I got a call today from a great client of mine who asked about the things to think about when moving to electronic file storage.
Electronic file storage trips about four switches in my mind. I thought this was a really good question, so here is what I recommend.
- Be aware that anytime you convert to file storage that is “off site”, most state regulators require you to advise them in writing of where you are sending the files, and what security precautions you are taking to insure we don’t expose our clients to identity theft or other financial crimes. This means write your regulator BEFORE you move to the cloud. Give them the internet service provider you are using and what security practices the provider has in place, such as firewalls, secure transmission protocols; etc. Then if you are a client of ours, file that letter in Book One behind your records retention policy. Easy to find when the regulator comes knocking.
- Unless you own the cloud, have your cloud provider return an NDA and Confidentiality Agreement to your company per the guidelines of Gramm Leach Bliley. You can find a blank NDA in Book One. Keep it in your cloud provider records folder to show you took your records “safeguarding” seriously.
- If you use a service that offers to pick up your files, scan for you, and then shred, I have two thoughts. FIRST – Have the file split into two sections, Section A for internal processing notes and comments that might be irrelevant (or harmful) to an audit – and Section B for the actual loan documents stacked top down from closing all the way to inception. SECOND – Have the service provide you with a certificate of safe handling when you allow them to shred your files after they scan them.
Helpful? Give us a call about anything regulatory. We always have time for new clients. Tons of references. Hope to hear from you soon.
Nelson A. Locke, Esq.
Compliance Services USA