Cordiant uses its own and third party cookies to provide you the best possible experience, to support our marketing campaigns, and to advertise to you on our websites and on others. Some cookies may continue to collect information after you have left our websites. To learn more about cookies and how to adjust cookie settings please find our privacy policy located in the footer. Simply click the 'OK' button to dismiss this banner (this will only appear on your first visit to Cordiant).
Learn more

Compliance-enabled Document Vaults

Multipurpose, distributed, object-based storage system designed to store and access unstructured documents and objects. Compliance-enabled Vaults. Retention Periods. Legal Holds. Activity Tracking.

Cordiant Compliance-enabled Document Vaults (CeDV) system is a multi-purpose file storage system to store and access unstructured documents and objects of a financial institution. It provides stringent retention, protection and object management controls that meet rigorous regulatory and legal requirements.

Cordiant Compliance-enabled Document Vault System is designed to meet global financial industry requirements for preserving record objects as non-rewriteable and non-erasable, until a record object has been stored for the statutorily-mandated retention period and until there are no further legal holds applied to that record object.

The Cordiant Compliance-enabled Document Vaults System is an object-based storage system with a private cloud-based architecture that can be deployed on-premise, or off-premise in a single tenant or multi-tenant infrastructure.

Standard Vaults, Compliance-enabled Vaults

Objects or Files are stored in Vaults. Essentially, two types of Vaults can be created:

  1. Standard Vaults : Protection-mode is disabled
  2. Compliance-enabled Vaults: Stringent non-rewritable, non-erasable retention controls are applied to objects stored.

Sub Vaults

Sub Vaults can be created below a parent Vault. In this case, the Sub Vaults inherit the permissions and compliance metadata of the parent Vault by default. However, it’s also possible to define custom permissions for a Sub Vault, which is different from the permissions of a parent Vault.

Files shared through Cordiant Chat

All files shared through Cordiant Chat are auto-saved into designated Standard Vaults (not CeDVs) with accompanying audit trails.

Vaults for each customer relationship or account

Banks and Financial Institutions can create Vaults for each customer relationship or account and store electronic copies of all the files that are specific to that account. This may include Know Your Customer (KYC) documents, statutory and periodic financial statements as submitted by a credit-availing customer, credit sanction letter and supporting documents, credit renewal documents etc.

Automated robotic processes that run within the Cordiant application framework can do existential checks on these repositories and notify every single non-compliance with respect to the filings from the customer/branch.

API-Driven Microservice Architecture

The Cordiant Compliance-enabled Document Vault system runs as a well-orchestrated API-driven microservice. Third party programs can write to and retrieve files from the Document Vault system using the published APIs.

Applying Retention Policies: Compliance-enabled Vaults

If a Vault is compliance-enabled, retention policies are applied to the Vault, and to individual objects in the Vault, as they are stored in the Vault.

The files in a Compliance-enabled Vault inherits the retention period as specified for the Vault. However, longer retention periods than that is applied for the Vault can be specified for individual files in a Vault.

Each file in the Cordiant Compliance-enabled Vault is retained as an immutable and undeletable object for at least the duration of the retention policy.

Versioning

File Versioning will be available only for objects stored in the Standard Vaults while it will not be available for objects stored in the Compliance-enabled Vaults.

Legal Holds

When a subpoena, litigation, regulatory investigation, external audit or other special circumstances mandates the preservation of a file, a legal hold can be applied to that file. In such a case, the file must be retained (preserved) as immutable and deletion and overwrites must be prohibited until the legal hold is removed.

Legal holds may be applied to an entire Vault or to specific files in the Vault. Any number of legal holds may be applied to a specific Vault or to a file in a Vault. Each such legal hold is specified by a legal hold identifier.

If a file has a legal hold applied to it, immutability of the file is enforced even when the retention period has passed.

Deletion

The bank may delete the object and its accompanying metadata through the Cordiant CeDV microservice API

  • when the Retention Expiration Date of an object stored in a Compliance-enabled Vault has passed and
  • the object has no legal hold identifiers attached to it.

The Retention Expiration Date for (a) above is calculated by adding the retention period of the object to the storage date and time of the object in the Vault.

A Compliance-enabled Document Vault which is empty can be deleted at any time. All objects in the Compliance-enabled Vault must have been deleted before the Vault can be deleted. And individual record objects cannot be deleted unless they are eligible for deletion.

Additionally, all Sub Vaults under a parent Vault should have been deleted before the parent Vault can be deleted.

Attempt to delete a Compliance-enabled Vault or Record Objects within

Any attempt made by a user or a source application to delete a record object prior to the expiry of the retention period and the removal of all associated legal holds will be rejected. Moreover, an entry of such an attempt will be recorded in the audit log and a notification sent to designated officers of the company with details about the attempt made.

Copying an Object from one Vault to another Vault

An object may be copied from one Vault to another. In this case, the retention period of the new Vault or the retention period set for the new copied object, whichever is higher, will be applicable to the copied object.

Moving an Object from one Vault to another Vault

An object cannot be moved from one CeDV to another as this would result in possibly altering the retention period of the object. Only objects stored in Standard Vaults can be moved.

Setting a Minimum and Maximum Retention Period for Compliance-enabled Objects:

The organization can set a universal minimum and maximum retention period for all objects stored in its Compliance-enabled Document Vaults.

Minimum Retention Period is the minimum period that can be set for any object stored in the Bank’s CeDVs. Maximum Retention Period is the maximum period that can be set for any object stored in the Bank’s CeDV.

By setting universal minimum and maximum retention periods, the institution can ensure that no object is stored with too low a retention period and too high a retention period due to human or programming error.

The Cordiant CeDV API will reject any posts of objects with Retention Periods that are beyond the above-set boundaries.

If the minimum and maximum retention periods are changed in the future, the new boundaries will apply to only the new Vaults and objects stored in those Vaults.

Logging of all activity on every single file in the Vaults

Every single activity on a file like read, update, delete or attempt to delete in both Standard Vaults and Compliance-enabled Vaults is logged for audit purposes.

Security

  1. AWS V4 Authentication is mandatory for all Write and Delete requests. This requires adding an access key to every such request.
  2. All objects are stored with AES-256 encryption with SHA 256 Hash.
  3. All communications with the the Cordiant CeDV microservice is always encrypted by using HTTPS, SSL tunneling, and SNMPv3 data protection.
  4. All network traffic is encrypted with AES-256.
  5. Role-based Access Control

Checksum to ensure the immutability of each Object

  1. The Cordiant CeDV microservice will expect a checksum (MD5 Hash) to be sent with each file or object that is uploaded into a Vault. The upload of an object will be completed only if the checksum as computed by the CeDV microservice matches with the checksum sent as payload through the API.
  2. At each read of the object, Cordiant CeDV microservice will compute the checksum of the stored object and match the checksum as stored with the object to ensure the immutability of the object before it is rendered to the user.

Roll out without disrupting your Core Applications

All Cordiant solutions run from an Operational Data Layer that sits on top of the enterprise's legacy applications and data stores.

The Operational Data Layer built on DataStax Enterprise scores on speed, availability, consistency, scalability and security while accessing and serving critical financial services data. DataStax Enterprise(™) is the data management platform of choice of 9 of the top 15 global banks for building and rolling out transformative banking applications for the always-on economy.

REQUEST A DEMO