Financial services firms need to focus on their upstream recordkeeping in order to better enable more robust and accurate downstream regulatory compliance
What does the fining of a major Wall Street firm for trade surveillance failures, the holding to personal account of the CEO of a United Kingdom-based bank, the impact of cybersecurity incidents at a pair of broker-dealers, and another two firms being held accountable for off channel communications all have in common? They all represent failures of one or more aspects of upstream recordkeeping with the consequent downstream inability to meet compliance obligations.
Recordkeeping is a core competency for financial services firms. It encompasses a firm’s knowledge of what data or records it has, why it has them, and where they are. It also covers keeping those records secure and unaltered. Without a comprehensive and robust approach to recordkeeping and an associated data governance plan, firms will simply not be able to either fulfil or show evidence that they have met compliance obligations.
Firms are utterly reliant on their records to be able to act on everything from responding to regulators’ requests for information, meeting reporting requirements (internally as well as externally), investigating a complaint, keeping sensitive customer information secure, to undertaking supervision and surveillance.