GREATER TEXAS FEDERAL CREDIT UNION RECORDS PRESERVATION PROGRAM

Transcription

1 Approved: September 17, 2002 Purpose of Program: GREATER TEXAS FEDERAL CREDIT UNION RECORDS PRESERVATION PROGRAM In accordance with the National Credit Union Administration ( NCUA ) Rules and Regulations Part 749, the Credit Union must be able to identify and store essential Credit Union records so that they can be readily retrieved for reference by Credit Union staff, government officials and the courts. The program must also provide for proper disposition of unneeded records and for reconstruction of vital records in the event that the Credit Union s records are destroyed. Responsibility: 1) President. The President/CEO of the Credit Union, subject to the general direction and control of the Board of Directors ( Board ), is responsible for developing, maintaining, and operating the records preservation program. 2) Records Preservation Officer. The President shall appoint a Records Preservation Officer, Senior Vice President/CFO, to manage all maintained records so that they are labeled, stored, shipped and destroyed according to an established schedule. The Records Preservation Officer must also ensure that all records necessary to resolve a pending claim or dispute are maintained until the matter is resolved. The Records Coordinator shall have access to, and be alert to, announcements from state and federal agencies that affect records preservation. The Records Preservation Officer shall: a) Identify Records. Identify all records subject to the policy and determine how long each department needs its records, since that period may be longer than the legal retention period. b) List Location(s). Make a list of the location or description of where each record is stored and any related information such as addresses, keys, locks, combinations, passwords, or account numbers needed to access the location. c) Receive Board Approved Schedule. Receive a schedule approved by the Board for the systematic retention and destruction of records. d) Create Instructions. Create specific instructions for inventorying, retaining, retrieving, and destroying records using a Records Disposition Log similar to the attached Sample A, for documenting storage and disposition activities. e) Training. Provide ongoing training for all staff whose activities involve contact with Credit Union records that have preservation requirements. f) Audit. Arrange for an audit of the record preservation program at least once a year. Records Maintenance Procedures: RECORDS PRESERVATION Page 1

2 1) Retention Schedule. The records retention schedule is the Credit Union's catalog of its records, maintained in accordance with a timetable for transfer of the records from primary office space or active databases to storage and finally to destruction. The schedule will be maintained on an automated on-line system using a basic database or spreadsheet format. It should include identifying information about each record and its retention period, with the reasons for the period and any pertinent maintenance requirements. If desired, a simplified retention schedule may be created from the comprehensive schedule for day-to-day operational use citing only the basic records normally used in the department and their retention period. 2) Vital Records Storage. For vital records that are not adequately maintained by an off-site data processor, the Credit Union shall establish an off-site Vital Records Center at a location far enough from the Credit Union s offices to avoid the simultaneous loss of both sets of records in the event of disaster. The Records Preservation Officer will maintain a Records Preservation Log containing the location of the Vital Records Center and a description of the duplicates sent to the center on a specific date. A form for this purpose is attached to this policy as Sample B. Duplicates of at least the following vital records must be stored at the Vital Records Center on a quarterly basis, not later than the 30th day of the following month: a) A list of share, deposit, and loan balances for each member s account which: i. Shows each balance individually identified by a name or number; ii. Lists multiple loans of one account separately; and Contains information sufficient to enable the Credit Union to locate each member, such as address and telephone number, unless the Board determines that the information is readily available from another source. b) A financial report, which lists all of the Credit Union s asset and liability accounts and bank reconcilements. c) A list of the Credit Union s financial institutions, insurance policies, and investments. This information may be marked permanent and stored separately, to be updated only when changes are made. 3) Format for Preserving Records. Preserved records may be in any format that can be used to reconstruct the Credit Union s records. Formats include paper originals, machine copies, micro-film or fiche, magnetic tape, or any electronic format that accurately reflects the information, remains accessible to all persons who are entitled to access by statute, regulation or rule of law, and is capable of being reproduced by transmission, printing or otherwise. The Credit Union shall maintain the necessary equipment or software to permit an examiner access to the records during the examination process. 4) Electronic Record Retention. Records retained through electronic means such as optical imaging are subject to the following security measures: RECORDS PRESERVATION Page 2

3 a) Access to imaged records will be limited to staff with a need to know the information. b) Records eligible for imaging will be handled in accordance with a strict chainof-custody procedure that details when the original was created, who handled it and when, and when and by whom it was imaged. c) The Credit Union will physically secure the imaging work area and prohibit introducing extraneous documents and materials into the area. d) Records will be imaged in accordance with a standard written procedure and time frame, preferably as near as possible to the time of creation. e) Records will be duplicated exactly, including any color, highlights, shading, and other peculiarities of the original such as frayed, torn edges, or discoloration of the record. Images of original records will be reviewed for accuracy. f) Records with peculiar or unusual aspects of the original that cannot be captured by the document-imaging process will be retained as originals in accordance with written procedure. g) Records will be created and stored in such a way that does not allow any physical alteration or morphing of the original imaged record. If possible, the imaging software program should recognize, track, and correct records that are altered by mechanical error or alterations caused by storage. h) Imaging software will track the stored records to indicate when an attempt to alter a record or other prohibited activity has occurred, from which workstation, and by whom. i) Imaging system login procedures will include the record s processing date, a timestamp for each time the record is viewed or accessed, from which workstation the record is displayed, and what is done to the record. The software should also log-out a user when leaving a workstation. Login controls will be configured so that they cannot be altered by an unauthorized person. Record activity will be tracked automatically so that at any time a report can be generated about the activity. 5) Permanent Records. Records which should be retained permanently include: a) Official Records. Records which are of an official nature significant to the continuing operations of the Credit Union, such as: i. Charter, bylaws, and amendments. ii. Certificates or licenses to operate under programs of various government agencies, such as a certificate to act as issuing agent for the sale of U. S. Savings Bonds. Current manuals, circular letters and other official instructions of a permanent character received from the National Credit Union Administration and other appropriate governmental agencies. RECORDS PRESERVATION Page 3

4 b) Operational Records. Key records which reflect the operation of the Credit Union, particularly records which reflect transactions with the members or former members, such as: i. Minutes of meetings of the membership, Board, Credit Committee and Supervisory Committee. ii. iv. One copy of each NCUA 5300 financial report or its equivalent. One copy of each Supervisory Committee Comprehensive Annual Audit Report and attachments. Supervisory Committee records of account verification. v. Applications for membership and joint share account agreements. vi. vii. v ix. Journal and Cash Record. General Ledger. Copies of the periodic statements of members, or the individual share and loan ledger, providing a complete record of each account. Bank reconcilements. x. Listing of records destroyed. 6) Maintenance by Data Processor. Records maintained by an off-site data processor in accordance with the approved retention schedule are considered to be in compliance for the storage of those records. 7) Destruction of Records. All original and electronically retained records not listed as "permanent" in the schedule shall be promptly destroyed at the expiration of the specified retention period, unless there is pending litigation, governmental investigation or other good reason to extend the retention period. When destroyed, all copies must be destroyed along with the originals, since a copy is often admissible in court if the original cannot be found. a) Before a record is destroyed, the Records Preservation Officer will notify Credit Union staff that the specified record will be destroyed within a certain number of days (e.g., 30) unless staff provides a valid reason to stop destruction. b) Destruction will be carried out by at least two authorized employees whose signatures, attesting to the fact that such records were actually destroyed, will be affixed to the Record Disposition Log. c) Records that may be periodically destroyed include, but are not limited to: i. Applications of paid off loans. RECORDS PRESERVATION Page 4

5 ii. iv. Paid notes. Various consumer disclosure forms. Cash Received Vouchers v. Journal Vouchers. vi. vii. v Canceled Checks. Bank Statements. Outdated manuals, canceled instructions, and nonpayment correspondence from the NCUA and other governmental agencies. d) The Credit Union will not destroy its records for any period of time until the Supervisory Committee has conducted a comprehensive audit of that period and the NCUA has conducted a supervisory examination for that period. 8) Litigation Considerations. The Credit Union will maintain all records that may support the Credit Union's position in actions before the courts, or other claims for the minimum period prescribed by the applicable state statute of limitations. a) The Credit Union will take into consideration that the discovery rule may also affect retention periods for records. It provides that in certain cases, a limitations period does not begin on the date of the transaction or incident, but rather on the date the person discovers that he or she has a cause of action or, through reasonable diligence, should have discovered the cause of action. Consequently, the Credit Union will exercise caution when deciding the period of retention to take into account a "reasonable" time in which to discover the cause of action. b) The Credit Union will retain all records necessary to accurately reconstruct the essential facts and steps of each of its transactions, regardless of whether or not the law requires that they be retained. Correspondence relating to each account or transaction should also be saved as well as pertinent memoranda, to demonstrate that the Credit Union carried out its duties properly. However, the Credit Union will avoid maintaining extraneous documentation in files not necessary to support the Credit Union s business purposes. The Credit Union's internal policies and procedures should be kept to show the Credit Union's commercial reasonableness in acting as it did. c) In order to counter any claims of bad faith destruction of documents, the Credit Union s electronic retention or imaging policy will provide a mechanism for the immediate preservation of original documents in the event the Credit Union becomes aware of any pending or anticipated litigation relating to the documents. d) In order to meet the legal requirements for its business records to be admitted in court to support the Credit Union s claims, care will be taken to see that 1) the date of a record is recorded at the time it is made; 2) the record is made as soon as possible after the event it records; 3) the record is made by a duly authorized Credit Union staff member; 4) the record is made as a part of the Credit Union's regular business activity; and 5) the record is made as a regular practice of the Credit Union. RECORDS PRESERVATION Page 5

6 Record Disposition Log (Sample A) Description of Document (Include Numbers if Applicable) Date From To Stored Date Stored Location Where Stored Method of Storage Stored by (Signature) Destroyed Date of Destruction Method of Destruction Destroyed by (Signature) RECORDS RETENTION Page 6

7 Records Preservation Log (Sample B) Records Preservation Officer: Vital Records Center Location: Name: Street: City: State: Zip Code: Description of Records Duplicated Date Sent Sent By