Financial institutions grappling with significant, ongoing challenges in their management of valuable communications data. These challenges are driven by accelerated technology change, a wholesale shift to cloud platforms and many long-lasting changes in working practices and behaviours post-COVID. Financial institutions have experienced a seismic shift from an era where all communications data was stored in centralised servers within the walls of its enterprise data centres. Now, email, chat, voice and video along with other dynamic forms of collaborative content, is stored across a myriad of third-party communications channels and cloud-based platforms outside the perimeter of the enterprise.
Adding to data complexities, authorities in financial centres worldwide are increasingly focused on the risks and potential gaps in institutions’ ability to comply with necessary regulations.
Against this backdrop, how can risk and compliance leaders retain the flexibility and agility of instantaneous digital communication while keeping the increasing volume and veracity of critical communications data under control?
Modern data challenges
Financial institutions have long been highly regulated organisations. Traditionally, managing the communications perimeter was limited to retaining copies of emails backed-up from on-premises email server and maintaining audio recordings of phone conversations conducted on landline phones and dealer rooms turrets. Now, as bankers, traders and other financial services personnel communicate with clients across multiple channels, many of which are hosted externally to the enterprise, and with some with additional layers of encryption on the device itself, the challenge is how to capture, store and retrieve this data to meet compliance and legal requirements. This challenge is made more difficult due to the fact that many of the communications channels and collaboration platforms used have been designed with end-user needs in-mind and lack the necessary retention, discovery and retrieval tools to fulfil financial services legal and compliance obligations.
To date, most financial services institutions have been forced to piecemeal solutions as each new app or tool has been incorporated. Each new challenge has called for another point solution to be incorporated into an increasingly complex compliance and legal landscape, encompassing analogue and VOIP voice data, email, instant messaging and chat, mobile apps and collaboration platforms. This approach of multiple vendor solutions supported by a wide range of technologies that don’t integrate and require vast resources to manage continues to fall short of regulatory expectations.
These shortfalls can come at a steep price. Last year, the Securities and Exchange Commission and the Commodity Futures Trading Commission levied fines totalling $2 billion on more than a dozen financial institutions for failing to manage appropriately “off-channel communications,” such as WhatsApp. The most significant fines reached roughly $200 million, material for even the biggest banks.
Under the Markets in Financial Instruments Directive (MiFID) in Europe and Sarbanes-Oxley in the U.S., banks must be able to retrieve and reconstruct relevant communications data, and to begin dialogue with regulators within tight timeframes of a new alert or request. Given how stringently these deadlines are policed, the ability to query a single integrated data store containing all relevant communications data, no matter the originating platform, is vital.
Regulatory and compliance leaders are beginning to recognize the benefits of migrating to a single integrated data store and leveraging advanced cloud-based tools for real-time indexing supported by machine learning and artificial intelligence. This openness to a holistic, proactive approach is an important step in the direction of solving the ever-evolving landscape of data challenges. However, to be effective, a single source of truth must be architected and maintained for flexibility and attention to common data management pitfalls.
Comprehensive data management
To meet regulatory requirements in the current data environment, most organizations will require a scalable and flexible cloud-based hub for communications data, where access is granted to select legal and compliance roles, and dynamically managed. Such a solution streamlines the process of connecting numerous, disparate data sources, and improves the ease with which stakeholders can find, retrieve and reconstruct communications as needed for monitoring and regulatory reporting.
An effective solution should address and incorporate:
- Enablement of business objectives for the data, while simultaneously ensuring data and archiving strategies comply with existing legal and regulatory requirements and pre-empt emerging requirements driven by technology advancements (i.e., use of personal devices and ephemeral messaging applications).
- Design, development and implementation of archiving and legal hold strategies, with operating models to achieve defensible data archiving and minimisation whilst managing adjacent costs and risks across the enterprise.
- Day-to-day management of global enterprise archives, retention policies, legal holds and business-as-usual optimisation, to ensure business objectives and end-user requirements are satisfied in concert.
A “cradle-to-grave” approach built upon leading technology encompasses steps from initial data capture and archiving through to retrieval and analysis, and can support multiple end-user teams across an enterprise, so communications data may be easily accessed for critical functions, including legal, investigations, disputes, regulatory compliance, privacy and customer rectifications.
Financial institutions are confronting a complex and fragmented communications universe, with alert and engaged regulators placing new burdens on legal, compliance and risk teams. A holistic, proactive and risk-based approach to data management can help establish organisational confidence and the ability to take quick, decisive action when needed. Moreover, it will help risk and compliance leaders reduce infrastructure costs and minimise regulatory risk amid a constantly changing communications environment.