Regulatory Compliance

Financial industry regulators are upping the ante in terms of requirements for digital record keeping. Leading firms are learning that amid rigorous requirements and the emergence of advanced, fast-evolving technologies, the best approach is to outsource.

Why Do We Need So Many Rules?

Investopedia reminds us that “regulatory bodies are established by governments or other organizations to oversee the functioning and fairness of financial markets and the firms that engage in financial activity.” The truth is, few service organizations are as highly regulated as securities dealers, brokers, banks, and related financial groups.

For this, among others, thank James Landis, a high-profile attorney who in the 1930s helped pen legislation regarding “disinterested” participation in the review of financial statements laying the foundation for today’s independent auditing requirements. Moreover, Landis is known as the “guiding hand,” leading to the creation of one of the most powerful regulatory bodies of them all, the Securities Exchange Commission (SEC).

Regulations, whether written by the SEC, EU, the newly created Financial Industry Regulatory Authority (FINRA), abound. Their number, scale, scope, and cost for non-compliance are astounding. For example, run afoul of the 2016 General Data Protection Rule (GDPR) and “beyond tarnished brands, stock devaluation, and lawsuits,” which indeed can be costly all by themselves, the EU can also tack on fines of up to €20 million. So regardless of whether company leadership agrees with the purpose or effectiveness of any regulation, it pays to comply.

The Rise of Digital Record Keeping

One of the fastest-growing elements within compliance is the need for digital record keeping. Consider SEC 17 CFR § 240.17a-4. Here the agency is requiring securities broker-dealers to keep records of virtually every electronic communication regardless of platform or channel for no fewer than six years. That means everything from transactions ledgers and intercompany accounting entries to emails, videos, texts, voice calls, and all interactions on social media whether through Twitter, LinkedIn, or whichever platform the firm prefers.

A wide range of similar rules is also in place for key areas within financial services. For example, following the 2008 financial crisis, the EU established its Markets In Financial Instruments Directive (MiFID). Updated in 2018 as MiFID II, the regulation details requirements closely correlating with SEC 17 CFR § 240.17a-4. (A study conducted at the time MiFID II was launched warned that 40% of financial firms were non-compliant, risking fines of up to €5.) Back to the U.S., the long-standing SEC 204(2) applies to financial advisors and has been updated to require them to be able to produce five years of records – with two years on immediate premises.

This barely scratches the surface of all the regulations being written requiring greater rigor in digital record keeping across all sectors. Such rules are becoming more stringent in everything from healthcare to pharmaceuticals, energy, and even the public sector. The EU’s above-mentioned GDPR, for example, applies across all of the economy – anywhere any entity has access to personal data.

How Records are to be Stored

Not only are regulators demanding that more data be stored and at the ready, increasingly they are stipulating precise and often demanding conditions for storage. Some of the most common requirements include:

• The data and records must be immutable. Regulators are always on the lookout for fraud. Regarding digital record keeping, regulators need greater assurance that a requested file hasn’t been altered after the fact. As a result, one of the common requirements across the whole of record-keeping rules is that the data be stored in tamper-proof conditions. This speaks to the need for not only baseline cybersecurity, but also the use of “write once, read many” or WORM-compliant media.
• Redundancy is mandatory. In the case of fire, theft, cyberattack, or similar, mirror-image data must be stored in two or more locations. Regulators will not be satisfied by claims that “the dog ate my homework.”
• Records must remain sovereign. Whatever the agency, the new record-keeping rules almost universally prescribe where digital records must be maintained. Certainly, records may be cloud-based, but the servers in question must reside inside the regulator's jurisdiction.

The Rise of Outsourcing

The above list is by no means comprehensive. In fact, the rules and core requirements are continuously evolving. Due to the vast and growing array of record-keeping requirements and their complexity, a growing number of companies are turning to outsourced solutions.

“Digital record keeping is... becoming more of a specialized and technical field,” says Harriet Christie, COO at MirrorWeb. “The types of clients who are coming to us are those who want to spend less time worrying about whether or not they’re capturing and archiving everything they need to – whether or not the web crawlers captured this web page or that social media site today and where the data is being stored – and more time on their core business.”

This is not to say a client is abdicating responsibility for archiving. “We empower compliance teams by giving them access to our best in class solutions, which are offered on a fully searchable, easy to use software as a service (SaaS) platform.” Christie explains; however, she maintains that her group is fully capable of delivering “fidelity” and that “we will never miss or misplace a scheduled capture.”

Once a client begins using MirrorWeb, “they often wonder why they didn’t do this sooner,” says Christie. Onboarding is light touch and comes at no cost. As Christie explains “we feel it’s our role to bear this expense.” Moreover, the data captured and archived is at the client’s behest, 24/7/365, and unlike other providers, “there’s no fee for accessing your data,” Christie says.

Overall, MirrorWeb’s mix of quality, ease of use, peace of mind, and surprisingly low cost is winning everywhere from financial services to the public sector. “Our clients include not only financial services providers but also the BBC and Library of Congress,” Christie says. “When people see what we can do it is eye-opening. We are absolutely disrupting the record keeping space – and we’re ready to show people why. So let’s talk.”