Solutions for UK Financial Firms

Overview

The Financial Conduct Authority (FCA) requires all firms that carry out a regulated financial service market activity in the UK to retain orderly records of their business. This recordkeeping obligation extends to written and oral communications with and on behalf of clients. Firms must also establish and maintain supervisory systems and controls appropriate their size and business. Deposit takers, insurance companies, and systemically significant investment firms are also subject to recordkeeping and supervision requirements enforced by the Prudential Regulation Authority (PRA).

In addition to these regulations, all UK firms are subject to the UK Data Protection Act (DPA), which regulates the processing of personal information.

Global Relay Solution

Global Relay Archive provides a total recordkeeping, supervision, and audit solution for UK financial firms subject to FCA, PRA, and DPA requirements.

RECORDKEEPING FEATURES

Global Relay Archive is an information governance solution for electronic communications. It captures and archives an authentic and complete record of your electronic business communications in a secure but easily accessible cloud repository.

  • Automatically capture communications data, including email, instant messaging, Bloomberg®, Thomson Reuters, mobile messaging, social media, and more.
  • Preserve and index original metadata for each data type.
  • Retain data for the required 5-year term (or as defined by your internal policies).
  • Store tamperproof copies of each archived communication.
  • Replicate data between two mirrored, SOC-audited data centers in near real time.
  • Full-text index and serialize each archived communication.
  • Search for and retrieve any archived communication in seconds.
  • Log all actions on each archived communication in unalterable audit trails.
  • Migrate your legacy data with a clean and defensible chain of custody.
  • Extend retention terms for Legal Holds and investigations.

SUPERVISION FEATURES

With our set of flexible, turnkey supervision tools, your firm can efficiently enforce its communications policies for compliance, proper usage, and corporate governance.

  • Scan and monitor email, instant messaging, Bloomberg®, Thomson Reuters, mobile messaging, social media, and more.
  • Automatically flag communications based on flexible rules that identify prohibited content.
  • Conduct advanced analysis with Boolean logic, criteria lists, proximities, and more.
  • Randomly sample data by percentage or number of communications.
  • View highlighted keyword matches for quick review.
  • Conduct full review of communications and attachments or bulk review of headers only.
  • Approve, reject, or escalate flagged communications with action icons and notes.
  • Build a multi-tiered review structure for escalation to senior compliance staff.
  • Create wizard commands to perform multiple actions with a single click.
  • Filter review queues by policy type, status, date, and other criteria using a Compliance Dashboard and advanced search controls.
  • Enforce granular access rights for authorized reviewers.
  • Document activity in unalterable audit trails, with detailed histories of reviews and related actions taken.
  • Create and modify supervision policies and workflows with an intuitive interface and tools.
  • Monitor activity with detailed ad hoc and scheduled reports.

AUDIT FEATURES

With Global Relay Archive’s audit tools, you can efficiently respond to regulatory audits and evidentiary requests.

  • Search for and retrieve any archived communication in seconds.
  • Produce data online for regulators, external legal counsel, and other third parties.
  • View statistics and reporting on compliance reviews and related actions taken.
  • Extend retention terms for Legal Holds and anticipated investigations.
  • Leverage our in-house Legal and Audit & eDiscovery teams to assist with audits, subpoenas, and other investigations.
  • Use case management tools to identify, organize, and review data.

DATA PROTECTION

Global Relay holds and processes personal data in compliance with the DPA. Specifically, we comply with the following provisions:

Data Transfer Outside the EEA

Principle 8 of the DPA prohibits the transfer of personal information to countries outside the European Economic Area unless there is an adequate level of protection in the destination country. We store all data in two mirrored, SOC-audited data centers located in Canada. Canada is expressly listed under the DPA as an approved jurisdiction for UK data. As well, the European Commission has twice audited Canada’s privacy laws and determined that they provide protection that is equivalent to or better than the European Privacy Directive.

Data Processing

The DPA requires data controllers who contract with a vendor to process personal data on their behalf to ensure the contracted vendor has appropriate technical and organizational measures to safeguard the data being processed. We uniformly classify your archived data as Secret and have implemented physical, organizational, and technical controls to ensure it is secure at all times. We also contract with KPMG for annual testing and validation of our business, operational, and security controls. The KPMG Report provides independent verification of our representations relating to the security, confidentiality, and protection of customer data.

Learn more about your recordkeeping and supervision obligations at our UK Financial Firm Resource Page Learn more