IG POLICY TEMPLATES & RESOURCES
FOR FINANCIAL INSTITUTIONS

Minimize Risks, Manage Records, and Maximize Compliance

Because no two financial organizations are alike in terms of corporate culture and business practices, it is up to you to establish information classifications (confidential, sensitive), define terms (business record), research state laws and regulations, and create best practices-based policies to support compliance. To help jumpstart the process, we give you the NetGovern Policy Package.

Professionally written by the policy experts at the ePolicy Institute, this content is designed to help financial services firms and financial institutions in the United States minimize risks, manage records, and maximize compliance. Our sample policies incorporate key federal laws and regulations, while eliminating the gobbledygook that confuses employees and reduces compliance. Feel free to use this material as a foundation for your own policies.

template      retention template      guide      white paper

Bookmark

Confidential & Sensitive Information Policy Template

POLICY TEMPLATE PREVIEW - ORGANIZATION is committed to respecting and protecting the privacy of our business, employees, customers, consumers, suppliers, and other internal and external parties. To that end, ORGANIZATION has established mandatory rules and procedures for the acquisition, access, use, and disclosure of confidential and sensitive information.

Sensitive Information Policy Template

ORGANIZATION’s Confidential & Sensitive Information Policy is designed to help minimize legal and regulatory risks; manage business records; maintain information integrity; and maximize compliance.

This policy governs all confidential and sensitive information—electronic, hard copy, and spoken—related to ORGANIZATION’s business, employees, customers, consumers, suppliers, and third parties.

Compliance with ORGANIZATION’s Confidential & Sensitive Information Policy is mandatory. All parties working on behalf of or to benefit ORGANIZATION are required to know, understand, and adhere to this policy. Those parties are referred to as “employees” in this policy and include officers, directors, executives, full-time professionals, part-time staff, supervisors, managers, brokers, independent contractors, freelancers, interns, and service providers among others.

This Confidential & Sensitive Information Policy applies to hard copy documents, verbal conversations, and electronic communications conducted via ORGANIZATION-owned and personally owned computer resources, including but not limited to email, text messaging, instant messaging, video conferencing, social media, mobile devices, web, Intranet, smartphones, and landline phones.

 

WORD IconDownload the Complete Templateupward arrow

Bookmark

Records Retention Policy Template

POLICY TEMPLATE PREVIEW - ORGANIZATION is committed to preserving, protecting, and producing business records, including nonpublic personal information (NPI), personally identifiable information (PII), and other business-critical information in compliance with federal and state laws, government and industry regulations, eDiscovery guidelines, and this Record Retention Policy.

Records Retention Policy Template

For ORGANIZATION, mismanaged, misplaced, or missing business records are more than a nuisance. They are a liability. Failure to safeguard NPI, PII, and other business records could trigger lawsuits or regulatory investigations, resulting in financial, civil, and criminal penalties. To help manage records, minimize risks, and maximize compliance, ORGANIZATION has established this mandatory Record Retention Policy.

Compliance with ORGANIZATION’s Record Retention Policy and attached retention/deletion schedule is mandatory 24 hours a day, seven days a week, 365 days a year.

All parties working on behalf of or to benefit ORGANIZATION are required to know, understand, and adhere to this policy and its procedures. Those parties are referred to as “employees” in this policy and include officers, directors, executives, full-time professionals, part-time staff, supervisors, managers, brokers, independent contractors, freelancers, interns, and service providers among others.

This Record Retention Policy applies to hard-copy and electronic records created, transmitted, and stored on ORGANIZATION-owned and personally owned computer resources, including but not limited to email and attachments, text messaging, instant messaging, video conferencing, social media, web, Intranet, mobile devices, laptops, desktops, tablets, and smartphones.

 

Word IconDownload the Complete Templateupward arrow

Bookmark

Records Retention Guidelines

GUIDELINES PREVIEW - For financial services firms and financial institutions operating in the United States, mismanaged, misplaced, or missing business records are more than a nuisance. They are a liability. You are responsible for preserving, protecting, producing, and purging business records—electronic and paper— in accordance with federal and state laws and regulations, eDiscovery obligations, administrative and operational needs, statutes of limitations, and litigation holds.

Records Retention Policy Template

Failure to safeguard business records, including nonpublic personal information (NPI), personally identifiable information (PII), and other business-critical information could trigger lawsuits or regulatory investigations, resulting in financial, civil, and criminal penalties.

Best practices call for financial services firms and financial institutions to establish strategic record management programs. To that end, the policy and technology experts at the ePolicy Institute and NetGovern offer best practices-based guidelines to help you manage business records, minimize legal and regulatory risks, and maximize compliance.

Effective record management begins with policies & procedures. Financial professionals create, acquire, transmit, process, and otherwise use mountains of hard-copy and electronic business records. Get a grip on record management by establishing and enforcing current and comprehensive policies, legally defensible procedures, and strict schedules.

 

PDF IconDownload the Complete Guideupward arrow

Bookmark

Best Practices for the Effective and Compliant Preservation, Protection, & Production of Business Records

WHITE PAPER PREVIEW - For financial services firms and financial institutions in the United States, mismanaged, misplaced, or missing electronic business records are more than a nuisance. They are a liability. The financial industry is required to preserve, protect, and produce business records, nonpublic personal information (NPI), and personally identifiable information (PII) in compliance with the Gramm-Leach-Bliley Act (GLBA) and other federal privacy laws, state data breach notification legislation, and eDiscovery guidelines.

Records Retention Policy Template

Failure to safeguard business records could trigger costly and protracted lawsuits and regulatory investigations, resulting in diminished revenues and ruined reputations.

Best practices call for financial organizations to establish strategic record management programs, complete with comprehensive, current Record Retention Policy & Procedures. To that end, the policy and technology experts at the ePolicy Institute and NetGovern offer 13 rules to help you manage records, minimize risks, and maximize compliance.

Record Retention Rule 1: Adopt the 3Es of Record Management

Legal and regulatory compliance requires the financial industry to shield electronic business records from unauthorized exposure, alteration, or destruction. To help reduce risks and increase adherence to legal and regulatory guidelines, employers are advised to adopt the 3Es of electronic record management:

(1) Establish effective policies and procedures governing NPI, PII, and other business records.

(2) Educate employees about record risks, organizational rules, and individual responsibilities.

(3) Enforce policies through a combination of disciplinary action, training, and best-in-class technology solutions designed to manage content, use, and records.

 

PDF IconDownload the Complete White Paperupward arrow

Get Involved!

 

Let us, and your peers, know your thoughts about this material. Let’s help each other reach a higher Information Governance maturity level through collaboration and community (assess your level with the IG Maturity Index Report). We’ll carefully consider your feedback in the future versions of these resources.

Views reference