The reasons for this are simple: many financial services firms do not appreciate either the scale and nature of their own digital footprint, nor how all-encompassing existing regulations are when they stipulate keeping records of all digital communications.
The risk here is considerable, and the disruption caused by the move to home-working provides no excuse. The FCA has made clear that all financial institutions must continue to abide by their normal regulatory obligations regardless of working from home, and that those that fail to do so will be met with an appropriate level of “pace and decisiveness”.
So what are City firms doing wrong, and what can they do right?
Scale of the problem
To appreciate the scale of the problem, it’s worth thinking about just how many webpages a firm could have. Many companies have sites in multiple languages spanning dozens of countries. For example, at MirrorWeb one of our clients has 11,000 webpages that need to be archived.
Each one of these pages could contain information that an investor uses to make a decision. But without archiving the pages, the firm cannot be sure that the rates or fees mentioned were definitely correct at various points in time. And without archiving, the firm cannot guarantee it has the evidence to refute accusations of miss-selling.
But shockingly, we have come across some asset managers who rely on simply setting a calendar reminder to take screengrabs of their webpages every so often. Never mind not capturing every single page (as regulations require), this completely fails to appreciate how often webpages are updated –which can be daily or even hourly. Plus, if you're using a website that utilises personalisation through a platform such as Sitecore or Adobe Experience Manager, you will have hundreds of rule-based journeys that need to be captured.
Moreover, regulations require that social media channels, blogs, RSS feeds, instant messaging and more all need to be archived in an ISO-compliant format – meaning the records cannot be altered and are therefore legally admissible.
How to solve it
The good news is that there are multiple options for web archiving, from free tools to fully managed services and solutions.
However, some firms still struggle to convince their boards that they need to invest. In our experience, there are two common misconceptions that act as barriers to the adoption of web archiving.
First, some firms think they are compliant because they have backups. But as we have written about before, backups and archives are very different things.
A backup is used to help a business recover lost, deleted or corrupted data from a saved point in time and aims to restore operations as efficiently as possible. However, the data in a backup is not normally protected against being manipulated and changed. An archive, on the other hand, is for long-term preservation and retention of historical data for regulatory compliance – and should be unchangeable and incorruptible.
Based on this, data that is only backed up is not legally admissible in court, nor is it compliant with regulations such as MiFID II.
And second, some firms worry about the possible costs of web archiving solutions. Costs of course do vary, depending on the amount of data that needs storing, the complexity of the archiving requirements and the frequency of archiving.
However, the costs will be significantly less than the potential financial penalties for non-compliance. Indeed, last year, the UK’s FCA imposed fines relating to transaction reporting and disclosure that totalled around £75 million – a sum that rises to about £160m once misleading customers is taken into account. The overall fines tally is higher still at £391.8m, up from £60.4m in 2018.
So how do you choose an archiving provider?
We would advise that they should be able to demonstrate the ability to archive data at a large scale, as many organisations are surprised by just how much data they have. For example, for The National Archives MirrorWeb archived more than 150TB of data, amounting to over 16 billion documents across 4,000+ websites.
It is also important to make sure a provider archives in a compliant format, and that they index it for search and audit purposes. Similarly, it is worth evaluating their “crawl capabilities”, to ensure they are not capturing records which are incomplete or flawed.
Finally, it is worth looking at their client base to get a better sense of their experience. For example, we found that many financial services clients were more reassured that we had web archived for the Houses of Parliament, HM Treasury and Bank of England than for their competitors, as they found it a useful benchmark in conversations with regulators and politicians. Conversely, some university clients were more interested that we had worked for Tesco Bank and Zurich, as they knew the rigour that such organisations would apply to procurement.
Whichever solution a firm chooses, one thing is for certain – with the sheer scale of digital content being created and the speed at which websites evolve, the need for archiving is only going to increase. So better to act now rather than be exposed to the greater regulatory scrutiny and hefty fines for non-compliance that are ever more frequently being imposed.