Tarnished reputations, in turn, affect consumer confidence and even market capitalization, according to Nir Kossovsky, the CEO of Steel City Re, a consulting firm that studies the risk associated with bad publicity as reported in the May 2010 issue of CFO. Reputational risk is not normally part of enterprise risk management assessments because it is hard to quantify
These requests (within the Financial Services industry) are likely to emanate from one of the following:- Financial Services Authority (FSA) in the UK Securities Exchange Authority (SEC) in the US Commodities Futures Trading Commission (CFTC) Financial Industry Regulatory Authority (FINRA) HM Revenue and Customs (HMRC) in the UK External Legal Counsel The result of failing to identify/provide the Records when required is likely to be:- reputational risk – the risk of damage to your organisation as a result of negative publicity a fine imprisonment a fine and imprisonment From the above, we can see it is essential to have a defined (and implemented) procedural framework for dealing with e-Discovery requests
It is common for Records to be retained on different media and in a number of locations such as:- • email • shared drives • systems databases • external vendor systems storage • microfilm • Microfiche • hard copy kept on the premises • hard copy stored with a professional vendor offsite The result of failing to identify/provide the Records when required is likely to be:- • reputational risk – the risk of damage to your organisation as a result of negative publicity • a fine • imprisonment • a fine and imprisonment From the above, we can see it is of paramount importance to have a defined (and implemented) Records Management Policy and framework