Disclaimer: The Electronic Commerce Security Act (ECSA) was repealed and replaced with the Uniform Electronic Transaction Act (UETA), effective June 25, 2021. Please note that this change may affect the continued accuracy of this guidance as it pertains to the ECSA.
We are not aware of any Illinois regulations that directly address record retention for banks. (While the Banking Act mandates the Commissioner of Banks to promulgate record retention rules, no such rules have been published. 205 ILCS 5/48.6.) However, there are a few record retention requirements in Illinois law that could apply to banks in certain situations:
1. Under the Uniform Commercial Code (UCC), financial institutions must retain checks or “legible copies” of checks for seven years after receiving them. 810 ILCS 5/4-406(b).
2. If requesting a criminal background check on an employee or potential employee to comply with the restrictions on hiring/involving individuals with certain felony convictions, a financial institution must save a copy of the employee/officer/applicant’s signed release for two years. 20 Ill. Adm. Code 1215(b).
3. Under the Illinois Notary Public Act, a financial institution must retain employees’ Notarial Records for seven years. 5 ILCS 312/3-102(d).
4. As to unclaimed property, financial institutions are required to retain property records for five years after reporting property as abandoned. Those records must include the records going back through the period required for the presumption of abandonment, plus another nine years. 765 ILCS 1025/11(h)(2) [Repealed effective 1/1/18].
5. The Electronic Commerce Security Act (“ECSA”) provides specifics regarding legal record retention requirements, which can be met by “retaining electronic records …in a trustworthy manner, provided that the following conditions are satisfied:
(1) the electronic record and the information contained therein are accessible so as to be usable for subsequent reference at all times when such information must be retained;
(2) the information is retained in the format in which it was originally generated, sent, or received or in a format that can be demonstrated to represent accurately the information originally generated, sent or received; and
(3) such data as enables the identification of the origin and destination of the information, the authenticity and integrity of the information, and the date and time when it was sent or received, if any, is retained.”