What is Constant Integrity Checking?
Constant Integrity Checking (CIC) is an ongoing security measure developed by Global Relay to guarantee every bit of data we store for our customers is “true, accurate, and complete” as required to meet multiple regulations around data completeness, including FINRA Rule 4511.
This custom security method enables your organization to demonstrate that you have met data completeness requirements to regulators in line with SEC Rules 17a-4 and 17a-3 around record creation and preservation.
Companies can rest assured knowing the authenticity of their data is being constantly verified, and that the moment a single message goes missing from or appears corrupted in archive it will be flagged.
How does Constant Integrity Checking work?
Constant Integrity Checking works using a hashing system. Every message captured is stored in four locations and a hash is created, similar to the cryptographic function used in blockchains.
A hash is a short string of unique digits that represents the content of the entire message. It can be stored and later compared with other hash strings. As part of this process, there are four identical hashes stored in different locations within the Global Relay archive.
Constant Integrity Checking continuously checks that all four files are present and that the hashes match for each copy of the message. These copies are then checked against the originally stored file. If the hashes match, we can be confident that the files are available without being tampered with, removed, or modified in any way.
Why did we develop Constant Integrity Checking?
Global Relay developed Constant Integrity Checking because ensuring the long-term integrity of every message in our archive is central to our services as an end-to-end communications compliance solution.
Simple data storage and comprehensive recordkeeping are not the same thing. In recordkeeping, the data is stored, but the primary content is accompanied by relevant metadata, an accurate index is preserved, and retrieval must be guaranteed at a moment’s notice should regulatory investigation teams request it.
A lot can ride on an individual message: a legal case, a regulatory investigation, an enforcement action, a company’s reputation, or even its future viability. Firms need to be confident that the message returned represents the exact message received. Constant Integrity Checking is one way to ensure this is always the case.
Example: Why firms need Constant Integrity Checking
Errors in record retention can happen for numerous reasons. In 2023, TD Bank’s Private Client Wealth division was fined $600,000 by FINRA for failing to place email accounts of new employees into the electronic queue established for email surveillance. This resulted in the business failing to monitor and review over 3.5 million emails related to hundreds of employees.
Had Constant Integrity Checking been implemented, hash verification would have identified gaps in the captured email communications between messages received in the archive and those placed in the surveillance queue. Automated alerts would have flagged the incomplete capture long before 3.5 million missing emails were noticed by the regulator.
This immediate notification is crucial: CIC process runs 24/7, so any potential issues are flagged, investigated, and corrected before a message is needed to fulfil a regulatory or legal request – rather than uncovered at the critical moment the regulator comes knocking.
How Constant Integrity Checking safeguards against security breaches
Constant Integrity Checking also serves as an effective early warning system for a range of other potential threats, errors, and risks. In the event a bad actor is able to circumnavigate all other security controls, any modification or removal of data down to an individual message would be immediately flagged by the CIC process.
Even if the cause was not malicious, such as a failing hardware component or a drop in network connectivity (or genuine user error), the CIC process would report on the anomaly and allow our operations team to quickly and efficiently target their investigations.
With data completeness becoming an increasing area of focus – and enforcement – for regulators worldwide, firms cannot simply rely on the assumption that they are capturing every message. They need to be able to fully evidence that messages have been captured and archived completely – and compliantly.
Constant Integrity Checking is one of many security capabilities developed by Global Relay to maximize data security for customers. We’re committed to providing the best technology solutions with the utmost data security.
