Data is crucial to the modern economy, particularly when it comes to financial institutions (FIs). Their ability to store, access, and analyze massive amounts of data in an effective and efficient manner greatly adds to their competitive advantages.
But data collection isn’t solely about that. FIs must also ensure that they are properly collecting and storing data in order to achieve regulatory compliance. Capturing and processing data to achieve “data completeness” means that they can show every action and its associated paperwork.
What’s more, this must be done in such a way that it is available at a moment’s notice, with zero margins for error. For example, the Dodd-Frank act requires a full timeline of events including trades and communications to be provided within 72 hours, for SWAP market participants.
Severe fines for non-compliance
A failure to do this can result in severe fines from global regulators — ranging from tens of thousands up to millions of dollars — for not properly capturing information in an effective manner.
For example, in November 2020, Santander Investment Securities agreed to pay a fine of $150,000 to the United States Financial Industry Regulatory Authority (FINRA) for not capturing around 6 million emails for more than 100 employees over a five-year period. That was nothing compared to the enormous $4.5 million fine issued to Citigroup by a U.S. regulator at approximately the same time. The fine was related to the deletion of 2.77 million audio files that included trader conversation recordings.
In both cases, the FIs denied purposeful wrongdoing. Instead, it seems likely that the problem was the result of insufficiencies and flaws with the way the archiving and associated monitoring systems were set up. The Santander incident involved a coding problem following the migration of one server to another. As a result, the emails were not properly collected on a review platform. Meanwhile, the Citigroup incident involved an audio preservation system configuration that triggered mass accidental deletion of audio after a specific period. In both cases, they were failing to show proper diligence when it came to gathering the right data.
Regulations vary, data requirements remain
Ultimately, the reason why this data wasn’t gathered simply does not matter. Whether it’s willful wrongdoing or a bad line of code that’s been erroneously implemented, the problem comes down to a binary question: Have FIs got the correct data to report? If they have, it can be assessed by regulators. If they haven’t, there’s a big problem.
That’s the case even if all of the transactions that have taken place are entirely correct and by the books. Because regulators can ask a firm at any time to prove that all relevant data has been captured and processed, those companies which overlook this are playing with fire. Not capturing and processing the necessary data could be the costliest mistake they ever make.
Regulations differ depending on where you are around the world, and new regulations are added all the time. But while the fine print can change, the overall message of “save every bit of information you can” remains the same. In a world in which that includes not just trade information, but also emails, phone correspondence, messages on workplace communication platforms like Slack and Microsoft Teams, and even (increasingly) personal communication channels like WhatsApp and SMS text messages, this isn’t always easy to do.
Data doesn’t need to be simply gathered in the digital equivalent of massive archive storage boxes that are never opened again. In order to ensure compliance, it’s crucial that these myriad data sources are connected in a way that allows them to be brought together for instant reconstruction, retrieval, or playback where needed. As such, this is something that needs to be taken seriously.
How do we solve that
To help companies stay on top of these requirements, and have the most up-to-date information to them at all times, Shield’s platform generates a Data Completeness Report for customers at the close of each day. This includes both the end-of-day dump file with data sources such as Bloomberg, Thomson Reuters, Symphony, along with a comparison between the data source and the actual data imported into Shield. The purpose is to reconcile what actually happened during the trading day, with the supporting data to show how and why.
Shield also generates a list of all of the journaled emails made the previous day. Importantly, this comes with a summary of not just what is there, but also what isn’t — meaning gaps identified using metadata. A dashboard completeness widget can show users the daily summary report. The report runs daily after a full import of data has been completed. In doing so, Shield makes it much easier to capture and process data for regulatory purposes.
Data is one of the most valuable assets a modern business has at its disposal. But don’t let “value” turn into “cost” in the form of unwanted (and unnecessary) financial penalties. By employing the right tools, FIs need never worry about not having the right data at their fingertips to meet whatever regulatory demands are thrown at them.