By David Wagner, President and CEO, Zix
Compliance isn’t just one obligation; it’s several. First and foremost, it’s a commitment to abide by regulators or face strict penalties. Beyond that, it’s a promise to deliver fair and transparent financial services to every client and customer. Most broadly, compliance is a signal that organizations are committed to transparency, integrity and best practices.
Understanding the full spectrum of compliance is important because in all ways it’s about to become more complex, consequential and costly. Robert Cook, the chief executive officer of the Financial Industry Regulatory Authority (FINRA), recently signaled that tougher requirements for data protection and disclosure are coming down the pipeline.
In FINRA’s Annual Risk Monitoring and Examination Priorities Letter, which was released in late January, the organization explicitly shines a spotlight on digital platforms and the various ways that firms can use online tools to communicate with customers. Using these platforms is not a viable shortcut around compliance requirements. FINRA also outlined its plan to focus on how firms utilize regulatory-technology (also known as regtech) tools in regard to compliance.
Financial firms need to prepare for the archiving of more records and file formats by the conclusion of 2019, and these archives will need to be stronger and more accessible to satisfy compliance regulations. Considering how much of the financial-services industry has become data-driven in recent years, it goes without saying that any rules applied to electronic information expand the regulatory landscape significantly.
The untamed expense of compliance
Compliance has three key components: saving, securing and supplying. Firms first need to capture communications from as many channels as possible—email, social media and otherwise. As that archive accumulates with personal and highly sensitive information, it will need to be protected by gold-standard security. Finally, the archive must be accessible enough to supply regulators with extensive or specific documents on demand.
The past decade in financial services is not seen as a particularly aggressive period of regulation. Yet since 2011, compliance costs have risen by 43 percent. The average firm now pays $5 million annually to manage compliance, not counting whatever extra they pay in fees and penalties.
When all the attendant costs are included—fines, productivity losses, business disruption, public relations damage and settlement costs—compliance actually drains $14.8 million out of firms annually, a total that is up 45 percent since 2011. To put it simply, noncompliance costs 2.71 times more than compliance.
Those jarring financial figures are but one aspect of the compliance puzzle. The logistics of doing good business with customers and clients also warrants consideration. People don’t adhere to the notion of business hours anymore when it comes to accessing important information. This is especially true in time-sensitive industries, of which finance may be the most crucial one.
Avoiding compliance would, therefore, require firms to extinguish digital communication channels—an impossibility in the digital age. Your company and its customers would certainly scoff at eliminating texts and social-media platforms as communication options.
Comprehensive archiving, then, is an absolute necessity—both an obligation and a solution for firms in the financial-services industry. The right kind of archive satisfies regulators, while simultaneously making compliance management easier on everyone involved.
The elements of an effective archive
Most firms already have an archive, and the new rules are explicitly designed to address the inadequacies with those repositories. Therefore, for companies to become compliant—consistently and with minimal oversight—they need to focus on upgrading their existing archives. Adding these components is key:
- Automatic updating:Think of how many client communications flow through all of the various information channels daily. Now imagine trying to capture each one, analyze the contents for any regulated information and manually put whatever applies into an archive. The effort would be overwhelming and would inevitably lead to an incomplete database. The best approach is to automate the entire effort. Use technology to monitor incoming and outgoing communications, pick up on keywords and phrases, and automatically organize those messages within the archive. Thanks to automated updating, firms can build a comprehensive archive almost effortlessly and not sacrifice a ton of hours along the way.
- Sophisticated e-discovery:Archives should be dynamic repositories instead of moldy, haphazard collections. When firms are required to turn over communications as part of the e-discovery process, they need careful control over what they supply. The goal is to turn over just the required information and nothing more, so firms must be able to explore and extract information with precision. Sophisticated e-discovery tools make it easy to segment, slice and dice archives according to whatever the situation might require. A delicate situation calls for a precise tool, and segmented information is a key characteristic of an appropriate archive.
- Data fluency:The definition of “protected” information is being expanded significantly, from just a handful of categories to now dozens. Firms must be able to archive data broadly, not just data from the most sensitive or widely used communication channels. Regardless of file format or source, a good archive can capture the necessary data and ensure that important information is not accidentally excluded. Widespread, information-agnostic archiving allows firms to stay ahead of ever-evolving regulations. It also empowers firms to leverage data to improve processes and gain a competitive edge, all while staying compliant.
- Cloud basis:Archives, by necessity, must be able to grow and change in unpredictable ways. On-premises archives have significant limitations that cloud-based archives do not. Flexibility and scalability are key features of the cloud, along with the built-in cybersecurity that large, information-rich archives require. In practice, cloud archives eliminate a lot of the maintenance issues that bleed valuable resources and put compliance at risk.
- Central governance:Collecting everything in one place is important, but treating everything equally is just as important. Don’t think of archives as mere information dumps. Rather, think of them as savvy tools for standardizing all of the information on which the firm relies. Standardization is the crux of compliance. Once all data is subject to central governance, it follows the same rules outlined by financial regulators. Plus, it becomes much easier to explore the data once it’s homogeneous.
Firms can look at archiving as an obligation, or they can approach it as an opportunity. For instance, archives offer deep insights into a firm’s practices and performance, allowing them to take an objective look at their own strengths and weaknesses. Proactive firms can then leverage these insights to bootstrap their own bottom lines.
Disaster recovery is another unexpected advantage of comprehensive archiving. When information technology (IT) departments are scrambling to recover important emails and irreplaceable business communications, all they have to do is pluck them from the archive. Regulatory penalties are painful, but lost data is absolutely disastrous. Archiving helps mitigate both dangers.
The writing is on the wall: Financial firms that can’t (or won’t) store information correctly will face fees, potential lawsuits and public-relation repercussions. Regulators shouldn’t need to demand archiving, and it’s not hard to make the business case for it, either. If your firm runs on data—and which one doesn’t? —why not save as much of it as possible in an optimal environment? It’s an asset from which everyone can benefit, and no one regrets.