Digital Safe Data Disposition Becomes Priority in Financial Services

Many Organizations Still Struggle to Dispose of Data Despite Over-Retention Risks

A global banking client was struggling to manage decades of archived data and reduce its data footprint subject to litigation. In parallel, the institution had a large volume of data stored within its global Digital Safe archive, which was being decommissioned by the software provider. The organization needed to defensibly dispose of data, migrate to a new archive and establish processes for improving future data management, but was unsure of where or how to begin such an undertaking.

This is a common scenario within financial services institutions. They are required by various global regulations to retain certain records and data for specified periods of time, yet are in parallel subject to significant legal and regulatory risk related to over-retention of data. An organizations can spend as much as US$34 million holding onto data that could otherwise be deleted,¹ and since September 2020, regulators have has issued approximately US$3.4 billion in record-keeping-related fines.²

Despite the risks of data over-retention, many financial services organizations struggle to complete data disposition initiatives. Common stumbling blocks include:

Process reengineering, requiring manual work before implementing technology solutions and automated processes.
Legal hold policy and existing legal holds must be evaluated to identify information that is obligated for preservation and separate it from that which can be deleted.
Defensibility assessment for any other retention requirements according to various legal and regulatory obligations.
Data residing in legacy backups must be mapped and managed before anything can be deleted.
Resource and sensitivity challenges related to headcount limitations, budget constraints and active investigations, litigation or legal holds.
Scope and scale given the sheer amount of data being created and stored every day.
Misconceptions regarding the future business value of certain data.
Outdated and unenforced policies that provide a false sense of security.

Many of these challenges were evident in a recent engagement with a global financial institution. The organization was looking to address its data risks while migrating away from its legacy archive. Due to a high volume of unnecessary data within the archive, the organization was at increased risk for compliance violations, was paying excessive IT licensing fees and was grappling with deteriorating quality of its data repositories.

Establishing a modernized and risk resilient data archive required implementation of preservation, retention and deletion functions that were not available within the organization’s existing system. The system’s limitations also left the client with no cost-effective option for migrating to a new platform. As a result, the organization’s only option was to reduce the data footprint and introduce customized features to manage its data retention and disposal program going forward.

The initiative required parsing through large volumes of legacy data spanning decades and approximately 17,000 custodians who had been placed under legal hold obligations.

In partnering with the client’s legal, e-discovery, IT and archiving teams, information governance experts within FTI Consulting built a framework for data disposition across global systems. The team developed workflows to accurately identify and track custodians with data in the archive and those who were under existing or previous legal holds. They analyzed data further to separate legacy and expired data from data that still needed to be preserved. With that information mapped and organized, the team automated a process for retaining and deleting data within the archive for tens of thousands of individuals.

This work significantly reduced the client’s archive footprint by tens of terabytes of data, resulting in significant cost savings for the IT and legal departments and reduced risk of data mishandling and fines.

Antiquated or inadequate data deletion practices pose a serious vector of legal and regulatory risk, especially for organizations in financial services. Organizations that take data disposition seriously as a business imperative, as this client did, can be in a much more defensible position. Working with experts to solve the issue in a pragmatic manner creates opportunities to reduce the cost and risk associated with organizational data, making it possible to derive value from it now and in the future.

Footnotes:

1: Hackley, M., “3 Common Information Governance Challenges (And How to Overcome Them)”, Access, 2023.

2: Grip, “Recordkeeping fines and actions,” 16 October 2025.