Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Please let me just download the necessary file
Typology: Summaries
1 / 43
This page cannot be seen from the preview
Don't miss anything!
Appendix-1: RECORD MAINTENANCE POLICY OF THE BANK
st
Sl No Particulars Page No
used as genuine or where any forgery of a valuable security or a document has taken place facilitating the transactions; (E) All suspicious transactions whether or not made in cash and by way of-
(i) deposits and credits, withdrawals into or from any accounts in whatsoever name they are referred to in any currency maintained by way of: (a) cheques including third party cheques, pay orders, demand drafts, cashiers cheques or any other instrument of payment of money including electronic receipts or credits and electronic payments or debits, or (b) travellers cheques, or
(c) transfer from one account within the same banking company, financial institution and intermediary, as the case may be, including from or to Nostro and Vostro accounts, or any other mode in whatsoever name it is referred to;
(ii) credits or debits into or from any non-monetary accounts such as d-mat account, security account in any currency maintained by the banking company, financial institution and intermediary, as the case may be; (iii) money transfer or remittances in favour of own clients or non-clients from India or abroad and to third party beneficiaries in India or abroad including transactions on its own account in any currency by any of the following:-
(a) payment orders, or (b) cashiers cheques, or (c) demand drafts, or (d) telegraphic or wire transfers or electronic remittances or transfers, or (e) internet transfers, or (f) Automated Clearing House remittances, or (g) lock box driven transfers or remittances, or (h) remittances for credit or loading to electronic cards, or (i) any other mode of money transfer by whatsoever name it is called;
(iv) loans and advances including credit or loan substitutes, investments and contingent liability by way of: (a) subscription to debt instruments such as commercial paper, certificate of deposits, preferential shares, debentures, securitized participation, interbank participation or any other investments in securities or the like in whatever form and name it is referred to, or (b) purchase and negotiation of bills, cheques and other instruments, or (c) foreign exchange contracts, currency, interest rate and commodity and any other derivative instrument in whatsoever name it is called, or (d) letters of credit, standby letters of credit, guarantees, comfort letters, solvency certificates and any other instrument for settlement and/or credit support;
(v) Collection services in any currency by way of collection of bills, cheques, instruments or any other mode of collection in whatsoever name it is referred to. (F) All cross border wire transfers of the value of more than five lakh rupees or its equivalent in foreign currency where either the origin or destination of fund is in India; (G) All purchase and sale by any person of immovable property valued at fifty lakh rupees or more that is registered by the reporting entity, as the case may be.
Further in terms of Right to Information Act, 2005 stipulates that The Act does not require the public authorities to retain records for indefinite period. The records need be retained as per the record retention schedule applicable to the concerned public authority.
In view of the volume of record generated, the space constraints especially in metro and urban areas, most of the corporate have preferred outsourcing the record maintenance i.e. storage in physical & electronic form. This policy details identification of records, classifying record based on file-plan, storing, retrieval, responsibility at various levels, outsourcing, training, audit and checks.
Under the Income Tax Act, 1961 , assessment can be reopened within certain period, the maximum period being 10 years. Therefore, under the Income Tax Act, Books of accounts should be maintained for at least 10 years from the end of relevant assessment year.
Record is required to be maintained by the Bank at various levels (Branch Office/Regional Office/Zonal Office/Central Office) for various purposes including and not limited to future reference, giving information to customers, submission to Court/ALC/RLC/CVC or any other authority or Statute, audit and inspection.
During the course of normal functioning of the banks, a large volume of record is generated & requires to be preserved for many years. These records are vital for transactional and management information. The enactment of the Information Technology (IT) Act 2000 , RTI Act 2005, Rent Control Act and change in working of banks has made it imperative for the Bank to review the existing system and procedure on the subject and bring about the necessary improvements in storing/archiving and retrieving record. Technology has brought in vast changes in the method of storing/archiving and retrieving and needs to be adopted for creating and maintaining record to meet Bank‟s intrinsic and statutory requirements.
Information is a resource of equal importance to management as other standard resources like people, money and facilities. The information resources of our Bank must, therefore, be managed as a valuable asset. Appropriate record management is a vital aspect of maintaining and enhancing the value of this asset. The Bank considers its record to be a valuable asset to: a) Enable Bank to find the right information easily, comprehensively & completely; b) Enable Bank to perform its functions successfully and efficiently and in an accountable manner; c) Support the business, legal and accountability requirements of the Bank; d) Ensure the conduct of business in an orderly, efficient and accountable manner; e) Ensure adherence to Statutory/regulatory requirements; f) Ensure the consistent delivery of services; g) Support and document policy formation and administrative decision-making; h) Provide continuity in the event of a disaster; i) Protect the interests of the bank and the rights of employees, clients and present and future stakeholders; j) Support and document the Bank‟s activities, development and achievements.
information of the bank created and maintained in the course of business. Record can be in any media including paper, electronic storage device. Work-related record, including e-mail, that employee produces at home and on personal home computers/laptops is also the property of the bank, hence such official mails/ data created/ generated is required to be transferred on to the Bank’s system, which shall be treated under the definition of Record. Record is unique as it is evidence specific to a transaction, customer, correspondence, property, security, etc.
1.2 Record Management:
Record management encompasses the methods, processes, procedures & practices relating to and the associated reporting on the creation , cataloguing, sorting, storing, distributing, duplicating, converting, safekeeping, tracking, linking and destruction of record.
1.3 Information Creation:
Record is created through internal employees‟ activities and from external transactions and correspondence.
1.4 Distribution and Use:
Information is shared between employees and used for decision; evidence and other business purposes. Media vaulting is still used to protect electronic assets. The Bank may utilize Imaging to create retrieval record of enterprise documents, paper record kept under open shelf filing etc. Imaging, storing of data which is preserved in electronic form, files, vouchers, etc. can be preserved at locations of third parties to lower the operating costs with adequate security.
1.5 Storage and Maintenance:
Information that has lived through its immediate use continues to have high reference potential. The Bank may elect to use Offsite record Storage for such record in combination with a Scan on Demand or faxing Service to facilitate retrieval. The record may also be maintained Offsite using Open Shelf Filing.
1.6 Retention and Disposition:
Information and record need to be retained/preserved due to statutory requirements, for legal or audit protection or due to standard industry practice. Offsite Record Storage could be used to store old record at lower cost maintaining security and tracking system to facilitate retrieval. Tape, CD or DVD libraries may also be stored in Media Vaults. The information / record shall be destroyed as permitted in the policy.
1.7 Archival Preservation:
The preservation of some record/information requiring permanent retention can be on digital mode or scanning for long term preservation or maintenance of original paper record in an Environmentally Controlled Vault or Climate Controlled Record Center.
2.1 All record created and received by the Bank shall be managed in accordance with best practices of Corporate Governance. 2.2 The following broad principles shall apply to the record keeping and record management practices of the Bank:- The Bank shall follow sound procedures for the creation, maintenance, retention and disposal of all record, including electronic record; The record management procedures of the Bank shall comply with legal requirements, including those for the provision of evidence; The Bank shall follow sound procedures for the security, privacy, confidentiality & integrity of its record; Electronic record in the Bank shall be managed as enumerated by RBI & IBA; The Bank shall have performance measures for all record management functions and shall review compliance with these measures.
3. SCOPE
3.1 This Policy impacts upon Bank‟s work practices for all those who
Create record including electronic record; Have access to record; Have any other responsibility(s) as regards storage and maintenance; Have management responsibility(s) for the staff engaged in any of these activities; or manage, or have design input into information technology infrastructure; Are rendering services outsourced by the Bank.
3.2 The Policy, therefore applies to all staff members of our Bank and covers all record regardless of format, medium or age.
This policy document deals with record maintenance in four sections as under: a) Record keeping – Type of record b) Record Retention – Period/Duration c) Record Media – Physical / scanned & securely coded d) Record Retrieval – Physical / scanned / procedure
Requirements set out in this Policy or other instructions which may be issued from time to time in relation to record maintenance shall be in addition to and not in derogation of such requirements which are required to be compiled with by banks as per law in force. The Branch/Regional/Zonal/Central Office management shall be responsible to ensure compliance of all statutory provisions as stipulated in various Acts and Rules.
Apart from the legal requirements to be met under various statutes, The Bank while storing electronic data shall take into account the policy guidelines issued by the Reserve Bank of India, to the extent relevant, on (i) guidelines on risk and control in computer and telecommunication system; (ii) guidelines on Internet banking; (iii) guidelines on
6.1 File plan drawn so that there is systematic storage & retrieval of data. The file plan shall be used for the classification of paper based and electronic (including e-mail) record. 6.2 Specific procedures for the allocation of file subjects and reference numbers to electronic record and procedures manual shall be designed and published on the Intranet for immediate reference of all concerned. Likewise, specific guidance regarding the classification of e-mail shall be contained in the E-mail Management Policy. 6.3 Each staff member shall allocate file reference numbers to the record according to the approved subjects of the file plan. However, in respect of the record for which no subject exists in the file plan, the record manager shall be contacted for additions to the file plan. Under no circumstances new subjects shall be added to this file plan without the approval of the record manager. 6.4 Paper-based correspondence files shall be kept in the custody of Daftary. 6.5 All offices shall have Record Room/fire proof store-well for safe keeping record. 6.6 All paper-based correspondence and record that are not HR related shall be housed in the record room. 6.7 All the record shall be under the management of the record manager with the mandate to ensure proper maintenance. 6.8 The Record Room is a secured storage area and only Record Room staff shall be permitted in the record storage area. 6.9 Staff members who need access to files in the Record Room shall place a request for the files. 6.10 The Record Room shall be locked when not in operation.
6.11 Paper based The Bank shall have record room for paper-based record, at each office, under the control of the record manager with mandate to ensure proper maintenance. The record relating to the correspondence shall be in the custody of the officials that use them on daily basis. For all-important record viz. ownership of properties, share certificates, record of similar nature, etc. which is required to be kept perpetually, shall be kept at Central Office Record Room at Central Office level. Where storage places are not available or are not economically viable, the record keeping may be outsourced as per the designated Central Office outsourced vendor For Fire Safety, all Record Rooms shall be provided with fire-fighting equipment. All large godowns / warehouses shall be provided with fire alarm system with auto-dialer. If Record Rooms are not manned 24X7, provision of Automatic modular extinguishers shall be considered. All precautions should be taken to preserve the records, invariably implying that necessary infrastructure also need to be preserved. For safety of record there shall be proper access control. Grill gate, grills on windows, shutter at the main entrance, exhausts and ventilators shall be installed.
Regular pest/rodent control shall be provided. Proper insurance shall be taken of the infrastructure. Cleanliness , including dusting of boxes etc. on day to day basis may be done in the Record Room godown. There should be proper disposal of waste papers. As provided in law, „No smoking‟ boards may be displayed and smoking shall be strictly prohibited. For large godowns, there shall be a night watchman/security guard.
6.12 Micrographic/scanning of record:
Record may be micro-filmed, based upon the requirements, and shall be under the control of the Record Manager with mandate to ensure proper maintenance.
6.13 Most of the record is to be held either in paper form or as electronic data. The record beyond the period of preservation period detailed in Bankers Book of Evidence Act, may be held in digital form or by way of document scanning/micro filming with specific permission of respective Departmental Head, Zonal/Regional Manager (as per authority delegated specifically).
6.14 Where the underlying paper documents are subsequently destroyed and the converted format becomes the prime record, a certificate of authenticity shall be produced at the time of conversion and shall be signed by the official responsible for overseeing the conversion process.
6.15 Audio-Visual (AV) record : based on the requirements, AV record shall be stored and shall be under the control of the record manager who is mandated to ensure proper maintenance.
6.16 Electronic System other than the correspondence.
6.16.1 Our Bank has a number of electronic record in operation which is not part of the correspondence.
6.16.2 The IT manager shall be responsible for the day-to-day maintenance of electronic record.
6.16.3 The record maintained in the electronic form shall be under the control of the record manager of the IT Department who is mandated to ensure proper maintenance.
6.16.4 Detailed guidance regarding the management of electronic record shall be incorporated in the Electronic Record Maintenance Policy.
6.17 Legal admissibility and evidential weight: The record of the Bank shall at all times contain reliable evidence of business operations. The following shall apply:
7.1 All Human Resources related record shall be housed separately.
7.2 The general HR subject files as well as HR case files shall be under the management of the record manager with mandate to ensure proper maintenance.
7.3 Bank shall maintain a set of paper-based files for each employee. These files shall be confidential in nature and shall be housed in a secure storage area in the HR Record Room.
7.4 The office files shall be managed as part of the List of Series of Separate Case Files that shall be maintained and managed by the record manager.
7.5 The files exist only in paper based format and the physical tracking of the case files shall be managed with the file tracking system in the Integrated Document and Record Management System.
8.0 Maintenance of Electronic Documents/ Correspondence Records :
Maintenance of Electronic Documents/ Correspondence Records shall be stored in an electronic repository maintained by the IT Section.
8.1 Access to storage areas where electronic record is stored shall be limited to the Information Technology staff having specific duties regarding the maintenance of the hardware, software and media.
8.2 The record manager shall maintain a schedule of all record other than the correspondence system. The schedule shall contain a description of each set of record other than the correspondence system and indicate the storage location and retention period of the record regardless of format. The schedule shall be made available on the Intranet.
8.3 Should record be created / received that is not listed in the schedule, the record manager shall be contacted to add the record to the schedule.
8.4 i. KYC documents used for account opening: PAN &OVD documents like Aadhaar, Driving License , Voter ID, Passport, Job card issued by NAREGA & NPR scanned & uploaded at branch level should be maintained electronically.
ii. OMs, other documents of all the departments on-boarded to DMS platforms to be maintained electronically.
iii. Documents of all departments processed under Archival Solution module of DMS should be maintained electronically.
9.1 In case banks record is warehoused in a facility managed by an outsourced agency, the bank has to ensure that all requirements as regards safety, security and availability are met fully. Facility should be subject to security under IS Audit and also should be available for RBI inspection.
9.2 Evaluating the capability of the Service Provider.
9.2.1 In considering or renewing an outsourcing arrangement, appropriate due diligence should be performed to assess the capability of the service provider to comply with obligations in the outsourcing agreement. Due diligence should take into consideration qualitative and quantitative, financial, operational and reputation factors. Banks should consider whether the service providers‟ system is compatible with their own and also whether their standards of performance including in the area of customer service are acceptable to it. Where possible, the bank should obtain independent reviews and market feedback on the service provider to supplement its own findings.
9.2.2 Due diligence should involve an evaluation of all available information about the service provider, including but not limited to:-
Past experience and competence to implement and support the proposed activity over the contracted period;
Financial soundness and ability to service commitments even under adverse conditions;
Business reputation and culture, compliance, complaints and outstanding or potential litigation;
Security and Internal control, audit coverage, reporting and monitoring environment, Business continuity management.
External factors like political, economic, social and legal environment of the jurisdiction in which the service provider operates and other events that may impact service performance.
Ensuring due diligence by service provider of its employees.
9.3 Roles and Responsibilities - Service Provider
9.3.1 Collection The Service Provider will visit different branches/offices of the bank for collection of non-current record/documents in physical form i.e. files, bound vouchers bundles, registers, ledgers etc. for storage at Record Storage Centre (RSC) in a time bound programme which will be decided mutually. The requirement includes the packing of boxes and indexing of contents and all other works or process necessary in this
The storage cartons must be dust resistant with flaps or a lid forming a seal against airborne particles as per following specifications. Carton design: 5 ply die-cut bottom minimum Size: 42 cms x 32.5 cms x 26 cms with corresponding 3 ply die-cut top lid with tuck-in on the top on the width sides. The bar coding, indexing, packing etc of the records should be done in Bank‟s location under supervision of a Bank staff. All cartons should be filled to the top level. The annual check of the documents in custody of the Service Provider will also be ensured to ensure correct quality and quantity of documents. Audits through the ZAO, CA and Third party (when desired) will also help in ascertaining the adequacy of storage. The record of documents help with the Service Provider will be maintained in hard and soft form and a copy of each will also be provided to the Branch/Dept concerned. Storage area should be insured against fire, flood, cyclone and other natural calamity besides theft, burglary etc. and the Service Provider will bear the cost of such insurance. Photocopies of valid insurance policy should be furnished at the time of checking as per policy. The aspects of safety of records through rugged and appropriate construction and the functional responsibilities have been covered at the paragraph on “Storage” above. Board properties: Top minimum 180 GSM 24 BF paper and rest 140 GSM 20 BF. The Service Provider is required to operate the facility of storage of non-current records of banks in accordance with local legislative requirement in respect of health and safety legislation, employment law, fire safety law, relevant building codes. The bank‟s representative / security official/RBI representative reserves the right to inspect the RSC to confirm compliance at any time.
9.3.5 Retrieval of Records The Service Provider undertakes to retrieve and deliver the requested cartons, files, vouchers, ledgers, registers and any other documents within below specified TAT upon receipt of a written request in the form of faxes, e-mails or letters from the authorized officials of the bank. Retrieval shall mean delivery to the bank‟s premises at different locations.
Client Sends Written Pickup Request In Mail Format To Records Management Company (RMC)
RMC Schedules The Pickup Date And Sends Mail Confirmation To Client
RMC Deputes Pickup Team For Barcoding, Listing & Packing Of Records At Client’s Place
RMC Pickup And Safely Transport The Barcoded Records From Client’s Place To RSC After Giving Written Acknowledgment For The Quantity Files Lifted
RMC Registers All Boxes & Files At RSC With Barcoding Technology In Records Management Software
RMC Sends The Soft Data To Respective Client And Store The Records On Racking System In Safe Storage Area Of RSC
9.3.6 The Service Provider should have implemented a Comprehensive Records Management Software. The Service Provider should have the ability to provide the reports as mentioned at para above. The Service provider will provide Annual Reports to the Branch/Dept in addition to impromptu reports made available during checks by Audit Team or the team from Branches and depts.
9.3.7 Turn-Around-Time (TAT)
Nature of Retrievals Turn-Around-Time (TAT) Ordinary Retrievals
All requests by fax/ e-mail received by 5 P.M. will be delivered by the next working day to local branches/courier. ( 24 working hrs TAT) Urgent Retrievals All requests by fax/ e-mail received by 12.00 noon will be delivered on the same day to local branches/courier. (A maximum request of 25 files will be entertained at one time. For request over & above this, the delivery will be on best effort basis) Bulk / Project Retrievals
As communicated by the bank at the time of assigning the task (with mutual consent)
9.3.8 Retention of Records The Service Provider will retain and maintain the records as per Record Maintenance Policy of the bank which shall be provided by the bank.
9.3.9 Destruction/Permanent Retrieval of Non-Current Records The Service Provider through the Record Management Software will be able to generate a list of documents that are due for destruction based upon the Retention Policy. Thereafter the following procedure will be followed:- In the beginning of each quarter (January, April, July, October), the Service Provider will prepare the List of records, which have outlived their retention period in terms of
Client Sends Written Retrieval Request In Mail Format To RMC With Barcode Reference
RMC Uploads The Retrieval Request Details In Records Management Software And Send Mail Confirmation To Client
RSC Official Retrieves File / Box From Respective Location And Hand It Over To Logistics Department
Logistics Department Arranges To Deliver / Courier File / Box To Client Through Records Management Software For Further Tracking With Barcoding Technology
Client Sends Written Request In Mail Format To RMC To Return The Retrieved Box / File
RMC Arranges To Pickup The Retrieved Box / File By Their Pickup Team / Courier And Returns It To Respective Location In RSC
also bring out the nature of legal relationship between the parties i.e. whether agent principal or otherwise. Some of the key provisions of the contract would be:-
The contract should clearly define what activities are going to be outsourced including appropriate service and performance standards.
It must ensure that the Bank has the accessibility to all books, record and information relevant to the outsourced activity to the service provider.
The contract should provide for continuous monitoring and assessment of the service provider by the Bank so that any necessary corrective measure can be taken immediately.
A termination clause and minimum periods to execute a termination provision, if deemed necessary, should be included.
Controls to ensure customer data confidentiality and service providers‟ liability in case of breach of security and leakage of confidential customer related information.
Contingency plans to ensure business continuity.
The contract should provide for the approval by the Bank of the use of subcontractors by the service provider for all or part of an outsourced activity.
It should provide the Bank with the right to conduct audits, on the service provider whether by its internal or external auditors, or by agents appointed to act on its behalf and to obtain copies of any audit or review reports and findings made on the service provider in conjunction with the services performed for the Bank.
9.5. Confidentiality and Security
9.5.1 Public confidence and customer trust in the bank is prerequisite for the stability and reputation of the Bank. Hence the outsourcing authority of the Bank should ensure the preservation and protection of the security and confidentiality of customer information in the custody or possession of the service provider.
9.5.2 Access to customer information by staff of the service provider should be limited to those areas where the information is required in order to perform the outsourced function.
9.5.3 It should be ensured that the service provider is able to isolate and clearly identify the Bank‟s customer information, documents, record and assets to protect the confidentiality of the information.
9.5.4 Review and monitor the security practices and control processes of the service provider on a regular basis and require the service provider to disclose to the branches.
9. 6 Monitoring and Control of Outsourced Activities.
9.6. 5 The Service Providers facilities will be visited by a team of officers from the ZO/RO prior to utilizing their services to ascertain suitability for storage. The Audit Team will carry out the audit of the Service Provider once in a year and the CA representative once in 6 months. Apart from the above, the Branch/Department of RO/ZO/CO utilizing the services of the Service Provider will also detail a representative to verify and tally the quality and quantity of records held with the Service Provider at least once a year. A record of the same will be maintained and will be checked during the audit of the Branch/Department.
9.6. 6 The vendor certifies compliance to the terms of the RFP and also enters into an agreement with our Bank as a token of acceptance of the terms mentioned therein. The fitness of quality and quantity of records is ascertained through the audit checks and the checks by the Branch/Dept. The records to this effect are preserved and maintained for production when desired by the checking authority. The reports provided by the vendor are as under:-
