[Author’s note: This blogpost is about business, not politics.]

The Office of the Inspector General (OIG) made a big splash recently with its report evaluating email records management at the State Department. Financial companies would do well to study the OIG report, because it lays out a useful roadmap that identifies potholes and other hazards associated with the inability to retrieve and access electronic records not retained and archived in accordance with established records management practices.

The OIG’s recommendations are generally applicable to all sorts of organizations, not just government agencies. Securities firms, mortgage companies, banks, online lenders, real estate brokers, and many other financial enterprises should review and adopt these recommendations to avoid the risk of reputation-busting headlines.

Let’s start with a few of the OIG’s recommendations, noting organizations should:

1. Issue enhanced and frequent guidance on the permissible use of personal email accounts to conduct official business.
2. Amend their policies to include penalties for noncompliance with records preservation and cybersecurity requirements.
3. Adopt Quality and Assessment plans to address vulnerabilities in records management and preservation.

The laws governing records preservation at the State Department (and applicable to government in general) are different from those that apply to financial companies, but the key requirement for any records preservation program is compliance with applicable law.

Where mortgage companies are concerned, as I have stated in my previous blogposts and in Smarsh webinars, both federal and state laws identify what must be kept, and how long it must be kept. That’s the starting block.

One thing that the Federal Records Act and mortgage document retention laws have in common is that electronic messages (including social media messages) can fall within the definition of “records.” Another is that business records must be preserved, just like records of communications concerning the business of government. So far, so good.

Problems at the State Department, as identified by the OIG, mirror record keeping lapses in the commercial sector. For instance, employees are prone to:

• Choose not to use existing record retention systems
• Regard record-keeping as a burden
• Feel record-keeping is difficult to use and is inefficient
• Erroneously mix personal communications with official business communications, while hoping to keep one or the other type of messages private
• Disregard their employer’s records retention policies and protocols

Regardless of the reasons for noncompliance with record retention laws, management is usually responsible when things go wrong. Indeed, the OIG report states “management weaknesses contribute[d] to loss of email records,” and that the overwhelming proportion of federal agencies (80%) are at elevated risk for improper management of electronic records.

The OIG says that even where records preservation programs are in place, requirements often go unenforced,electronic communications and files are not inventoried or indexed, electronic files are inaccessible or unavailable (and available records are often incomplete, mislabeled or missing key files), email addresses for departing employees are not captured and retained, and procedures for preventing employees from removing records from agency custody are not observed.

In its report, the OIG questions whether the State Department had an obligation to search personal email accounts for federal records. This question is just as relevant in the financial services sector as in government. Forward thinking financial companies are monitoring the electronic communications of their employees to achieve regulatory and legal compliance, and keep their reputations intact.

Long considered a thankless, administrative, backroom function, record capture,   archiving, and analysis are complex and growing risk management issues that now require thoughtful strategies and C-suite involvement.

The consequences of ignoring record retention compliance laws and policies were brought into sharp focus by the Inspector General’s report. Read it, learn from it, consider its applicability to your organization, and most importantly, act on it if your records management ducks are not all in a row, because one sensational investigation tends to be followed by others.