Published on September 16, 2021 by Wilfred Peter
With evolving technology and digital needs, access to information is just a click away. The pandemic, however, has highlighted a number of risks associated with digital storage from a regulatory standpoint. We list some of the advantages and disadvantages of digital storage below.
A regulatory requirement, both from an SEC and MiFID standpoint, is recordkeeping not only in the digital world, but also on anything relating to business communication.
The SEC’s Rule 17a-3 and 17a-4 require broker-dealers to hold and maintain business records for six years. This includes social media content and emails. This ensures that employees using these channels do not breach policies when communicating relevant information. Each firm should ensure it has adequate controls in place to adhere to such regulatory requirements.
MiFID’s Regulation (EU) №600/2014, Directive 2014/57/EU and Regulation (EU) №596/2014* state that an investment firm should ensure it makes all the necessary arrangements to maintain records of business-related information in write once read many (WORM) format, so it meets the requirement of supervisory tasks and recordkeeping.
In simple terms, recordkeeping refers to maintaining activity records, be it a small business or a big organisation. They could be physical or a soft copies, but need to be retained and preserved from a SEC regulatory standpoint for a period of six years. In the current work-from-home environment, all asset management firms have had to switch to the digital world. The large volumes of digital communication replacing in-person connections have heightened the need for firms to be more diligent in maintaining digital records, both for monitoring as well as regulatory reporting.
A few matters every firm should be mindful of when keeping records:
- Ensure all business-related content/communication is retained for regulatory checks
- Ensure all hard copies and electronic data are retained/records are kept (making them accessible at any time)
- Ensure internal and external audits are conducted regularly to make sure proper controls are in place; address gaps using the findings
- The rule of four could make things easy for any organisation
- Storage — digital storage of information can help employees access content from anywhere
- Copying — all business-related content sent or received by advisers should be retained in soft or hard copy for regulatory purposes
- Archiving — this refers to moving data from a primary location to another location, so that it can stored/archived and pulled up when required
- Destroying — this is another important step in the archiving process. Destroying documents after the stipulated time frame (six years) can help free up space
Compliance teams also should have robust processes in place for retention and destruction.
Website archiving refers to archiving one’s own company website. For regulatory or legal purposes, there are certain asset management firms who archive websites daily with the help of technology or automate them with help of third-party vendors. Websites change rapidly, and a company would not want get things wrong what is posted on the website, for the purpose of complying with regulatory requirements and to use as evidence/proof for a lawsuit.
Once the third-party tool/application captures a screenshot of the website, the compliance officer would check any change on the website from the previous day. This is done to ensure all content posted on the website is approved/signed off by the compliance officer before use. The compliance officer also checks whether all the links and sub-links on the website are accessible. (This can be done by having an internal company policy in place that specifies having the third-party tool checked on a weekly or monthly basis.)
Why do we do this?
This is done so the firm can furnish evidence of website content and any changes to the regulator in the event questions are raised during an inspection.
Failure to adhere to this regulation could lead to substantial fines and suspension of operations. For example, FINRA fined a company USD2.6m for significant failure relating to maintaining the required electronic records and retaining emails (https://www.finra.org/media-center/news-releases/2015/finra-fines-scottrade-26-million-significant-failures-required).
How Acuity Knowledge Partners can help:
We can partner with you to handle all website archive-related requirements, keeping the latest regulation in mind. Acuity Knowledge Partners is an influential player in the global market, offering compliance expertise and a wide array of other services. We enable our compliance clients to manage increasing demands on their teams by providing customised managed services solutions, based on specialised skills and technology, and by delivering operational efficiency, resilience and significant cost savings. We believe our offering is even more relevant in the post-COVID-19 economic and operating environment, where compliance teams have seen a significant increase in workload in tasks such as trade surveillance, communications surveillance, distribution compliance and virtual client on-boarding and transaction monitoring. Please refer to our compliance offerings in details here.
Originally published at https://www.acuitykp.com.
About the Author
Wilfred Peter, Delivery Manager, has over 11+ years of experience in compliance and Investment banking having worked for firms including State Street Global Advisors and HSBC. His expertise spans across compliance and risk sector, focusing on compliance reviews of marketing/advertising materials and social media contents. At Acuity Knowledge Partners he is part of the central compliance team and specializes in marketing material review and social media reviews. Wilfred is a graduate (Bachelors of commerce) and hold a degree from St Joseph’s College of Commerce Bengaluru.