Digital transformation is accelerated. It is an opportunity for businesses to position themselves within the digital economy. Data storage is trending away from the traditional on-premises environment towards cloud environments. In the coming years, C-suite leaders will strategically initiate and progress the transition from legacy application data to the cloud, to maintain security, regulatory compliance, legal defensibility, and ensure scalability. In the Pulse report entitled ‘the future of legacy application data and the cloud’, executives that were asked why they were looking to move their legacy data off-premises and to the cloud, 46% cited regulatory compliance, such as communication recording and record-keeping, as the top reason.
The reality is, as industry regulations increase, following Brexit and hybrid working conditions, compliance is becoming costlier to maintain. Financial services are now using cloud-based communications recording solutions, such as Custodia CC1, that make compliance archiving and storing easier and cheaper. Corporate communications are stored securely in an offsite storage system, yet still easily accessible by compliance officers. An organisation is able to meet regulatory compliance requirements mandated by the SEC, FINRA, and the European, and National competent authorities.
Cloud migration, in simple terms, means to move data, applications, and other business digital assets from an on-premise infrastructure to the cloud – a virtual server with shared resources. Cloud environments enable much-needed speed and facilitate the demands of modern operations, clients and regulators, but compliance officers need to consider 4 aspects of communication recording and record-keeping in order to ensure a successful digital transformation.
1) Capturing communications across current and new systems
The post-COVID hybrid working environment challenges compliance officers with a need to record on-site and at home devices. It has always been assumed that working in a busy trading floor or working environment was an essential part of the financial services DNA, and it turns out that many parts of transaction processes can been managed from home. Custodia aims at simplifying compliance efforts in this new environment by integrating directly above any existing and new vendor systems organisations employees use, on premises or at home. The Cloud Compliance OneSM architecture provides tamper-resistant and permanent digital records to ensure conformity with financial regulatory obligations.
2) Record – recording and retention periods
Keeping appropriate records is fundamental. Records must have sufficient content, context and structure to provide evidence of trade identities and the pattern of the client’s business activities, including all transaction records. The ingestion layer is responsible for data movement from business applications to the record CC1 retention solution. Records targeted for regulatory retention are commonly ingested at the end of each business day, although CC1 customers are able to decide the appropriate frequency tailored to their business needs.
3) Compliant Storage of data
Compliance with financial services regulations relies on transparency. Communication recording solutions should include metadata alongside each conversation for a detailed record of customer interactions. At Custodia we believe that a compliant voice recording technological infrastructure should include rich audit call files – including timestamps on conversations – to allow for quick and easy search and retrieval of information – but also better position compliance officers when dealing with regulators. The CC1 Insights dashboard provides an audit trail - the complete history or log of any activity being performed on a record. It demonstrates the chain of custody for a record and its management from declaration to disposition. Auditors or regulators may expect this trail of events to be retained in an immutable format, to evidence that data has not been modified.
After incoming data is validated and any issues are corrected by the CC1 platform, further processing of the data will be assigned to a user group, encrypted and locked with a specific retention period (set by Custodia’s clients) and stored in the write-once-read-many (WORM) archives system
4) Analyse – governance and audit trail
CC1 with its integrated Insights technology-led management dashboard produces systematic necessary reports. These reports are based on all the records complete and unchanged across the entire chain of custody. Under MiFID II, firms will need to review their recordings from time to time to ensure compliance. Regular and ad-hoc assessment of recording procedures and of the adequacy of such mechanisms in place will be a basic requirement. A regulated organisation must provide proof that all relevant communications are captured and are readily accessible to accurately reconstruct the audit trail of a financial transaction. On the CC1 dashboard, compliance officers can perform several data quality checks to ensure that all the required data and attributes have been provided as part of the archive generation process. The CC1 services also include an alert system that will detect a default within the recording infrastructure – making the compliance department able to identify and resolve issues in the most timely way.
About Custodia Technology
Custodia provides full end-to-end solutions for the compliance estate and, in addition to independently supporting best-in-class vendor technologies, it provides its own financial sector software solutions, with a teamed approach to support and training, covering more than 100 countries.