One of the largest banks in the country was facing a consent order focused on the books and records practice of its broker dealer division. Recognizing the urgent need to rectify the situation, Infobelt was contracted to provide consulting services and to develop technology solutions that would resolve their regulatory issues. The challenge was compounded by the fact that they are members of multiple international exchanges and therefore subject to many different regulatory bodies, each with its own complex data management rules.
WHY THE BANK NEEDED INFOBELT
Neither the problem nor the solution was simple. Upon further study, Infobelt learned that the bank's books and records were drastically out of compliance. Operations staff was not aware that despite following internal process, their actions were not compliant with regulatory requirements. This was the result of a disconnect between compliance and operations. In short, they were keeping some records longer than they should while disposing of others far too soon. The data retention policies in many cases were not compliance optimized nor were they storing records in the prescribed format - WORM. Hundreds of employees were involved in the process, but there was no centralized system governing how employees managed transaction data. The result was a culture in which individuals felt a false sense of security in their data tracking and documention practice. These problems led to the banking watchdog FINRA issuing a disciplinary action including a consent order and a penalty. The consent order instructed the bank to meet a series of criteria which included filing an action plan and getting all books and records and data management in line with federal regulations along with defining and implementing supervisory procedures to ensure compliance. Until the consent order was resolved, day-to-day operations would continue, but the bank could not pursue any growth and failing which could result in further penalties including removal from trading certain instruments. To the bank’s credit, the leadership team immediately recognized that solving the problems related to FINRA’s consent order would also improve operational processes, prevent potential loss, avoid penalties and the eliminate the risk of compliance issues in other areas of the bank as well. A working group was quickly created that included external counsel, a big six consulting firm and Infobelt to evaluate, plan and address the issues.
INFOBELT’S INITIAL GOALS
When Infobelt began working on the processes, there were several key goals:
OUR PATH TO SUCCESS
Initially, Infobelt wanted to complete their work and help the bank clear its consent order within 18 months. However, their work ended up resolving the consent order in only 13 months, completing the process ahead of schedule.
This is what the pathway looked like:
First, Infobelt and the bank successfully evaluated the specific issues that needed to be addressed in order to clear the consent order and improve the bank’s record keeping. The bank reconciled their existing record base against the regulations as identified by legal counsel.
Next, the working group built a traceability spreadsheet that connected the regulations to the records, business organization, technology applications, and file repositories. This required countless phone calls, meetings, and emails to uncover the nuances of the bank’s recordkeeping practices. While the Infobelt team worked on resolving the conflict, they also focused on educating bank employees on the importance of fixing compliance problems before further regulatory action was taken.
Infobelt’s deep discover process revealed that records were being stored all over the place. There were records being stored locally on PCs, shared drives, and SharePoint. All of these sources had to be consolidated into compliant repositories. For each file migration, details were captured on the master spreadsheet.
It soon became clear that a spreadsheet was not sophisticated enough to manage the record keeping needs of the bank, and neither was SharePoint. Realizing the limitations of existing software options, the bank recognized the need for a bespoke application. That new program was Infobelt’s REGulated ENTerprise (aka. REGENT).
REGENT stores, tracks, and analyzes regulatory compliance and all relevant data points. The workflow of a REGENT-empowered corporation requires each individual employee who is involved in the data management process at any step to play their part. As a part of daily operations, an employee will complete the attestation process, in which they attest to completing the tasks relevant to their work. An executive or manager, such as a Chief Risk Officer, can use their tablet or computer to view real-time status updates of all attestations that have taken place, are in process, or haven’t been completed yet. Instead of the impossible task of querying 1450 “attestors” by phone or email, the CRO can look at the app and have immediate knowledge of what their team has completed or not. Implementing REGENT saved the bank time, money, and resources, because it makes the data fully accessible and in one easily navigated platform. This maintains the real-world connections between users, technology platforms, regulations, data governance policies, file repositories, and cross-functional communications. Another way that REGENT helps the bank is that it has a built-in regulation library which actively crawls regulatory sites looking for both new regulations and changes to existing ones. REGENT then ties those regulations directly into the records library within the system. When regulatory language changes, the bank knows immediately which records are affected by this change. In addition to REGENT, the bank benefits from Infobelt’s Orion platform, which has created a 95% reduction in saved data due to its incredible compression mechanism. Storage and infrastructure costs have gone down as much as $82 million dollars per year for the bank.
Today, thanks to Infobelt, the bank is clear of its consent order and no longer risks regulatory penalty. The Leadership team is now confident that it is meeting regulatory recordkeeping requirements and can demonstrate their compliance to regulators in an efficient and compelling manner.