Email Archiving for Financial Services Industry

Finance is an excessively regulated industry. There are a lot of moving parts and data that must be monitored and reported in order to stay…

Sheldon Mills profile picture

Sheldon Mills

April 21, 20168 minutes read

Finance is an excessively regulated industry. There are a lot of moving parts and data that must be monitored and reported in order to stay protected and compliant with all the regulations. One of the most important aspects of regulatory compliance for banks and financial organizations is record keeping and archiving electronic communication data. With the right tools and plans in place, archiving compliance does not have to be a daunting task.

Brokers, dealers, investment advisors, lending agents, futures and transfer agents, and businesses like mortgage companies, credit unions, banks, hedge funds, private equity firms, exchanges, commercial and retail banks, lenders and insurers, payday lenders, foreclosure relief services and debt collectors are all required to capture, monitor and archive business related communication data for review, audits, eDiscovery, litigation, and compliance.

But how do you become compliant? Let’s just jump right into the What, Why, and How of archiving compliance for banking and financial organizations.

What regulations require financial sector institutions to archive electronic communication data?

Here are some (but not all) of the major regulations with which financial institutions (operating within the US) must comply.

Regulations for Financial Organizations:

  • FINRA 10-06 — Financial firms must retain records of all social media communications.
  • FINRA 11-32 — Defines tweets and text messages as written material that needs to be preserved
  • FINRA 11-39 — Institutions are required to retain, retrieve, and supervise business communication regardless of whether it is conducted from work-issued devices or personal devices.
  • SEC Rule 17a-3 & 17a-4 — A dealer or broker must preserve documents and records for three to six years, the first two years of which, they must be in an accessible location.
  • NASD 3010/3110 — Member firms must implement a retention program for all correspondence involving registered representatives.
  • Sarbanes-Oxley Act — Public companies must save all business records, including electronic records and messages, for no less than five years.
  • IIROC 11-0349 — All methods used to communicate, including social media, blogs and chat rooms, are subject to the IIROC Dealer Member Rules.
  • Dodd-Frank Act — All information (communication) handled by a major swap participant related to an executed trade must be stored and held for the duration of the transaction vehicle, and when a trade reconstruction request is issued. Information must be preserved for five years after the life of the deal. This act gives firms 72 hours to comply with information requests.
  • Graham-Leach-Bliley Act — Section 6801 requires that access to all customer records, including communication, be carefully controlled to prevent substantial harm or inconvenience to any customer.
  • Markets in Financial Instruments Directive (MiFID I & II) — [Applicable in European Union] Stipulates that financial advisors and corporate brokerage firms must record all electronic communications related to a trade. MiFID II expands upon the original MiFID requirement to retain only telephone conversation records, to now include archived email, social media, instant messaging, voice calls, and mobile communication data.  Records must be stored in a medium that cannot be changed or deleted and must be available to clients on demand. The archived data must be stored for a minimum of 5-7 years.

My business is banking/financial services. What data must I archive?

In short, your company should be archiving all business related electronic communication data. Most importantly, anything related to financial deals as detailed in the regulations mentioned above.

Email has been around long enough that just about everyone realizes the need to have a complete and easily accessible email archive. But you should really be archiving every bit of electronic communication data created by your organization. This includes social media, Instant messaging, and content created on mobile devices. The courts and the regulatory bodies, such as FINRA and the SEC have spoken when it comes to archiving and producing these types of data as discovery or information requests. For example, social media has been given at least equal weight and import as email. (As shown in the regulation summaries above and below in the information on the FRCP mandate)

What tools can help my company stay compliant?

An archiving software solution is a great first step. Archiving software automatically helps you prepare to respond to any compliance audit, litigation or information request for your business communication data. The right solution archives all your communication data in one central location for easy search, eDiscovery, and exporting needs. All your email, social media, instant messages, web searches, and mobile device communication is stored. There are no more individual employee PST archives to search through on separate machines. There is no need for employees to plug in and sync phones to backup their mobile messages. There are no more duplicate emails filling up and slowing down your server. Everything is right there where you need it.

Why do I need to archive communication data?

As stated above, the most obvious reason to archive emails and other business communication data is that your business is regulated and thus, mandated to do so. Another reason why you should archive, that isn’t obvious at first, is data leakage. If you have proprietary data, customer account, transactional or confidential information, you have to make sure that it isn’t shared, either purposefully or accidentally. The use of email, social media, instant messaging, and mobile devices increases the ease at which your employees could share this type of data. Couple that with the fact that the line between personal and business communication is blurred on corporate mobile devices, especially with devices in a Bring Your Own Device (BYOD) environment. In addition to data leakage, you need to guard against insider trading, inappropriate financial advice, and stating personal beliefs about a financial investment or trade as fact. Having an archiving solution provides you with protection against these threats by giving you oversight. This oversight on employee communication data, coupled with an effective communication policy, will not only discourage bad behavior, but will encourage proper behavior according to established policy. Your employees will know that according to your policy, everything they communicate is being stored and can be accessed for review. Furthermore, many archiving solutions also provide data monitoring, filtering, and blocking. This gives you another level of protection, by preventing inappropriate, sensitive, proprietary or other types of content from ever being posted. It can even alert managers or compliance officers of inappropriate or illegal messages. This type of functionality is necessary in a heavily regulated environment.

Another great reason to archive is to increase business productivity. With the ever-growing amount of content being stored on email servers, they are being taxed like never before. This causes them to slow down, and could cause them to go offline completely, which reduces productivity. An archiving solution helps improve your email system performance, and reduces downtime by allowing you to delete messages from the live email system once they have been archived.  A good email archive solution can even reduce the strain on your IT staff. End users can be empowered to access the archive instead of bothering the IT department to spend needless hours searching and recovering a single lost or deleted email.

Archiving is also extremely important for eDiscovery, information requests, and litigation preparation. Unfortunately, in the business world, being involved in litigation is only a matter of time. While many larger corporations’ legal council have long since instructed companies to archive all email, as we have stated above, the FRCP states that you must be able to produce ALL electronic communication data that could be relevant to a case, and not just email. This includes social media, instant messaging and data created on mobile devices. Think about it. What if you were involved in litigation and the other party produced a relevant social media message posted by one of your employees that proved their side of the case, but you had nothing with which to rebutt. You couldn’t show your side of the argument, because you didn’t archive that message and you couldn’t produce it. That would hurt your case! In fact we had someone come up to our booth at a convention who said, “Man, I should have been archiving all this information. I keep losing court cases because I can’t produce anything.” Be prepared to quickly and easily produce a complete record of your communication data by having a good archiving solution.

Finally, an archive is an untapped source of business insight. If you have access to every email, social media post, customer interaction through text, or the instant messages between employees, you have a mass of information that is available at your fingertips. We won’t go into length here, but actionable business insights are the future of archiving. For more information watch this great recorded webinar we have on Archiving 2.0, the future of archiving.

Share this post

Share this post to x. Share to linkedin. Mail to
Sheldon Mills avatar image

Sheldon Mills

Sheldon Mills is a Senior Product Marketing Manager with Fortify for OpenText cybersecurity. Whether it’s Application Security by day, or co-hosting his podcast on habit building by night, he has a passion for helping people solve problems and get from where they are now, to where they want go.

See all posts

More from the author

Manage your AppSec data through a single pane of glass with Fortify Insight

Manage your AppSec data through a single pane of glass with Fortify Insight

Enterprises still struggle to answer fundamental questions: How many critical and high application vulnerabilities do we have? What are the top 3 to 10 categories…

October 10, 2023 2 minutes read
Risks and Benefits of Social Media Use in the Workplace

Risks and Benefits of Social Media Use in the Workplace

There are a host of benefits to social media use in the workplace, but there are risks as well… 90% of companies now use social…

January 23, 2017 5 minutes read
Top 10 Google Vault Email Archiving Drawbacks

Top 10 Google Vault Email Archiving Drawbacks

According to the Gartner Magic Quadrant for Enterprise Information Archiving “Retain is one of the few archiving solutions that offers native Gmail archiving support” Google…

July 29, 2016 8 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.