Record management - Handle Legal hold

Context

SEC-17a-4 (17 CFR § 240.17a-4 - Records to be preserved by certain exchange members, brokers and dealers.) is a US regulatory related to the records preservation.

The main areas are related to secured storage, retention management, change and deletion prevention, legal hold, and audit trail.

 

Prerequisite

For the record documents storage, we will use Amazon S3 capabilities with a bucket with the following parameters:

• Versioning turned on
• Compliance mode turned on
• No default retention in the bucket (or default retention as 0)

cf. https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/doc_source/object-lock-overview.md

cf. https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html

 

User stories

• As a granted user I can apply or remove a hold on a record, so that no one can delete the record, even if the retention has expired and the user is an admin.
• As a granted user I want to add a description of the legal hold I'm adding, in order to display the description in the history, so that I can know to what event the legal hols refers to.
• As a broker dealer, I want the event "Applied Legal Hold" to be logged in the audit/history including the legal hold description when a document is put on Legal Hold
• As a broker dealer, I want the event "Removed Legal Hold" to be logged in the audit/history when a Legal Hold is removed
• As  a granted user I can out in hold any record.
• As a granted user, I can remove a hold on any record, even if I’m not the one who put the record in hold.
• As a user manager, I can grant a user or a group to apply/remove a hold, so that I can define which user(s) and/or group(s) are allowed to apply/remove a hold.

 

User experience

• Apply a legal hold to a document:

• Apply a legal hold to a list of document (from the document search result page):

 

• History display:

 

Description

A legal hold allows to prevent any change or deletion of a record indefinitely until the legal hold is removed, whatever if the record is under retention or not, or if the record expired during it is on hold.

There is currently no Legal Hold feature on Nuxeo (even if the lock/unlock feature is similar).

Improvements:

• Add the legal hold logic on Nuxeo side
• Provide a UI for legal hold
• Add a dedicated permission CanManageLegalHold for Legal hold management

• Handle legal hold attribute at Amazon S3 level

• • Use setObjectLegalHold method

  

Acceptance criteria

• As a user with CanManageLegalHold permission, I can apply a legal hold to a record under retention,
• As a user with CanManageLegalHold permission, I can apply a legal hold to a record with no retention,
• As a user with CanManageLegalHold permission, I can removed a legal hold to a record,
• As a user with CanManageLegalHold permission, I can removed a legal hold to a record that I don't put in legal hold myself,
• The event "Applied Legal Hold" is displayed on the history of the document / Audit when I apply a legal hold to a document,
• The event "Removed Legal Hold" is displayed on the history of the document / Audit when I remove a legal hold from a document,
• As a user, I can NOT delete a record when it is on hold,
• As an administrator, I can NOT delete a record when it is on hold,
• When I removed a legal hold to a record under retention period, I can NOT delete the record until the retention has expired,

 

Sequencing diagram

cf. Attachment SEC17a_4_seq_apply-legalhold.png