Apples & oranges: recordkeeping principles for transforming business practices.[ILLUSTRATION OMITTED] Despite having voluminous, detailed transaction records, regulators did not have a clear picture of the financial industry's health before its recent collapse and the economy's subsequent downward spiral. President Barack Obama and key cabinet members have stressed transparency and accountability, two key elements of the Generally Accepted Recordkeeping Principles[SM], for preventing similar crises from occurring. It's obvious the financial services industry is heavily regulated. Those regulations require records--lots and lots of them. And indeed, organizations in the industry have produced those records, with every transaction, every account balance, and every movement dutifully recorded and maintained, often for extended periods of time. This detailed transactional recordkeeping is intended to enable regulators to determine whether organizations are conforming to the regulations governing them and their transactions. Yet, despite its detailed recordkeeping, the financial industry is at the root of the current economic breakdown. Several cases demonstrate a number of flaws in the regulatory system, including Bernie Madoff swindling investors out of $50 billion, AIG's $3 trillion dollars in credit default swaps, and the prevalence of risky mortgage derivatives that are behind the housing collapse. (See sidebar on page 28 for details.) The Failure of the Old Paradigm What went wrong in each of these cases? Conceptually, the answer is simple: Voluminous records don't necessarily equal accurate--or particularly useful--records. The Madoff case is illustrative of this. Madoff and his firm produced massive quantities of impressively detailed and internally consistent--but entirely fabricated--records over a period of many years. An audit of those records without reference to any external sources would apparently not have revealed any inconsistency because the numbers added up. Yet, other records existed that would have provided a different story. Simple graphing of his claimed results revealed an impossibly consistent track record. And, according to the Chicago Tribune, publicly available market information, if looked at in conjunction with Madoff's records, would have revealed he could not possibly have been making the kind of trades he claimed in the volumes he claimed. (See www.swamppolitics.com/news/ politics/blog/2009/02/madoff_case_whistleblower_on_c. html.) There were other clues as well, but authorities never compared the information side-by-side, so the necessary connections were never made. In one form or another, the AIG and mortgage derivative cases share characteristics that result in similar outcomes: Notwithstanding a great many records in many places, the result was not the clarity and certainty those records were supposed to ensure, but opacity, confusion, and staggeringly large financial losses. Given that, at this point, investors and other innocent parties have suffered many billions of dollars in losses, and several trillions of dollars in public money in the United States alone have either been spent or pledged to repair the damage from this situation, it's now self-evident something must change. For many reasons, the situation that has arisen must not happen again. The New Mantra: Transparency and Accountability Public comments by government officials capture both the essence of the problem and the outlines of the coming solutions. On numerous occasions, President Obama has stressed the need for transparency and accountability in the financial system. Likewise, Federal Reserve Chairman Ben Bernanke and Treasury Secretary Timothy Geithner have repeatedly stressed transparency and accountability as part of the solution. This desired state of transparency and accountability will necessarily require new outcomes and new standards for the performance of recordkeeping systems. One example of this is the Obama administration's stated desire to have an uber-regulator charged with monitoring and regulating risk throughout the financial system. This will not only require the systematic collection of many--including some new--kinds of data, it will also require a new level of aggregation and analysis. Instead of the current, independent silos of unlinked financial information, this scheme will require inputs from many parties and unified aggregation and analysis of these inputs that permit global risk analysis and mitigation. [ILLUSTRATION OMITTED] The test of such a system's effectiveness is whether it is capable of achieving transparency and accountability. Obviously, if the system is in place and fails during a crisis, it will have failed this test. Given the stakes, there will be pressure to judge and test it prior to the crisis. This is also true of the many systems of financial records that will feed information into it. In all cases, the desired transparency and accountability must be there to avoid another catastrophe. If, however, systems of recordkeeping are to be judged, there must be standards against which to judge them. New regulations will require objective standards to determine whether the systemic requirements of transparency and accountability are met. It's in this light that ARMA International's promulgation of the recent Generally Accepted Recordkeeping Principles[SM] (GARP) was begun. CARP in Practice The GARP principles do not demand some level of detail, capture of some specific set of data points, or other similar detail. Instead, they focus on the overall structure and performance of the program. Viewed in the context of the Obama administration's stated goal of total systemic regulation of the financial service industry, they can also be viewed as total system objectives--not only must any organization's records meet these criteria, but the system as a whole must also meet them. While the principles do not yet have the force of law, nor have they, as yet, been adopted by regulators as legally enforceable standards, they are clearly relevant to doing business. There is no doubt government agencies and courts will find themselves judging actions and decisions in accordance with GARP or something very much like them. Consider, for example, AIG and the matter of credit default swaps. The lack of transparency in those records created two critical issues that, for both political and practical reasons, must be addressed: * The records as kept did not reveal the true level of risk in the transaction set. * The records are so tangled and byzantine certain culpable employees must be retained because no one else understands what they did. Regardless of what sort of regulatory scheme they adopt, regulators cannot permit a situation such as this to occur again. In the future, records of these transactions must clearly reveal the true level of risk and permit outsiders both to understand and to deconstruct and unwind the transactions. Thus, in some form or another, the principles of integrity, compliance, and transparency will be written into any future regulations and will form a part of any audit or investigative process. To do otherwise would be both to risk another situation of catastrophic excess risk and the already boiling over public wrath about another regulatory failure. The other examples cited, and many others, yield a similar analysis: There must be transparency, compliance, retention, and availability. If there is not, there will surely be accountability. Courts will also find themselves applying GARP or something like them, probably even before regulators are forced to do so. Credit default swaps, mortgage derivatives, and other financial instruments and transactions are already the subject of massive litigation and numerous government investigations, both civil and criminal. More are likely as bankruptcy judges attempt to unwind mortgage derivative transactions in bankruptcy proceedings. These legal actions will all be records-intensive, and the volume of records involved will be enormous. It appears certain that de-constructing many of these transactions will be difficult or, in many cases, impossible to do, due to the complexity of the transactions and the distributed and byzantine nature of the records themselves. When this happens, plaintiffs will inevitably seek sanctions. Again, explicitly, or otherwise, they will be invoking GARP, or something like them, and urging sanctions for failure to meet the principles. The Future Beyond putting out the immediate brushfires, the Obama administration and foreign leaders have acknowledged the need not only to totally overhaul the regulation of the financial system, but to do so internationally. Once again, GARP or something much like them will be a part of the solution, involving not only the concepts of accountability, integrity, compliance, and transparency, but also of privacy, involving nations with very strong privacy laws. In each of these cases, it will be necessary for courts, regulators, and lawmakers to clothe the structure of GARP in details tailored for particular industries and circumstances. In some cases, this will occur in the form of detailed regulations, in others, the judgments of courts. But, it will happen. And, in form, if not in substance, it will mirror the requirements of GARP because it must. While this article focuses on the financial industry, GARP's application will be much broader than to a few large banks and insurance companies. The Obama administration has already made it clear that many currently unregulated or lightly regulated parties will be included in any new regulatory scheme, including hedge funds mortgage brokers and others. Beyond that, other factors strongly indicate that a very wide net will ultimately be spread: In the first quarter of 2009, 21 U.S. banks failed and were taken over by the government. And, as mentioned above, the U.S. government is contemplating a regulatory scheme that analyzes and manages risk for the entire financial system. These developments necessarily place the boundaries of any such scheme very wide indeed, to include a great many other organizations both large and small. They also mean that many more parties will find their records systems judged in the context of transparency and accountability, not only on their own, but as part of a larger system of data and analysis. Thus, GARP will reach them as well. None of these developments should be viewed as necessarily bad, however. Sound recordkeeping's first beneficiary is not the government, nor is it a plaintiff or court. It's the organization itself. First and foremost, good recordkeeping and everything it entails benefit the organization by facilitating its knowledge of its own operations and risk, potentially helping it avoid the kinds of disasters that have become so commonplace. Beyond that, it offers the opportunity to avoid the sanctions and other legal problems that will inevitably arise in its absence. In this light, GARP should be seen as an opportunity, not an obstacle. A MELTDOWN OF THE FINANCIAL INDUSTRY The financial fiasco of 2008 demonstrated a number of flaws in the financial industries regulation scheme. A few examples: Bernie Madoff. Madoff Investment Securities LLC kept a great quantity of detailed records documenting the transactions the firm undertook on behalf of clients. The records were even audited by an outside auditor and were the subject of an investigation by the Securities and Exchange Commission. Yet, although the records were entirely false, and had been for many years, they withstood scrutiny in both cases. See "The SEC Fiddled While Rome Burned." The Post Partisan, Feb. 22, 2009. Available at http://postpartisannews.com/?p= 1523&cpage=1. AIG and Credit Default Swaps. As in the Madoff case, voluminous records of these transactions were kept. One of the goals of keeping any set of records is to ensure that persons beyond those involved in the transactions being recorded can understand and reconstruct the transactions. Yet, after nearly $3 trillion in credit default swaps turned sour and forced a massive government bailout, AIG was forced to pay enormous retention bonuses to the very personnel who created the mess in the first place. Why? The transactions proved so complex that only the persons who entered into them could understand and unwind them. The masses of records created to document them are inadequate. See "Ailing AIG Stands By Need for Bonuses." Los Angeles Times, March 15, 2009. Available at www.latimes.com/news/ nationworld/nation/la-fi-aig152009mar15,0,3320566.story. Mortgage Derivatives. This is another example of transactions documented throughout their cycle--from initial mortgage application through bundling and so on into the derivatives market--that are documented by exhaustive and voluminous records. Further, there is a complex and detailed set of treaties, statutes, and regulations intended to quantify and mitigate risk at every point along the way and recordkeeping requirements intended to capture the information necessary to do so. Yet, when the mortgage market soured in late 2008, it turned out that, not only was the entire risk-calculation mechanism fatally flawed, the transaction sets themselves are so complex and convoluted, unraveling them is difficult at best, and maybe impossible. See, "Paulson Prescribes Medicine for Wall Street: Wants Overhaul of Mortgage Derivatives Market, Criticizing its Complexity," MarketWatch, March 13, 2008. Available at www.marketwatch.com/news/story/paulson-prescribestough-medicine-wall/ story.aspx?guid={23E22299-1C33-40F1-A253-272029A8710B}. GENERALLY ACCEPTED RECORDKEEPING PRINCIPLES[SM] These eight principles, which are high-level guidelines and represent a sound records program, embraces: Principle of Accountability An organization shall assign a senior executive who will oversee a recordkeeping program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure program auditability. Principle of Integrity A recordkeeping program shall be constructed so the records and information generated or managed by or for the organization have a reasonable and suitable guarantee of authenticity and reliability. Principle of Protection A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity. Principle of Compliance The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organization's policies. Principle of Availability An organization shall maintain records in a manner that ensures timely, efficient, and accurate retrieval of needed information. Principle of Retention An organization shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements. Principle of Disposition An organization shall provide secure and appropriate disposition for records that are no longer required to be maintained by applicable laws and the organization's policies. Principle of Transparency The processes and activities of an organization's recordkeeping program shall be documented in an understandable manner and be available to all personnel and appropriate interested parties. John C. Montana, J.D. John Montana may be contacted at jcmontana@pelligroup. John Montana, J.D., is a principal of the PelliGroup Inc., a records and information management consulting firm based in West Point, Va. He provides analysis and advice on records and information management issues, including records retention scheduling; the legality of various information storage media; regulatory compliance; litigation and discovery; and records and information management practices, policies, and procedures. He holds a juris doctor from the University of Denver. He may be contacted at jcmontana@pelligroup. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion