LONDON — 10th August 2004 — A survey conducted on behalf of Microsoft by research house and compliance consultancy, Clearconcepts, has found that data retention and retrieval is currently the most critical compliance issue facing IT directors at UK investment banks, life and pensions firms and insurance companies. The research, carried out amongst 80 leading financial institutions, discovered that one in five respondents highlighted this as their most pressing compliance headache, closely followed by e-mail management.
Interviewees expressed concern that the increasing need to retain vast amounts of unstructured data, such as telephone conversations, text messages and e-mails, to ensure compliance, was overloading systems. In contrast, IT directors at retail banks said that the two compliance issues of greatest concern to their sector are complying with operational risk and data security requirements. IT professionals at life and pension firms said that in their industry implementing systems that will meet regulatory requirements around financial reporting is the second most important priority, after data retention and retrieval.
With the majority of new regulations which impact the financial services sector incorporating a requirement for information to be stored for a set period of time, IT directors at financial institutions said that formulating strategies for document retention and retrieval was being slowed down by the conflicting information between regulations. For example, the Data Protection Act states that customer information should not be retained unnecessarily yet other regulations such as Anti-Money Laundering laws put pressure on banks and building societies to store customer data for significant periods of time. Respondents said that conflicting regulatory requirements were leaving them faced with a major dilemma – should data be retained or deleted? They were all very aware that the impact of making the wrong decision and falling foul of the regulators could lead to prosecution, large fines and adverse publicity both for the institution and individuals involved.
The ability to prove to the Financial Services Authority (FSA) that data is secure and accessible was seen as one of the most critical compliance issues by the IT directors interviewed. However, when questioned further, respondents said that accurate data retrieval is still a big hurdle for them to clear. Problems they highlighted included: an inability to keep track of files that are sent across different lines of business and applications that sit on different drives which make data disparate and harder to access. Furthermore, many of the companies questioned said that they were keeping copies of some documents for 15 years even though FSA rules only stipulate seven year retention periods and they viewed this as an area of significant risk for their organisations.
The survey also found that a large number of the 80 financial services firms interviewed were concerned by the problems associated with the management of e-mail. They stated that the growth of e-mail as a knowledge base as well as a communication tool within financial services organisations has meant that the problems of retention and retrieval associated with other forms of data are applying equally to e-mail. Respondents highlighted that effective e-mail storage and retrieval was a growing concern for them particularly in light of recent regulatory legal cases such as Andersen and CSFB where e-mails have been used as evidence.
Finally, all interviewees were asked what compliance solutions they had already implemented or were currently implementing. Many firms admitted that they were adapting existing systems in the short term in order to meet immediate requirements such as FSA deadlines and to minimise risk. Others suggested that they would need to implement new platforms in the very near future if they were to support the number of changes and requirements of new regulatory standards.
Data retrieval systems are currently the most popular implementation at financial services companies with a quarter of responses emphasising this. More than one in five firms said that a surveillance solution such as an anti-money laundering system had been put in place at their organisation.
Most surprising was the fact that a few of the financial institutions questioned admitted that they had not recently implemented any systems to handle compliance issues.
Andrew Voysey, Director of Financial Services at Microsoft UK said, "It is clear from the research that implementing or adapting systems that will enable their financial institution to comply with regulations are at the forefront of the IT director’s mind across all areas of the financial services industry. Microsoft and our partners, are committed to providing financial services customers with integrated products that not only take advantage of their existing investments, for example in Microsoft Office and Exchange, but also provide a comprehensive platform. This not only enables timely and proactive compliance but can also reduce the cost of compliance, minimise the risk associated with non-compliance and in the long run add competitive edge to the institution."