Data retention and retrieval is currently the most critical compliance issue facing IT directors at UK investment banks, life and pensions firms and insurance companies.
The research, carried out amongst 80 financial institutions, discovered that one in five respondents highlighted this as their most pressing compliance headache, closely followed by e-mail management. The survey conducted on behalf of Microsoft by research house and compliance consultancy, Clearconcepts.
The ability to prove to the Financial Services Authority (FSA) that data is secure and accessible was seen as one of the most critical compliance issues by the IT directors interviewed. However, when questioned further, respondents said that accurate data retrieval is still a big hurdle for them to clear. Problems they highlighted included: an inability to keep track of files that are sent across different lines of business and applications that sit on different drives which make data disparate and harder to access.
Furthermore, many of the companies questioned said that they were keeping copies of some documents for 15 years even though FSA rules only stipulate seven year retention periods and they viewed this as an area of significant risk for their organizations.
The survey also found that a large number of the firms interviewed were concerned by the problems associated with the management of e-mail. They stated that the growth of e-mail as a knowledge base as well as a communication tool within financial services organizations has meant that the problems of retention and retrieval associated with other forms of data are applying equally to e-mail. Additionally, interviewees expressed concern that the increasing need to retain vast amounts of unstructured data, such as telephone conversations, text messages and e-mails, to ensure compliance, was overloading systems.
Interviewees were also asked what compliance solutions they had already implemented or were currently implementing. Many firms admitted that they were adapting existing systems in the short term in order to meet immediate requirements such as FSA deadlines and to minimize risk. Others suggested that they would need to implement new platforms in the very near future if they were to support the number of changes and requirements of new regulatory standards.