Setting the record straight on retention: How to appropriately capture data and fulfill regulatory requirements

It is well known that record retention is central to financial industry operations - but best-practice makes perfect. Our guide will help your organization abide by regulatory requirements and confirm data is being managed, secured, and archived.

24 August 2023 6 mins read
Profile picture of Kathryn Fallah By Kathryn Fallah

In brief:

  • Recordkeeping is a fundamental procedure in finance and ensures information is accurately stored and protected
  • It is critical to abide by federal recordkeeping regulations and requirements or risk being liable to fines and censure
  • Organizations must stay aware of retention timelines and implement best-practice policies around recordkeeping

A sizable, well organized record collection is always impressive – but we’re not talking about the vinyl. While you might not find a record player in every office, record retention is as essential as ever for banking and finance firms.

Managing, capturing, and storing all critical business materials, including records, documents, and communications, assures that organizations have an evident collection of their data in case information is lost or needs to be audited by a federal entity. Moreover, regular retention is part of the day-to-day of business, as inevitably, data will need to be accessed and reviewed at a later time.

When organizations archive their records and establish compliance measures, all should be well. Yet, many companies face fines and breaches for recordkeeping failures. So much so that the Securities and Exchange Commission (SEC) underscored its intolerance for inadequate retention and warned companies to keep in line, or else they may be next.

Even when recordkeeping rules are in place, there are regular examples of organizations not maintaining them correctly, causing noncompliance. Besides meeting federal requirements, the threat of a potential data breach speaks to the vitality of appropriate recordkeeping. Supervising and reviewing communications records can identify and mitigate possible breaches, protecting organizations from harm and compromised data, as well as the reputational damage associated with a data breach.

The minutiae of everyday dealings may seem inconsequential, but all pieces of information could be relevant to business operations. Stay vigilant, and make sure nothing goes unnoticed or unrecorded.

So, why do companies need to retain their records?

All companies should collect records and valuable data to refer to when needed. Not only does retention assist in tracking and authenticating information, but it is also beneficial for proof of investments, accounts, transactions, interactions, and more.

For financial firms and data, recordkeeping is a fundamental system. Without successful retention, the industry could not operate. If financial information is jeopardized or unverifiable, it can threaten the very existence of a company. Besides being unable to validate business relations and dealings, federal entities would have no way to track vital data and confirm compliance.

In a statement concerning updates to electronic recordkeeping requirements in October 2022, the Securities and Exchange Commission (SEC) Commissioner Caroline Crenshaw commented on the importance of record retention:

“Recordkeeping is not an especially flashy topic. However, for regulators, a robust recordkeeping regime is fundamental to our ability to oversee our regulated entities. Without accurate and complete records, it is difficult or impossible to assess compliance with our rules.”

Failure to follow regulations can result in disciplinary action and tremendous fines that can be detrimental to organizations. In 2022, the total amount issued by the SEC for fines and recordkeeping failures stood at $6.4 billion.  

(Record)keep on top of things

Per SEC and the Financial Industry Regulatory Authority’s (FINRA) requirements, retention timelines can vary based on record type. Detailed information on how long each record must be kept is covered in section 17 (a)(1) of the Securities Exchange Act of 1934. FINRA also has its own requirements. Notably, SEC Rule 17a-4 had remained unchanged until October 2022, when it was amended for the first time in 25 years to modernize recordkeeping requirements and reflect industry changes.

A ledger reflecting all assets and liabilities, for example, must be preserved for at least six years, while originals of all communications received and copies of all communications sent by a national security exchange member or broker-dealer must be preserved for at least three years.

To abide by and support a successful retention system, organizations should maintain a schedule detailing how long they’ve had (and will need to retain) a range of records. Well-defined documentation makes it easier to sort through records and confirm that businesses are following procedures accurately.

On top of that, organizations should have policies around compliant communications, which is a huge aspect of recordkeeping failure and associated fines. Off-channel communications are consistently making headlines, so it is imperative that companies mandate communication and messaging procedures around all relevant platforms to manage and record all internal and external business interactions in case federal entities come knocking.

In October 2021, Gurbir Grewal, Director of the SEC’s Division of Enforcement, urged organizations to be proactive in creating policies to maintain compliant communications:

“A proactive compliance approach requires market participants to not wait for an enforcement action to put in place appropriate policies and procedures to preserve these communications and anticipate these emerging challenges.”

Businesses can ensure their records are suitably stowed and maintained by obtaining an archiving tool from a third-party vendor. Researching a comprehensible, trusted, and compliant archive system is key to meeting recordkeeping requirements.

Safety first, second, and third

A particularly crucial reason that retaining information is required of all financial organizations is because of the safety risks associated with the industry. Often, bad actors’ main goal is monetary gain. Who better to target than an institution dealing with sensitive financial information?

Record retention is advantageous in safeguarding organizations from harm. If an employee shares sensitive information over a non-compliant messaging platform, for example, and is hacked by a cybercriminal, or if the person they are messaging is not who they think they are, it can cost a lot of money. Not to mention, this situation can significantly impact a company’s reputation.

Now that’s stored away

Recordkeeping has been, and will likely remain, a hot topic in finance. While federal regulators continue to stress the importance of proper retention, news consistently demonstrates that it is an ongoing concern.

When regulators come around, don’t end up a target of recordkeeping failure fines. Take charge by applying and upholding policies around record retention, remaining compliant with federal requirements, effectively storing records to protect important information, and making sure all your corporate communications are ‘on the record’.

Looking for a recordkeeping solution for your business? Get in touch. Global Relay offers a user-friendly and trusted regulatory compliant archiving tool for all your retention needs.