Multipurpose, distributed, object-based storage system designed to store and access unstructured documents and objects. Compliance-enabled Vaults. Retention Periods. Legal Holds. Activity Tracking.
Cordiant Compliance-enabled Document Vaults (CeDV) system is a multi-purpose file storage system to store and access unstructured documents and objects of a financial institution. It provides stringent retention, protection and object management controls that meet rigorous regulatory and legal requirements.
Cordiant Compliance-enabled Document Vault System is designed to meet global financial industry requirements for preserving record objects as non-rewriteable and non-erasable, until a record object has been stored for the statutorily-mandated retention period and until there are no further legal holds applied to that record object.
The Cordiant Compliance-enabled Document Vaults System is an object-based storage system with a private cloud-based architecture that can be deployed on-premise, or off-premise in a single tenant or multi-tenant infrastructure.
Objects or Files are stored in Vaults. Essentially, two types of Vaults can be created:
Sub Vaults can be created below a parent Vault. In this case, the Sub Vaults inherit the permissions and compliance metadata of the parent Vault by default. However, it’s also possible to define custom permissions for a Sub Vault, which is different from the permissions of a parent Vault.
All files shared through Cordiant Chat are auto-saved into designated Vaults with accompanying audit trails.
The bank can create Vaults for each customer relationship or account and store electronic copies of all the files that are specific to that account. This may include Know Your Customer (KYC) documents, statutory and periodic financial statements as submitted by a credit-availing customer, credit sanction letter and supporting documents, credit renewal documents etc.
Automated robotic processes that run within the Cordiant application framework can do existential checks on these repositories and notify every single non-compliance with respect to the filings from the customer/branch.
The Cordiant Compliance-enabled Document Vault system runs as a well-orchestrated API-driven microservice. Third party programs can write to and retrieve files from the Document Vault system using the published APIs.
If a Vault is compliance-enabled, retention policies are applied to the Vault, and to individual objects in the Vault, as they are stored in the Vault.
The files in a Compliance-enabled Vault inherits the retention period as specified for the Vault. However, longer retention periods than that is applied for the Vault can be specified for individual files in a Vault.
Each file in the Cordiant Compliance-enabled Vault is retained as an immutable and undeletable object for at least the duration of the retention policy.
Versioning will be unavailable for files stored in the Compliance-enabled Vaults.
When a subpoena, litigation, regulatory investigation, external audit or other special circumstances mandates the preservation of a file, a legal hold can be applied to that file. In such a case, the file must be retained (preserved) as immutable and deletion and overwrites must be prohibited until the legal hold is removed.
Legal holds may be applied to an entire Vault or to specific files in the Vault. Any number of legal holds may be applied to a specific Vault or to a file in a Vault. Each such legal hold is specified by a legal hold identifier.
If a file has a legal hold applied to it, immutability of the file is enforced even when the retention period has passed.
The bank may delete the object and its accompanying metadata through the Cordiant CeDV microservice API
The Retention Expiration Date for (a) above is calculated by adding the retention period of the object to the storage date and time of the object in the Vault.
A Compliance-enabled Document Vault which is empty can be deleted at any time. All objects in the Compliance-enabled Vault must have been deleted before the Vault can be deleted. And individual record objects cannot be deleted unless they are eligible for deletion.
Additionally, all Sub Vaults under a parent Vault should have been deleted before the parent Vault can be deleted.
Any attempt made by a user or a source application to delete a record object prior to the expiry of the retention period and the removal of all associated legal holds will be rejected. Moreover, an entry of such an attempt will be recorded in the audit log and a notification sent to designated officers of the company with details about the attempt made.
An object may be copied from one Vault to another. In this case, the retention period of the new Vault or the retention period set for the new copied object, whichever is higher, will be applicable to the copied object.
An object cannot be moved from one Vault to another as this would result in possibly altering the retention period of the object.
The bank can set a universal minimum and maximum retention period.
Minimum Retention Period is the minimum period that can be set for any object stored in the Bank’s CeDVs. Maximum Retention Period is the maximum period that can be set for any object stored in the Bank’s CeDV.
By setting universal minimum and maximum retention periods, the bank can ensure that no object is stored with too low a retention period and too high a retention period due to human or programming error.
The Cordiant CeDV API will reject any posts of objects with Retention Periods that are beyond the above-set boundaries.
If the minimum and maximum retention periods are changed in the future, the new boundaries will apply to only the new Vaults and objects stored in those Vaults.
Every single activity on a file like read, update, delete or attempt to delete in both Standard Vaults and Compliance-enabled Vaults is logged for audit purposes.
All Cordiant solutions run from an Operational Data Layer that sits on top of the bank’s core banking data store.
The Operational Data Layer built on DataStax Enterprise scores on speed, availability, consistency, scalability and security while accessing and serving critical financial services data. DataStax Enterprise(™) is the data management platform of choice of 9 of the top 15 global banks for building and rolling out transformative banking applications for the always-on economy.