How to Convince Your Board About the Need for Web Archiving
January 18, 2018 • 7 min read
Electronic communications are becoming more central to the way firms do business in financial services and new forms are being developed every year. Such is the rate of new electronic communications that there has been a needed increase in regulation to ensure that all customer communications are clear, fair, not misleading and remain consistent throughout the customer journey.
This has propelled the latest changes around MiFID II and FINRA legislation regarding how communications are to be recorded and stored for protection and accountability for both customers and financial firms. In our guide "Electronic Communications in MiFID II, Article 16", we identified web archiving as a much required need for financial firms as the best way to properly and efficiently record communications in a legal and compliant way.
There are multiple options for web archiving, from free tools to fully managed services and solutions which are available - the one you choose should be able to handle your firm's compliance and legal requirements.
In addition to this, you will need to convince your board to buy into web archiving as the right solution for your firm in complying with MiFID II, Article 16 - so here are some questions and hesitancies you could be presented with and how we would recommend you respond.
"Aren't we already compliant with backups?"
In our earlier blog, 'Backup vs. Archiving for MiFID II: What's the Difference', we go into full detail about the difference between a backup and an archive and how they are used for different scenarios.
A backup is used to help a business recover lost, deleted or corrupted data from a saved point in time and aims to restore operations as efficiently as possible. However, the data in a backup is not normally protected against being manipulated and changed.
An archive, on the other hand, is for long-term preservation and retention of historical data for regulatory compliance - and should be unchangeable and incorruptible.
Based on this, data that is only backed up is not legally admissible in court, nor is it compliance with MiFID II.
"Aren't social media messages stored indefinitely anyway?"
Unfortunately not. The FCA has specific guidance (FG15/4) pertaining to social media and customer communications in which they state:
"Firms should not rely on digital media channels to maintain records, as they will not have control over this."
This is because third party sites like social media platforms may refresh their content at any time (and may delete older material). It also means that individuals or brands could delete their own conversation threads or remove their accounts from the platform. Firms must also recognise that if their electronic communication records are inaccurate or incomplete, they're not compliant with MiFID II, Article 16 or legally admissible. It's the responsibility of the firm to take full accountability by capturing authentic records of electronic communications, as opposed to relying on external platforms to hold and provide this data to them.
"Can't we do this in-house?"
It is possible to undertake the archiving of your firm's web and social content in-house. However, when you start to compile a list of your electronic communications it quickly becomes clear that this will be a resource-intensive task for your business.
There are also channel-specific considerations that come into play, for example, many websites dynamically change daily which means every time a change is made you'll need to archive the website. Plus, if you're using a website that utilises personalisation through a platform such as Sitecore or Adobe Experience Manager, you'll have hundreds of rule-based journeys to capture.
Then there's your social media channels, blogs, RSS feeds, instant messaging and more. The final point to stress is that you need to archive these communications in an ISO-compliant format - meaning the records can't be altered and will therefore be legally admissible.
"How much will a web archiving solution cost?"
There are varying costs for different types of web archiving solutions. It depends on the amount of data that needs storing, the complexity of the archiving requirements and the frequency of archiving. However, if your chosen provider is able to offer a SaaS model for your firm, it might be less than you expect and significantly less then the potential financial penalties for non-compliance.
Teleware found in a recent study that 40% of firms are at risk of MiFID Ii fines up to €5 million for failing to comply with record-keeping rules. With the threat of non-compliance so high, it’s critical that firms ensure they have the right solutions and technology in place.
"Are we able to internally handle the volume of data?"
As a leading archiver, we're confident and proficient in dealing with huge datasets. For The National Archives we archive more than 150TB of data, amounting to over 16 billion documents across 4,000+ websites. That's a huge amount of data, right?
For many businesses they just don't have the technical capability to handle this volume of data. And, whilst your data requirements may not be at this scale, when you're performing daily captures of your websites, social media and digital communication channels it's easy to see how the size adds up.
If you choose to use an archiving partner, they should be able to demonstrate the ability to archive data at a large scale, in a compliant format and indexing it for search and replay purposes. You'll also want to evaluate their crawl capabilities, capturing records which are incomplete or flawed will not satisfy compliance requirements. Finally, you'll want to be able to control the frequency of archiving to match your requirements, this automation will give you peace of mind that the archives are happening in the background without further resource required.
"Is it safe to archive data in the cloud?"
Yes. As the cloud market has matured, it's no longer considered an inherent security risk and is often deemed more secure than on-premise data storage.
The added benefit is that the cloud is accessible at all times from any location with an internet connection and saves on investments required for any infrastructure. That said, you may want to consider the stability of the cloud service provider - global providers such as Amazon Web Services (AWS) aren't going anywhere any time soon and so the availability of your data will be assured, whereas smaller providers may not offer the same peace of mind for long-term data retention.
"Will the solution meet our data sovereignty requirements?"
Yes, if you choose a web archiving provider that can store your archives in local data centres (whether their own or facilities operated by an infrastructure partner such as AWS, which offer data centres across multiple regions to satisfy local customers' latency and data sovereignty needs).
Choosing an archiving provider
With a cloud-native company such as MirrorWeb, you'll be using a trusted a secure archiving service provider with extensive experience in understanding the strict requirements of the financial and public sector which allows us to offer scaleable solutions to fit.
- Big data processing specialists
- UK-based, with all data stored in local territories
- ISO9001 and ISO27001 certified
- Fully security-cleared for the UK Government
- Able to manage 150+TB of historic data across multiple AWS availability zones and regions
- Able to provide a true "Google-like" search across the 16 billion documents within the UK Government's National Archives
We've partnered with AWS and Manchester University with which we are developing ML and AI tools, funded by Innovate UK. These exclusive partnerships have allowed us to secure some of the biggest clients who require effective archiving for their websites and social media, including:
- The UK Government's National Archives
- Tesco Bank
- Bailie Gifford
- Houses of Parliament
Our effective and fully compliant enterprise archiving solutions allow us to provide both high-level public and financial sector organisations with the ability to meet their legally imposed compliance demands set forth by regulatory bodies as well as for historic and legislative purposes.