The Office of the Comptroller of the Currency has issued guidance for the banks it oversees regarding their obligations related to the maintenance of records, records retention, and examiner access to those documents in light of new communications technologies.
“The OCC has become aware of communications technology recently made available to banks that could prevent or impede OCC access to bank records through certain data deletion or encryption features,” he alert says. “Use of communications technology in this manner is inconsistent with the OCC’s expectations regarding data retention and availability.”
The OCC has authority to require prompt and complete access to all of a covered bank’s relevant books, records, or documents of any type. Also included within the scope of its authority is the ability of examiners to communicate freely with a bank’s employees, officers, or directors.
The bulletin stresses that the agency “supports responsible innovation in the banking industry,” but warns that certain communications technology contains data deletion and encryption features that can be used to prevent or impede its access to books and records. For example, some chat and messaging platforms have touted an ability to “guarantee” the deletion of transmitted messages. The permanent deletion of internal communications, especially if occurring within a relatively short time frame, “conflicts with OCC expectations of sound governance, compliance, and risk management practices as well as safety and soundness principles.”
The guidance warns that bank management must ensure that its adoption of any communications technology continues to allow for examiner access to appropriate records. “Record retention practices that are consistent with OCC expectations will enhance effective oversight by banks’ compliance and internal audit functions as well as comply with established governance, compliance, and risk management practices,” it says.