Conducted by research firm Clearconcepts, the survey found that
20% of respondents listed data retention and retrieval as their
most pressing compliance headache, closely followed by e-mail
management.
Concerns over retention and retrieval included data security and
fears that the volume of data would overload systems. Another issue
was the requirement, imposed by various regulations, that data be
stored for a set period of time – the length of which depends on
the particular regulation.
For example, the Data Protection Act states that customer
information should not be retained longer than necessary, yet other
regulations - such as those on money laundering - put pressure on
banks and building societies to store certain customer data for
significant periods of time.
This conflict, said respondents, was slowing down the ability to
formulate strategies for document retention and retrieval. In
particular, it was giving IT directors a dilemma – should data be
retained or deleted? They were all very aware that the impact of
making the wrong decision and falling foul of regulators could lead
to prosecution, large fines and adverse publicity both for the
institution and individuals involved.
The ability to prove to the Financial Services Authority (FSA)
that data is secure and accessible was seen as one of the most
critical compliance issues by the IT directors interviewed.
However, when questioned further, respondents said that accurate
data retrieval is still a difficult hurdle for them to clear.
Problems included an inability to keep track of files that are
sent across different lines of business, and applications that sit
on different drives which make data disparate and harder to
access.
The survey also found that a large number of the 80 financial
services firms interviewed were concerned by the problems
associated with the management of e-mail. They stated that the
growth of e-mail as a knowledge base as well as a communication
tool within financial services organisations has meant that the
problems of retention and retrieval associated with other forms of
data are applying equally to e-mail.
This was especially so, said respondents, in light of recent
regulatory legal cases where e-mails have been used as
evidence.
Finally, all interviewees were asked what compliance solutions
they had already implemented or were currently implementing. Many
firms said that they were adapting existing systems in the short
term in order to meet immediate requirements such as FSA deadlines
and to minimise risk. Others suggested that they would need to
implement new platforms in the very near future if they were to
support the number of changes and requirements of new regulatory
standards.
Data retrieval systems are currently the most popular
implementation at financial services companies with a quarter of
responses emphasising this. More than one in five firms said that a
surveillance solution such as an anti-money laundering system had
been put in place at their organisation.
