4 min read time

Navigating Compliance in Finance: Lessons from HSBC

by   in Portfolio

Earlier this year, the SEC dished out over $22 million in fines to HSBC and Scotia Capital for failing to preserve internal electronic communications sufficiently. Both firms admitted to wrongdoing and agreed to pay the fines to settle the charges.  They admitted their employees frequently communicated business conversations through offline avenues like WhatsApp. Then, they failed to maintain most of these communications, which is against compliance regulations.

“Today’s actions should not only remind firms of the importance of following SEC recordkeeping requirements but also the value of disclosing violations when they do occur,” said Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. “Both HSBC and Scotia Capital self-reported and self-remediated their recordkeeping violations, and the reduced penalties in these cases reflect their efforts and cooperation. As we continue our efforts to ensure compliance with the Commission’s essential recordkeeping requirements, we encourage other firms to take note and likewise self-report.” The article can be found here.

Financial institutions, and other large enterprises for that matter, must secure and retain internal business communications to not only preserve their customers’ data but also to remain in regulatory compliance.

Because the financial industry leads the way in regulations regarding electronic communications, it has been forced to not only be aware of the regulations but to also be in full compliance with them. Some of the important regulations and guidelines for archiving and retaining electronic communication are listed below. Compliance with these regulations will help your organization avoid fines, sanctions, and other penalties, as well as avoid the risks involved with email, mobile, and social media misuse.

  • FINRA 17-18: “Every firm that intends to communicate, or permit its associated persons to communicate, about its business through a text messaging app or chat service must first ensure that it can retain records of those communications… the content of the communication determines what must be retained.”
  • FINRA 10-06: “Every firm that intends to communicate, or permit its associated persons to communicate, through social media sites must first ensure that it can retain records of those communications… for record retention purposes, the content of the communication is determinative, and a broker-dealer must retain those electronic communications that relate to its ‘business as such.’”
  • The Dodd-Frank Act: When trade reconstruction requests are issued, this act gives firms just 72 hours to comply.
  • FINRA 07-59 states that a firm’s electronic communications, including instant messages and text messages, are subject to overall supervisory review and procedures.
  • FINRA 11-39: Firms are required to retain, retrieve, and supervise business communications regardless of whether they are conducted from a work-issued device or personal device.
  • SEC 17a-4 states that all communications must be maintained, retained, and able to be produced. This regulation was amended in 1994 to include electronic communications.
  • MiFID is a European Union law that states that all electronic communications regarding securities orders must be recorded.
  • FSA are rules the United Kingdom publishes requiring firms to record and store relevant communication for six months.

While all these regulations may seem overwhelming and difficult to comply with, they don’t have to be and millions of dollars’ worth of fines can be easily avoided. With the proper mobile communication archiving tools, enterprises can be sure they comply with legal requirements for mobile communications and retention.

These massive fines could have been easily avoided if HSBC had a compliant archive in place. With proper tools, they could have remained in regulatory compliance and ensured their sensitive data stayed securely within the organization. While there are many archives on the market, not all are enterprise-level, nor boast the same security measures.

OpenText Retain offers organizations a way to ensure compliance with comprehensive enterprise archiving and retention capabilities.

OpenText Retain Mobile

OpenTextTm IM messaging and mobile archiving enables archiving of all encrypted SMS/Text messages, MMS and dedicated business phone number data for iOS and Android devices. In addition to, SMS, MMS, calls, WhatsApp and WeChat calls, Signal, Telegram, and chats from corporate or BYOD mobile phones. OpenTextTm features carrier-level archiving of text messages. This gives you oversight on mobile communication data for your iOS, Android, and other mobile devices on the mobile carrier network. The solution is ideal for environments with corporate-owned devices, BYOD, or a hybrid environment of both. With this mobile archiving functionality, you don’t lose valuable information, your organization stays compliant, and your sensitive data stays securely within your organization.

OpenText Retain Unified Archiving

Archive email, Skype for Business, and mobile communication. All this messaging data is archived into one unified data archive. This gives you the ability to search, publish, and perform NetIQ eDiscovery on all your communication data from one central location.

  • Mobile Communication Management: Retain is the only enterprise-ready archiving solution for iOS, Android, and BlackBerry devices. Retain archives encrypted SMS text messages and dedicated business phone number data for iOS and Android. Additionally, Retain archives SMS, MMS, and phone call logs for Android and BBM, PIN, SMS, MMS, and phone call logs for BlackBerry devices.
  • Policy-Based Unified Archiving: Retain provides fully configurable policies that allow you to define the specific communication data you want to archive.
  • Message Deletion: Retain includes message deletion policies to reduce storage space, and server load on your Exchange, Office 365, or GroupWise system. Policies can be set to delete email from the server after being archived in Retain, or after exceeding its retention age.

Learn from the expensive mistakes of others and implement a compliant archive for business communication retention today!

Visit our site to learn more about archiving business communication.

Want to see it for yourself? Request a demo for Retain Unified Archiving.


Be sure to connect with OpenText on Twitter and LinkedIn.

We’d love to hear your thoughts on this blog. Comment below.

Know your data | empower your people | drive your future