Records and information are at the core of every transaction undertaken by any organization. Any inadequacy in this area - including noncompliance with regulations such as the Sarbanes-Oxley Act - can threaten an organization's ability to conduct business.Still, many organizations lack effective policies and procedures for systematic control of recorded information and, as a result, risk legal liability and extensive penalties for non-compliance with record-keeping regulations.
While all records are created for a reason, they are not all created equal. Add to that a complex regulatory environment, and it can be hard to figure out what to keep and for how long. But a basic understanding of what an efficient records management program consists of-and the consequences of a poor process-can help an organization sort through the confusion.
THE IMPLICATIONS
In a nationwide sampling of state market conduct enforcement information, criticism fell into seven categories: general records, claims, complaints, financials, advertising, policy files and producer appointment/licensing. With fines ranging from a couple hundred dollars to the million-dollar neighborhood, an understanding of the regulatory environment can prove critical. Because litigation is common, knowledge of statutory, regulatory or common law changes is essential to insurance company operations.
For example, a recent change that should be on all insurers' radars involves the Federal Rules of Civil Procedure (FRCP), which govern civil actions brought in federal district courts. In December 2006, the FRCP were amended to address discovery and production of information in digital form-referred to as "electronically stored information" or "ESI." E-mail, instant messaging, flash drives and voicemail are just some examples of electronic records.
One of the amendments provides that, except in extraordinary circumstances, sanctions cannot be imposed for the loss of information "as a result of the routine, good-faith operation of an electronic information system." This safe harbor provision is aimed at protecting companies by preventing federal courts from imposing discovery sanctions against a party for failing to produce ESI that was lost as a result of ordinary business activities.
In Lewy vs. Remington Arms Co., the Eighth Circuit Court of Appeals created a test for the reasonableness of a records retention policy. The test tries to determine if the record retention policy was reasonable considering the circumstances surrounding the documents; whether lawsuits concerning the complaint or related complaints were filed, how many were filed, the magnitude of each complaint; and whether the retention policy began in good faith.
RETENTION POLICY
So what's the key to a good records retention policy? Celebrated physician Sir William Osler said "the best preparation for tomorrow is to do today's work superbly well." Efficient records management should:
1. Systematically determine the appropriate time periods for retaining records. As a general rule, all working papers should be retained for six years and then destroyed. That period is predicated upon legal statutes of limitation in the United States. The average length of time for an insurance-related record retention requirement in the majority of the states is five years. Thirty-three states use that time period for all or most of their record retention requirements.
2. Manage the destruction of records at the legally appropriate time. It is best to destroy records once the retention period ends, except those records with permanent value. Retaining records beyond statutory or regulatory requirements simply invites fishing expeditions from discovery counsel. Of course, if litigation is pending or an audit occurs, all destruction immediately ceases and a litigation hold is placed.
3. Include record retention schedules that cover all records, including reproductions. Record retention programs must include provisions for "information copies" or "personal copies" of records, which may be maintained by one or many individuals. During litigation or government investigation, those copies may be subpoenaed and used against the organization, even though the original records were properly destroyed under the records retention schedule, according to the Information Requirements Clearing-house, which specializes in records retention and legal requirements for records and information management.
Insurers face a considerable challenge with regard to record retention. The best retention policies are periodically reviewed and accessible to employees.
Gina Stephan is a senior writer/analyst in the Waltham, Mass., office of Minneapolis-based Wolters Kluwer Financial Services.
