Change is in the air – over the last three years, we’ve seen no fewer than 10 regulations relating to the retention of electronic communications being issued, updated or clarified by regulators around the world.
Here are just some of them:
- Dodd Frank Act (Section 764)
- FINRA Regulatory Notice 11 – 39
- IIROC Notice 0349
- FINMA Market Conduct Rules
- FDA – Fulfilling Regulatory Requirements for Postmarking Submissions of Interactive Promotional Media for Prescription Human and Animal Drugs and Biologics (Draft)
What does this mean for firms operating in some of the most regulated industries like financial services, pharmaceuticals, healthcare, the public sector and energy and utilities? Regulators that previously did not have the appetite for enforcing the rulebook are now taking renewed rigor in enforcement. A sign of the times perhaps.
But for regulated firms, the inability to retrieve communications to meet regulatory requirements can result in financial penalties and even lawsuits being brought against the organization.
In 2013, U.S. financial services regulator, FINRA, doled out more than $15 million in fines against 66 cases involving electronic communications. Although the increase in the number of cases was small – only a 5% increase from the previous year’s 63 cases – the fines more than doubled. This included a fine of $7.5 million – the largest ever fine for email-related violations of securities rules – for a case described by FINRA as “systemic email failures”.
And let’s not forget perhaps one of the contributing factors to the current regulatory focus on the retention of electronic communications – the manipulation of LIBOR. In the wake of the investigation, it emerged that traders had used instant messaging to collude. An estimated total of US$2.3 billion in fines was shared amongst global banking institutions for their part in the LIBOR scandal.
In a bid for transparency and accountability, public sector organizations are required by the Freedom of Information Act to release information requested for by members of the public within 30 days. A recent benchmarking study showed that for the 86 agency offices that produced documents under FOIA, the average response time was 75 business days with a median of 63 days, a figure more than double the 30 day window.The backlash if information that is requested cannot be found, or cannot be found within the timeframe, can be brutal, to the extent of lawsuits being brought against the organization.
The implication for organizations is that regulators are scrutinizing electronic communications more closely than ever before, making it imperative that archiving plans are designed to meet these regulatory requirements.
Want more tips for archiving if you’re a regulated organization? Download this whitepaper on Record Retention is Back in the Spotlight.