The need for more robust data retention management and enforcement is more than just good data management practice. It is a legal requirement for financial services organizations across the globe to comply with the myriad of local, federal, and international laws that mandate the retention of certain types of data for example:
- Dodd-Frank Act: Under Dodd-Frank, firms are required to maintain records for no less than five years.
- Basel Accord: The Basel guidelines call for the retention of risk and transaction data over a period of three to seven years. Noncompliance can result in significant fines and penalties.
- MiFiD II: Transactional data must also be stored in such a way that it meets new records retention requirements for such data (which must now be retained for up to five years) and easily retrieved, in context, to prove best execution.
- Bank Secrecy Act: All BSA records must be retained for a period of five years and must be filed or stored in such a way as to be accessible within a reasonable period of time.
- Payment Card Industry Data Security Standard (PCI): PCI requires card issuers and acquirers to retain an audit trail history for a period that is consistent with its effective use, as well as legal regulations. An audit history usually covers a period of at least one year, with a minimum of three months available on-line.
- Sarbanes-Oxley:Section 103 requires firms to prepare and maintain, for a period of not less than seven years, audit work papers and other information related to any audit report, in sufficient detail to support the conclusions reached and reported to external regulators.
Each of these laws have distinct data collection, analysis, and retention requirements that must be factored into existing information management practices. Unfortunately, existing data archiving methods including traditional database and tape backup methods lack the required capabilities to effectively enforce and automate data retention policies to comply with industry regulations. In addition, a number of internal and external challenges make it even more difficult for financial institutions to archive and retain required data due to the following trends:
- Big data—exploding data volumes and variety: According to industry experts, 1.8 zetabytes of data was created in 2011 alone. (One zetabyte is equal to 1 billion terabytes.) In the banking industry, data has been growing exponentially in firms of all sizes fueled by a variety of reasons: electronic payments, Internet banking, mobile devices, social media integration, expansion in global exchanges, growth in enterprise business application adoption, and high-frequency trading systems all of which continue to produce more data than ever and impact the scalability and performance of how firms archive and retain required data.
- Growing number of systems and applications: The number of systems and applications in a large financial institution often runs in the hundreds. For larger firms and those involved in past mergers and acquisitions, that figure can run in the thousands, including ERP, CRM, underwriting, payment processing, risk management, teller systems, phone banking, Internet banking, and more. Increased adoption of Cloud-based applications and service outsourcing, while offering cost efficiencies, create data retention complexity. The more systems and applications, the greater the complexity, cost, and risks of effectively storing, accessing, retaining, and retrieving data for regulatory reporting and audits.
- Greater legal discovery requirements: Legal situations present unique data challenges to financial firms. Over and above the aforementioned government regulations, financial firms must retain data related to legal discovery requests until the legal situation is resolved. These legal retention requirements do not correspond to the retention periods of government regulations and therefore add further complexity to the retention strategies that firms may already have in place. Perhaps most importantly, legal discovery requests must be satisfied by producing the requested data, no matter how specific. To meet these requests, firms must be able to identify relevant data across all applicable data stores.
Financial institutions dealing with data growth and retention challenges need an overall approach to information management that accommodates operational, regulatory, and legal requirements. The creation and deployment of such strategies is extremely complex in the best of circumstances. But the alternative is worse: a disjointed collection of ad hoc policies applied inconsistently across the organization, which increases cost and complexity while reducing operational efficiency. In addition to having defined data retention policies and processes, having capable data archiving technology to manage ongoing retention rules is equally important. Informatica’s Data Archive solution, part of its Information Lifecycle Management (ILM) suite, offers the comprehensive capabilities that enables effective data retention management and recovery financial firms need to satisfy industry regulations, lower costs, and improve ongoing governance of their data assets.