‘holds’

Sub Standard In Development Essential Proactive Transformational

• The organisation has identified the rules and regulations that govern its business

• The organisation has introduced some compliance policies and recordkeeping practices around them

• The policies are not complete

• There is no apparent or well defined accountability for compliance

• There is a hold process, but it is not well integrated with the organisations information and discovery processes

• The organisation has identified all relevant compliance laws and regulations

• Record creation and capture are systematically carried out in accordance with record management principles

• The organisation has a strong code of business conduct which is integrated into its overall information governance structure and record keeping policies

• Compliance and the records that demonstrate it are highly valued and measurable

• The hold process is integrated into the organisations information management and discovery processes for the “most critical” systems

• The organisation has defined specific goals related to compliance

• The organisation has implemented systems to capture and protect records

• Records are linked with the metadata used to demonstrate and measure compliance

• Employees are trained appropriately and audits are conducted regularly

• Records of the audits and training are available for review

• Lack of compliance is remedied through implementation of defined corrective actions

• The hold process is well managed with defined roles and a repeatable process that is integrated into the organisationsinformation management and discovery processes

• The importance of compliance and the role of records and information in it are clearly recognised at the senior management and board levels

• Auditing and continuous improvement processes are well established and monitored by senior management

• The roles and processes for information management and discovery are integration

• The organisations stated goals related to compliance have been met

• The organisation suffers few or no adverse consequences based on information governance and compliance failures


ARMA – Generally Accepted Recordskeeping Principles

Accountability

Transparency

Integrity

Protection

Compliance

Availability

Retention

Disposition

A senior executive (or person of comparable authority) oversees the recordkeeping program and delegates program responsibility to appropriate individuals. The organisation adopts policies and procedures to guide personnel and ensure the program can be audited.

The processes and activities of an organisation’s recordkeeping program are documented in a manner that is open and verifiable and is available to all personnel and interested parties.

A recordkeeping program shall be constructed so the records and information generated or managed by or for the organisation have a reasonable and suitable guarantee of authenticity and reliability.

A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret or essential to business continuity.

The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organisation’spolicies.

An organisation shall maintain records in a manner that ensures timely, efficient and accurate retrieval of needed information.

An organisation shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements.

An organisation shall provide secure and appropriate disposition for records that are no longer required to be maintained by applicable laws and the organisation’s policies.


Our Value Proposition

Enterprise Retention Management

Global policy and metadata management

Manage in Place

Single Pane of Glass View

Robust Out of Box Functionality

Manage in Place


HP Autonomy Information Governance Framework

Ensure Retention & Disposition

HP Information Governance

A platform approach for effectively managing all information, enterprise-wide, in accordance with corporate policy and business goals

Gain Full Understanding

Automate Policy Application

Prepare & Respond: legal &

regulatory

Store & Manage in Place


HP Information Governance Solution Stack

HP Records Manager

Complete RM Lifecycle

ControlPointFile Analytics,

Policy Management

HP e-Discovery

Complete discovery lifecycle

management

HP Legal HoldEnd-to-end legal hold

Structured Data Manager

Structured content archiving

HP Information Governance Application Architecture

Core Application Logic

CFS

Intelligent Data Operating Layer

Connectors

Enterprise Repositories

Indexing Services

Connection Services

The Power of the Platform


HP Information Governance Logical Architecture

Connector Framework

Enrich metaName lookupsSpeech to text

OCR

Email

IM Voice

HP ControlPoint-

Classification

HP RM-

Records Management

HP StructuredData Manager

Compliance Front Office Compliance

Files

Persist

ReviewManagepolicy

Report

Unstructured

Applications

Scan/Fax

Structured

WORM / Disk


Making retention an enterprise reality

HP Information Governance Process Flow

• Allows organizations to identify “dark data:

• Understand its meaning and significant

• Classify and categorizeControl

• Treat related information consistently

• Apply policy to content typeApply Policy

• Make management decisions on access, availability, location and disposition

• Complete audit trailTake Action


ControlPoint is an application that provides a user interface and an ‘engine’ for:

HP ControlPoint Introduction

Configuring the classification of files

Reviewing the results of classifications

Configuring and applying policies that take actions, ‘about’ files that it manages


HP Records Manager Introduction

HP Records Manager

Interactive Document Management

SharePoint Governance

ControlPoint Auto-Declare In-Place Management

SAP ArchiveLink

AIO Structured Records

Physical Records

COM/.NET SDK Services API

Custom Solutions

ControlPoint Legacy Data Cleanup


HP Structured Data Manager Introduction

Reduce data footprint &

storage costs

Enhance operational efficiency

Retire outdated applications

Subset & Masking for Test

Improve search and eDiscovery

SDM

Customized Solutions

Groovy SDK

Application Integrations


In Place Management

Content repositories

Content repositories Know what

information you have

Know where the information is

located

Know your information is

protected

Know the information is

managed appropriately

IDO

L Co

nn

ect

or

Fra

mew

ork

Manage in Place

• Content Creation

• Business Processes

• Collaboration

• Projects

• Events

ControlPoint

HP Records Manager

Index, Analyze, Auto-Classify

De

clare

Retain and manage active information where it provides the best business value


Information Governance Functionality

Policy Management Content Collection Source Repositories

Con

nec

tor

Fram

ewo

rk S

erve

r

OnDemand

FileShares

RainStor

SEV

SharePoint

Exchange

HP RM

• No additional content store

• Metadata Management

• Retention

• Search

• ILM

• Approval routing

• Legal Hold Mgmt and Support

• Notification and alerts

• Reporting

• Audit

CP

• Indexing Services

• MIP

• Collect Insert

• Delete/Remove

• Hold/Release

• Hold

• Synchronize

• View

• Audit

Basic

Available

Custom

Enterprise Retention Management

Copyright © 2013 HP Autonomy. All rights reserved. Other trademarks are registered trademarks and the properties of their respective owners.

Craig Adams, EMEA Sales Director – Information GovernanceCraig Adams, EMEA Sales Director – Information Governance

Email: [email protected] [email protected]

Mobile: +44 7717 850527

LinkedIn: www.linkedin.com/in/craigadamsuk

mailto:[email protected]

information governance maturity for financial services

Software

computergenerated information

regulatory issues

hours hp

key regulatory changesrecord

data management objectives

financial serviceshp

insider trading

new requirements