Updated: Jan 11, 2021
With rapid digitization of the banking and financial industries, a huge amount of transactional data in digital form is being generated, much of which is in the form of email messages that form part of the digital exchange of information to carry out such transactions.
The rising importance of emails has led to the enactment of various industry regulations requiring financial organizations to archive emails for audits, reviews, litigation, eDiscovery, and compliance. Besides this, email is being used for boosting sales, streamlining business operations, exchanging information etc. making email an important channel for business communications.
These communications can clog up an organization’s network bandwidth, demanding large storage space. The volume of structured and unstructured data in any financial organization doubles every year. Although all these organizations utilize various advanced data mechanisms, they still fail to address various online threats and risks associated with data management.
So how are organization’s dealing with the growing volume of email? How can they ensure compliance with regulations? What are the challenges faced by them? And what is the productive method of email archiving? Read on to find answers.
Communication Archiving Compliance Regulations for Financial Organizations
Let’s take a look at some important regulations that govern financial sector organizations:
FINRA 11-39: Firms must retain, supervise, and retrieve business communications, irrespective of whether they are completed from a personal or work-related device.
NASD Rules 3010/3110 & SEC Rule 17a-4 & 17a-3: These rules require all dealer/broker organizations to retain emails pertaining to trading activity for at least 6 years. The rules also impose a requirement that for the first two-year term, the documentation must be maintained in an easily accessible and indexable storage.
Markets in Financial Instruments Directive (MiFIDI&II): This law states that all electronic communications related to trading in corporate brokerage firms and financial advisory firms must be recorded and preserved. The information must be stored in a medium such that it cannot be deleted or tampered with, and must be available on client requirement. The archived data must be stored for a minimum of 5-7 years. This law governs financial organizations in the European Union.
Sarbanes-Oxley Act: All public trading companies must save business records including electronic communications, such as social media messages, emails, and others, for at least 5 years. Although this is a U.S. law, it is also applicable to European companies that are listed in the U.S.
FSA: This requires financial firms to record, retain, and store relevant communications for six months. This law is applicable in the United Kingdom.
SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (LODR): This policy mandates the systematic categorization, review, and retention of all important business documents for 5 years in company systems, and thereafter archiving it for another 3 years. This regulation is applicable to banks and financial organizations in India.
The Information Technology Act 2000: This act with a further amendment in 2008 states that the use of electronic records including email as evidence is permitted under the Indian Evidence Act, 1872, the Civil Procedure Code and the Criminal Procedure Code.
Although each of the aforementioned regulations impose their individual requirements, compliance is still based on the following concepts:
Data Permeance: The data must be retained in its original state without being tampered with or deleted.
Data Security: The information retained must be safeguarded against threats such as unauthorized human access, spyware and virus attacks.
Auditability: This is a concept that demands that information is safeguarded, easily accessible, and verifiable by authorized personnel.
Consequences of Non-Compliance
Stringent controls and penalties imposed by these regulations are forcing financial organizations to take regulatory compliance seriously. While doing so, every 1 in 4 organization’s experiences a storage management issue. The size of the email has drastically increased from 22 KB to 350 KB. It is believed that most of the business organizations in the U.S. are allotting more than 150 MB of storage to a user. Additionally, these organizations make use of quotas for email storage to prevent messages from overloading and degrading the performance of their primary server. The downside of these quotas is that they may lead to serious implications and non-compliance. However, the consequences of non-compliance from these quotas or other means can be devastating:
Litigations: According to the American Management Association, nearly a quarter of U.S. employers are implicated in lawsuits. The Litigation Trends Survey by Fullbright and Jaworski claimed that in 2007, nearly 29% of the U.S. businesses were embroiled in at least one litigation, with more than 32% of them battling $20 million lawsuits or more. During the course of a litigation, the parties involved in the litigation are required to submit case-relevant information in a timely manner. In such cases, the cost of information retrieval may outweigh damages sought in the case. For instance, in the case of Zubulake vs.UBS Bank, the cost of restoring 77 tape backups was $165,954, whereas the lawsuit damage was only $107, 694.
Fines: According to Osterman Research, the financial services that do not comply with various state and federal regulations for information retention and preservation end up paying serious fines. In 2016, the Financial Industry Regulatory Authority (FINRA) announced that 12 major financial firms were fined $14.4 million for significant inadequacies found in preserving customer records or broker-dealer records. Some of the firms included Wells Fargo Securities, LLC & Wells Fargo Prime Services, LLC, RBS Securities, Inc., LPL Financial LLC, PNC Capital Markets LLC, etc. Even though most fines are focused on large financial organizations, small financial organizations like broker-dealers, credit unions, or banks may also be fined for inadequate information management.
Reputational Risks: Irrespective of whether the organization is guilty or not, the effects of getting entangled in lawsuits or fines can be severe. It may affect the overall corporate trust or the financial positioning of the organization and indirectly provide a business advantage to the competitor. Additionally, the damage caused to the company within its community can be equally detrimental.
All these reasons help understand the increasing importance of safe and secured cloud-based email archiving.
Beneficial Features of Cloud-Based Email Archiving Solutions
Automated Information Saving: All company emails are automatically archived, due to an in-line archiving feature.
Quick Indexing and Search Capabilities: Most regulatory audits and eDiscovery demands fast indexing of records. Email archiving solutions are equipped with advanced search capabilities, which enable quick searches and easy extraction of records.
Data Security and Tamper Proofing: All emails are stored in a read-only encrypted format, which helps ensure a tamper-proof solution, as well as accidental deletion of emails.
Transparency of Business Activities: With all relevant information stored, businesses can get an overview of the ongoing business practices, detect and prevent frauds occurring due to inappropriate trade practices.
Ready to go to the next step? We suggest you watch a video of how email archiving works, use a live demo account of the product (no sign up required) and then sign up for a no-obligation free 30-day live trial.
Want an in-depth discussion? Our archival experts are ready to talk to you, one on one to suggest archival best practices, to help you manage email storage better, learn how to make use of all the archived business email for business intelligence and stay ready for regulation compliance. Contact us today.
Want to just keep updated with the latest in Email Archival? Watch recordings of email archiving webinars to understand in depth how enterprise email archiving can benefit you. Most of our webinars are well-researched stories about live customer use cases, as narrated by the customer and an AWS team member Live.