Information governance & records management: keeping your corporate memory

This is one of 13 chapters from our eBook, 'Legal operations: how to do it and why it matters'. Download the full eBook or explore the other competencies below.

Foreword | Introduction | Financial management | Vendor management | Cross-functional alignment | Technology & process support | Service delivery & alternative support models | Organisational design, support & management | Communications | Data analytics | Litigation support | IP management | Knowledge management | Information governance & records management

Rohan Paramesh, VP Head of Legal at Habito, shares his insights on records management and information governance. The views in this article are the author's own, and do not represent the views of Juro nor those of CLOC.

There is no business on earth that hasn’t seen its information governance and records management challenge increase dramatically in recent years. The volume of data that companies collect and retain, and the way we manage it, is a critical issue for any business - particularly post-GDPR. For a high growth fintech like Habito, this competency is an intrinsic part of our strategic development - do it well and we have a strong platform for continued growth; but few things could derail us as fast as doing it badly.

The way we think about records splits broadly into two categories: records relating to our customers on the one hand; and everything else on the other. The first group is in some ways the simplest to think about, as our obligations are clearly defined by the regulator (the FCA in our case) as well as the clear and exceptionally high standards we set ourselves. This combination tells us what we need to do, how, where, what our disclosure requirements are, and so on. In the second group, however, we have more scope to mould and develop our approach - and, when done well, its impact on the business can be profound and long-lasting.

Corporate memory

There’s a lot of interesting variety within the ‘everything else’ bucket. From our investor and corporate-related records and everything to do with our funding rounds; to our internal management of commercial projects; to our suite of policies, procedures and guidelines. It’s important not to just view these as mere obligations - boring records that lawyers write and keep just because they have to. This information contains the corporate memory of the business; it helps you, your colleagues, your future colleagues (and your future investors) to understand who you are, what you did, why you did it, and how you thought about and approached it at the time. The management and version control of these records must be seamless if the legal function is to fully align with and add real value to the rest of the business; a frictionless process that retains value, records knowledge, and navigates the tension between relentless growth and first-class governance, not to mention keeping that corporate memory clear, precise and easy to recall at all times.

It’s important to define the stakeholders for each group, and make sure everyone is aligned for success. For the internal ‘everything else’ bucket, the usual podium of legal, risk and compliance are your starting point. Beyond these usual suspects, we find that it really helps to adopt a holistic approach - for example, before a policy goes live, we might invite marketing and communications to contribute so as to better engage with the reader and maintain our desired tone of voice to help the policy land better. Seeking the advice of different internal stakeholders helps us to be consistent, so that a particular policy and approach to it makes sense today, a year from now and beyond. The same is true externally; while external forces such as the FCA, or GDPR, or other ‘authorities’, direct and dictate the end at which we need to arrive, it’s our internal stakeholders that shape the means through which we get there.

The mindset matters

"Records management and version control must be seamless if legal is going to fully align with the rest of a high-growth start-up"

For us, carrying through the core mindset of how we interact with customers is a huge help when it comes to information governance and records management. As a technology-driven online mortgage broker offering customers a highly innovative, easy, fast and free digital experience, as well as tailored advice from our team of qualified mortgage experts, we’re challenging an area of an industry that has traditionally been painful for the customer; reinventing that process - using automation - around the customer is our big advantage. But with that innovation comes a whole new layer of complexity. Our customers’ willingness to use live chat to access products and services, not just in simple everyday life, but also for momentous occasions like applying for a mortgage and buying their dream home, is a development that would have seemed fanciful ten years ago. Its success creates a volume of records that we have to manage carefully and successfully - or see our competitive advantage eroded.

Our response must therefore be to start with the customer and work backwards from their needs. For the longest time, mortgages largely involved financial actors working through a complex process that squeezed the actual home-buyer down the pecking order. If our aim is to put the home-buyer first and make the customer central to the mortgage process, then that has to carry through to the way in which we handle their records and information. The regulators have requirements of us that are non-negotiable - but our fundamental commitment to always prioritise the customer isn’t up for negotiation either.

Luckily for us, Fintech isn’t a completely uncharted space. There are plenty of innovative companies - some of whom contributed to this eBook - that help to define best practice. We don’t necessarily aim to break new ground every time we establish a process, but by incrementally making sure our information governance remains best-in-class, then the task of responding both to regulatory changes and to customer needs is one of tweaking here and there, rather than trying to repeatedly reinvent the wheel.

Fear or positivity?

One approach for lawyers to ensure compliance is to draw on fear-based techniques. ‘Risk’, ‘breach’, ‘fine’, ‘sanction’, ‘liability’, ‘exposure’ - these are common motivators. Why? Well, firstly, they work. Secondly, they’re real: the doomsday scenario where the regulator knocks on your door and suspends activity is a possibility, however remote, for any business breaking ground with an innovative approach to a highly regulated market. It’s unlikely, but it’s crucial not to be complacent - for a fast-growing company, any of those scary terms can create reputational risk and undercut the good work of your marketing, comms, and other internal teams.

If people understand why good information governance is crucial to winning in the market, then you don’t need a ‘bad cop’

The risk is also commercial - legal’s information governance processes becoming a hurdle for the commercial team would be a disaster. And hugely important is the internal cultural risk: you want employees to be proud of where they work, and to perceive their colleagues as compliant, conscientious and always striving to behave in an ethically correct way. That fear of risk or failure is one way to drive compliance.

In companies like Habito, we can also choose positivity. The same principle that guides everything else we do can also guide our information governance and records management.

‘Will this help us grow, serve our customers and be successful?’ is a question to which you always need to be able to say ‘yes’. If people understand why good information governance is crucial to winning in the market, then you don’t need a ‘bad cop’; commercial upside will drive good behaviours and make people self-police and guide their own actions. For example, if we find ourselves running into a funding round, and all our records are immediately accessible, consistent, up-to-date and compliant with internal policy, then a pressing due diligence need can be met with agility and speed. If not, the risk for a startup is obvious - and a small and growing team can’t afford to divert crucial time and resource for a month to fix messy records. Get it right and you can close faster and contribute real value to the business’ growth. And as the company matures, the same principles apply to audit and other areas of governance.

Ultimately, while information governance and records management probably don’t seem like the sexiest functions within a company - whether that company is aiming for hypergrowth, or simply to return profit to shareholders - the impact they can have on the business can be dramatic and very real. Optimise legal operations in this way, and the business will always be thanking legal for helping it win.

Explore the other legal ops competencies covered in our eBook, Legal operations: how to do it and why it matters:

Foreword | Introduction | Financial management | Vendor management | Cross-functional alignment | Technology & process support | Service delivery & alternative support models | Organisational design, support & management | Communications | Data analytics | Litigation support | IP management | Knowledge management | Information governance & records management

Don’t forget to follow us for all the latest.