Data Compliance is Serious Business: Are You Prepared?

By Julie Fouque

A few weeks ago, our company underwent its annual ISO audit—an exercise to evaluate and confirm that the company is conforming to processes that ensure business efficiency and quality, which, in turn, translate into better products, solutions, and services for our customers.

An ISO auditor sat with me at my desk and methodically went through a checklist that required me to show him various policies and examples of how we do our work.

The pressure of someone looking over your shoulder can be nerve racking. But compared to audits that IT and compliance departments in financial services organizations undergo, I’ve got it good.

Regulatory requirements around data compliance in the financial services sector are serious business. Jeroen van Rotterdam, CTO of EMC’s Enterprise Content Division, and Jim Earley, Director of Engineering at Flatirons, recently spoke about data compliance and archiving in the financial services sector on a roundtable conference call.

Here are some highlights.

Pressures from regulations like Dodd-Frank in the U.S. and MiFID-ii in Europe are causing financial services organizations to revisit their information management strategies in order to mitigate risk. For example, banks have to collect emails, chats, voice recordings, and all financial transactions into a single archive. This could easily add up to several hundreds of billions of transactions and several dozen petabytes of archiveable data. Some may be on production systems and some may be on a growing number of outdated legacy applications operating in read-only mode—but all of the data has to be accessible by a regulatory body.

And speed counts. An organization that is ingesting several millions of emails per hour has to index the content, correlate it, and make it available to regulatory bodies within just a matter of hours.

But the task doesn’t stop there.

Just because you’ve made your data accessible within expected time frames, who’s to say that the auditor won’t discover fraudulent activity? Is your organization capable of detecting potential fraud before the auditors come in?

Many financial services organizations are not meeting these challenges, because data compliance fines have totaled more than $2 billion in the U.S. alone over the past couple of years.

Avoiding fines and even jail time are steep consequences for a lack of an effective data management strategy. Or, as Jeroen overheard in a conversation with a financial services professional, “bad things will happen.”

What’s An Organization to Do?

Core components of an effective data compliance and archiving strategy include:

  1. Discoverability—the solution should not only make data within the overall haystack of information accessible; it should make information easily discoverable so that auditors can promptly find specific emails, chats, and other transactional information.
  2. Scalability—a platform is required that can handle massive volumes of both structured and unstructured data and that is nimble enough to scale across disparate systems in the organization, including legacy systems.
  3. Flexibility—the platform should be able to adapt to changing regulatory requirements, without requiring you to re-feed data into it.
  4. Geo-fencing—the data management solution should be able to provide country- or regional-based archives so that data doesn’t leave specified geographical boundaries or drive up costs to meet geographic requirements.
  5. Security—the solution should provide security controls and reduce manual surveillance techniques through automated fraud detection.
  6. TCO & ROI—the data compliance solution should provide a low total cost of ownership and provide opportunities for cost savings through use cases such as the retirement of legacy applications and related opportunities for cost take out.

Jeroen and Jim gave these recommendations based on work in compliance and data archiving that EMC and Flatirons have been doing in the financial services arena.

Jeroen noted that the InfoArchive platform by EMC was recently moved to the “leader” category in Gartner’s Magic Quadrant for Structured Data Archiving and Application Retirement (learn more), and Jim shared ways that Flatirons has built IP on top of the InfoArchive platform to help EMC customers further reduce the time and cost to archive data.