The costs in the event of regulatory action or litigation can be prohibitive when it comes to amassing digital information for discovery and compliance purposes. In one case UBS Warburg was responsible for paying $300,000 to restore e-mails in a discrimination lawsuit it faced. Nearly 75 percent of communications sought in a lawsuit involves e-mails and a 2003 study of 1,100 companies found that 14 percent of them have been ordered by a court or regulatory body to produce employee e-mail. "It's not just a matter of putting content away and hoping you don't have to retrieve it," says King.
And it's only getting worse. The number of e-mails sent every year is increasing at the rate of 40 percent annually and the average size of a typical e-mail with attachments is 15 kilobytes and much of it will have to be stored for three years or longer.
So when it comes to communications systems, for e-mail and instant messaging, firms need to seriously consider filter tools to eliminate spam and keep out unwanted junk. As well, they must review their storage and retrieval systems to ensure that they can gather information in a timely manner. They must also be able to prove to regualtors that information is reliable and authentic and hasn't been tampered with, Sanford says.
INDUSTRY BEMOANS LACK OF CLARITY
The major downside of the proliferation in regulations facing the industry is the lack of clarity many see in the various new rules. Henry Carter, a lawyer who was formerly in charge of compliance at E*Trade Financial who now runs H.W. Carter Consulting in Palo Alto, Calif., says don't expect things to be cleared up anytime soon. And while many vendors claim that their solutions are AML-, SOX- or e-mail-, compliant, take them with a grain of salt. "The SEC is not going to go into the good vendor housekeeping seal of approval."
So when it comes to corporate governance and compliance, RBC's Chartier says firms have to understand, "There's no one-size-fits-all solution. Every company is different. It doesn't have to be cumbersome or bureaucratic process. It should be business driven with proper metrics around it."