The social pressures are huge, and some of the good risk procedures are thrown by the wayside.

Richard Dunn, a former risk control chief at Merrill Lynch quoted in The Wall Street Journal on Jan. 25, 2008 about the $7.2 billion loss generated by the rogue trader at Societe Generale SA. 

Social pressures?  What is this?  High School?

As the sorry mess surrounding rogue trader Jerome Kerviel continues to unfold I can’t help but wonder why his “activities prompted questions from risk managers several times last year, but that the bank never began an investigation because his explanations defused any suspicions.”  Isn’t that like asking the fox to give you the hen house inventory report?

In with the new and out with the old.  The start of the new year is prime time for making room in overstuffed file cabinets and e-mail folders.  Getting organized feels great.

But, don’t start purging documents before checking your company’s document retention policy.  Most companies have policies outlining how long certain paper and electronic records must be kept.  After all, you don’t want to send something to the trash if instead it needs to go into archive or some other type of longer term storage, and you don’t want to go dumpster diving to retrieve documents that were mistakenly tossed like one bank did.

In addition to deciding which business records must stay and which can go, companies should be consistent in applying their document retention policies.  In other words, if the paper version of the document is scheduled of destruction then all corresponding electronic versions of the document should be purged as well. 

Sounds simple, but deleting an electronic document from your directory, for example, does not delete it from your computer.  It stays there until it is written over.  As a result, the “deleted” document can be recovered using various computer forensic techniques.  That is one reason why most document retention policies are ineffective.