Because financial markets are constantly evolving, with many different acquisitions, mergers and spin-offs, and subject to the exposure of multiple risk factors; protect personal customers and internal corporate sensitive data, devices, and applications - but at the same time address all the previous changes - is more critical than in any other market. And it´s a must for their legal and IT departments as companies that belong to this vertical are among the most regulated in the world. (read also "Why choose Micro Focus for Information Archiving?")
Due to these circumstances, they are subject to compliance requirements and guidelines from a variety of regulatory entities such as the U.S. Securities and Exchange Commission (SEC), The European Securities and Markets Authority (ESMA), or the Securities and Exchange Surveillance Commission (SESC) in Japan. In addition, financial institutions are subject to laws such as Dodd-Frank and the Sarbanes-Oxley Act of 2002.
Some of the most important regulations and are listed and summarized below:
- Sarbanes-Oxley (SOX); it requires to store all relevant financial records. The requirements listed under SOX Section 802 “imposes penalties of up to 20 years imprisonment for altering, destroying, mutilating, concealing, falsifying records, documents or tangible objects with the intent to obstruct, impede or influence a legal investigation”. It also provides some guidance with respect to paragraph (f)(2)(ii)(A) of Rule 17a-4, which requires broker-dealers maintaining records electronically to use a digital storage medium or system that "[p]reserve[s] the records exclusively in a non-rewriteable, non-erasable format. Broker-dealers are allowed to preserve records on "electronic storage media."2 Rule 17a-4 defines that term as "any digital storage medium or system·
- SECURITIES AND EXCHANGE COMMISSION (SEC) proposes safeguards against data erasure, provisions for immediate verification of the stored material, and requirements for back-up facilities and to store separately from the original, a duplicate copy of the record stored on any medium acceptable under 240.17a-4 for the time required.·
- Dodd-Frank Act, Each organization shall maintain records of all activities related to the business of the facility, including a complete audit trail in a form and manner that is acceptable to the Commission; and for a period of not less than 5 years.”·
- General Data Protection Regulation (GDPR) was developed to protect personal data by placing citizens at the center of a series of measures designed to protect data both in its management and in its processing. Article 32 of the GDPR, defines the technical and organizational procedures that companies should implement to protect the personal data that they store. Inside GDPR, data controllers must prepare a Data Protection Impact Assessment (DPIA) for processing operations. These assessments be reviewed and updated if data protection risks change.
On the other hand, and due to the highly volatile financial market conditions, customers are demanding those companies for the highest levels of security in order to trust them with their personal data and banking assets as they use to suffer more frequent and more targeted attacks. Looking at what it´s happening across IT world, financial services firms suffer from cyber-attacks 300 times more than businesses in other industries (Identity Theft Resource Center, 2018).
Current approaches to address the compliance requirements and guidelines are largely ineffective. Because their articles are complex and open to interpretation, organizations have found it difficult to determine specific requirements and map technology to them. In addition, most currently available technology solutions are inflexible, comprised of multiple loosely integrated point products, and do not have the analytics at its core to automate required activities on the large volume of data that is a reality for enterprises today.
Micro Focus solutions help organizations to classify, and take action on, sensitive customer information in accordance with legal requirements. In doing so, this technology not only protects the bottom line from the risk of fines and sanctions, but also provides a foundation that can drive top-line revenue with greater strategic insight into customer or market needs.
Information classification is accomplished with ControlPoint (unstructured data) and Structured Data Manager (structured data). These technologies bridge formerly distinct data silos, deliver granular insight into information, and surface only the most-critical and sensitive data. (Read also "ControlPoint Delivers Unstructured Data Visibility and GDPR Compliance")
On the other side, Micro Focus Data Protector addresses legal requirements for protecting customer information from the core to the edge. This comprehensive solution combines a 360º degree protection, real-time analytics and guided optimization to help ensure information is backed up at the right time, in the right way, on the right medium based on its relative importance – for an ideal combination of cost savings and meeting strict recovery and service level expectations.
Last but not least, Micro Focus Retain Unified Archiving helps financial organizations such as investment advisors, lenders, banks, and insurers meet their regulatory retention and supervision obligations. It enables you to capture, monitor, and archive all business related communication data.
Have technical questions about Information Management products? We have discussion forums for every IM&G product.
Do you have an Idea or Product Enhancement Request about IM&G products? Submit it in Idea Exchange.
We’d love to hear your thoughts on this blog. Comment below.