Information Governance Maturity for Financial Services

HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
InformationGovernance
MaturityinFinancialServices

HP and Autonomy Confidential © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
Key Regulatory Changes
• Record Keeping in Dodd Frank and EMIR
Multi - Jurisdictional Regulatory Requirement
• FINRA (Financial Industries Regulatory Authority), SEC (Securities & Exchange
Commission), CFTC (Commodities & Futures Trading Commission), BoE (Bank of England)
Past Legal or Regulatory Issues or Fines
• Data Protection, Collusion, Corruption, Harassment, Insider Trading, Money Laundering,
80+ others
Reputational or Event Risk
• Keep out of the headlines
Intellectual Property (IP) or Non-Public Info (MNPI) Leaks
Cost Containment
• Storage
• Discovery
Typical Information Goverance Drivers in Banking

Risk & Cost Impact Increasing Year on Year

Example Regulation - Dodd Frank Background
• Regulations under Dodd Frank introduced new requirements for reporting and
record keeping of Swaps and Derivatives related content
• Generally require that relevant records be duplicated and retained for 5 years
following termination, execution, or expiration a contract
• Includes all of the information that is associated with execution of an agreement,
and provide basis for economic terms of a deal
• Retain records according to specific regulatory requirements for immutability and
third-party access within 24 / 36 / 72 hours

HP Autonomy’s Information Governance Solution
Business
Analytics
Search &
Collaboration
Information
Governance
Legal Hold &
eDiscovery
Deal Reconstruction
Supervision
IBM CMOD
Symantec
EV
EMC Centera
NICE
Other
SourcesFile Shares
Social Media Video Audio Email Texts Transactional
Data
IT/OT Search Engine ImagesDocumentsMobile
HP
Bi-directional Connector Framework
RainStor

Information Governance Defined
HP Autonomy Information Governance
A portfolio of modular solutions that help organisations access
and understand human and computer-generated information
without bias to repository or location, organise and control this
data with a centralised policy engine, and intelligently manage
and take action upon this data in accordance with business,
legal/compliance, and data management objectives.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Unaware:
unmanaged
Aware:
formative
Aware:
developing
Aware:
competent
Stages of Competency
• Vital records at risk
• Non-compliance
• Duplication of work
• High storage and
e-discovery costs
• No authoritative versions
• No info sharing
• Uncontrolled retention
• Decisions based on incomplete
info
• Incomplete chain of custody
• No recognisable business
context
• Poor information security
• High e-discovery cost
• No sharing of information
• Poor retention
• Decisions based on incomplete
information
• Incomplete chain of custody
context
• Minimal sharing of
information
• Decisions based on
incomplete information
context
• Cost of manual capture
• Distributed silos of records

Stages of Competency – ARMA GARP Maturity Model
• There is no clear definition of the
records that the organisation is
obligated to keep
• Records and other business
documentation are not
systematically managed according
to records management principles
• Business groups define this to the
best of their ability based upon
their interpretation of rules and
regulations
• There is no central oversight
and/or consistently defensible
position
• There is no defined or understood
process for imposing ‘holds’
Sub Standard In Development Essential Proactive Transformational
• The organisation has identified
the rules and regulations that
govern its business
• The organisation has introduced
some compliance policies and
recordkeeping practices around
them
• The policies are not complete
• There is no apparent or well
defined accountability for
compliance
• There is a hold process, but it is
not well integrated with the
organisations information and
discovery processes
• The organisation has identified all
relevant compliance laws and
regulations
• Record creation and capture are
systematically carried out in
accordance with record
management principles
• The organisation has a strong
code of business conduct which is
integrated into its overall
information governance structure
and record keeping policies
• Compliance and the records that
demonstrate it are highly valued
and measurable
• The hold process is integrated into
the organisations information
management and discovery
processes for the “most critical”
systems
• The organisation has defined
specific goals related to
compliance
• The organisation has
implemented systems to capture
and protect records
• Records are linked with the
metadata used to demonstrate
and measure compliance
• Employees are trained
appropriately and audits are
conducted regularly
• Records of the audits and training
are available for review
• Lack of compliance is remedied
through implementation of
defined correctiveactions
• The hold process is well managed
with defined roles and a
repeatable process that is
integrated into the organisations
information management and
discovery processes
• The importance of compliance and
the role of records and
information in it are clearly
recognised at the senior
management and board levels
• Auditing and continuous
improvement processes are well
established and monitored by
senior management
• The roles and processes for
information management and
discovery are integration
• The organisations stated goals
related to compliance have been
met
• The organisation suffers few or no
adverse consequences based on
information governance and
compliance failures

ARMA – Generally Accepted Recordskeeping Principles
Accountability
Transparency
Integrity
Protection
Compliance
Availability
Retention
Disposition
A senior executive (or person of comparable authority) oversees the recordkeeping program and delegates program responsibility to
appropriate individuals. The organisation adopts policies and procedures to guide personnel and ensure the program can be audited.
The processes and activities of an organisation’s recordkeeping program are documented in a manner that is open and verifiable and is
available to all personnel and interested parties.
A recordkeeping program shall be constructed so the records and information generated or managed by or for the organisation have a
reasonable and suitable guarantee of authenticity and reliability.
A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private,
confidential, privileged, secret or essential to business continuity.
The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organisation’s
policies.
An organisation shall maintain records in a manner that ensures timely, efficient and accurate retrieval of needed information.
An organisation shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal,
operational, and historical requirements.
An organisation shall provide secure and appropriate disposition for records that are no longer required to be maintained by applicable laws
and the organisation’s policies.

Our Value Proposition
Enterprise Retention Management
Global policy and metadata management
Manage in Place
Single Pane of Glass View
Robust Out of Box Functionality
Manage in Place

HP Autonomy Information Governance Framework
Ensure Retention
& Disposition
HP Information Governance
A platform approach for effectively managing all information,
enterprise-wide, in accordance with corporate policy and business goals
Gain Full
Understanding
Automate Policy
Application
Prepare &
Respond: legal &
regulatory
Store &
Manage in Place

HP Information Governance Solution Stack
HP Records
Manager
CompleteRM
Lifecycle
ControlPoint
File Analytics,
Policy
Management
HP e-
Discovery
Complete
discoverylifecycle
management
HP Legal HoldEnd-to-endlegal
hold
Structured
Data Manager
Structured content
archiving
HP Information Governance
Application Architecture
Core Application Logic
CFS
Intelligent Data Operating Layer
Connectors
Enterprise Repositories
Indexing Services
Connection Services
The Power of the Platform

HP Information Governance Logical Architecture
Connector
Framework
Enrich meta
Name lookups
Speech to text
OCR
Email
IM Voice
HP ControlPoint
-
Classification
HP RM
-
Records
Management
HP Structured
Data
Manager
Compliance Front Office Compliance
Files
Persist
ReviewManage
policy
Report
Unstructured
Applications
Scan/Fax
Structured
WORM /
Disk

Making retention an enterprise reality
HP Information Governance Process Flow
• Allows organizations to identify “dark data:
• Understand its meaning and significant
• Classify and categorize
Control
• Treat related information consistently
• Apply policy to content typeApply Policy
• Make management decisions on access, availability, location and
disposition
• Complete audit trail
Take Action

ControlPoint is an application that provides a user interface and an ‘engine’ for:
HP ControlPoint Introduction
Configuring the classification of files
Reviewing the results of classifications
Configuring and applying policies that
take actions, ‘about’ files that it manages

HP Records Manager Introduction
HP Records Manager
Interactive Document
Management
SharePoint
Governance
ControlPoint Auto-Declare
In-Place Management
SAP
ArchiveLink
AIO Structured
Records
Physical
Records
COM/.NET SDK Services
API
Custom Solutions
ControlPoint Legacy
Data Cleanup

HP Structured Data Manager Introduction
Reduce data
footprint &
storage costs
Enhance
operational
efficiency
Retire outdated
applications
Subset &
Masking for Test
Improve
search and
eDiscovery
SDM
Customized
Solutions
Groovy SDK
Application
Integrations

In Place Management
Content
repositories
Content
repositories Know what
information you
have
Know where the
information is
located
Know your
information is
protected
Know the
information is
managed
appropriately
IDOLConnectorFramework
Manage in Place
• Content Creation
• Business Processes
• Collaboration
• Projects
• Events
ControlPoint
HP Records
Manager
Index, Analyze,
Auto-Classify
Declare
Retain and manage active information where it provides the best business value

Information Governance Functionality
Policy Management Content Collection Source Repositories
ConnectorFrameworkServer
On
Demand
FileShares
RainStor
SEV
SharePoint
Exchange
HP RM
• No additional content store
• Metadata Management
• Retention
• Search
• ILM
• Approval routing
• Legal Hold Mgmt and Support
• Notification and alerts
• Reporting
• Audit
CP
• Indexing Services
• MIP
• Collect Insert
• Delete/Remove
• Hold/Release
• Hold
• Synchronize
• View
• Audit
Basic
Available
Custom
Enterprise Retention Management

Copyright © 2013 HP Autonomy. All rights reserved. Other trademarks are registered trademarks and the properties of their respective owners.
Craig Adams, EMEA Sales Director – Information Governance
Craig Adams, EMEA Sales Director – Information Governance
Email: craiga@hp.com craiga@hp.com
Mobile: +44 7717 850527
LinkedIn: www.linkedin.com/in/craigadamsuk

Information Governance Maturity for Financial Services

More Related Content

What's hot (20)

Similar to Information Governance Maturity for Financial Services (20)

Recently uploaded (20)

Information Governance Maturity for Financial Services

Editor's Notes