No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Incorporating New Technologies into Your Archiving to Meet MiFID II, GDPR Requirements

by Robert Cruz
May 16, 2018
in Data Privacy, Featured
Communication Tools

Evolving Communication Tools Pose New Challenges for Security

Banks aren’t strangers to reining in their employees’ use of communications tools. However, the methods preferred by customers and client reps continue to change, and if banks don’t keep up with these rapidly changing tools, even those that have made a massive investment into a compliance infrastructure over the years may find themselves struggling with regulatory compliance.

In regulated industries such as financial services, it is common practice to set boundaries for employee use of communications tools. With these restrictions in place, banks protect themselves from allowing sensitive information to be shared egregiously, at the same time working to remain in compliance with bookkeeping regulations. As new communications tools continue to be introduced and used by customers, banks must adapt their client engagement practices while continuing to avoid accruing fines.

The growth of new communications tools

Customers are moving away from email toward more dynamic tools and banks need to mirror these changes to fulfill their customers’ needs. However, while meeting customers at their preferred methods of communication allows banks to remain flexible and competitive, it also produces an additional risk.

The archives that the biggest banks installed in the early 2000s were once considered state-of-the-art. However, they are now finding that they are not designed to optimally handle the wide variety of digital communication channels used regularly in the workplace today. As these systems have aged – with data volumes doubling every 18 months – performance has become even more sluggish and unreliable.

The increased adoption of social media, encrypted messaging and collaboration tools has created numerous challenges for IT and compliance teams. In addition to creating terabytes of more data to comb through and review, the interactions on these channels differ greatly from the static text-based formats of emails.

New Challenges Arise from MiFID II and GDPR

Although MiFID II and GDPR are both EU regulations, the applications are not limited to EU-based organizations. Even if an organization doesn’t have a physical presence within the EU, if any of their clients are based within EU borders, they are, by extension, subject to the rules of the regulations.

For MiFID II, context becomes much more significant when archiving digital communications. According to Article 16, firms must capture all communications leading up to a transaction, including all electronic correspondence, to construct a single narrative instead of treating each interaction as an independent event. With over 100 different communications tools available, client-company representative correspondence is no longer a “linear” exchange between two parties. Compliance programs must now equip themselves with the tools to navigate the multiple threads that these new interactions create. For example, a conversation can now be initiated through email, followed up on over LinkedIn, and carried over onto a personal cell phone, which has become a more common occurrence with the rise of BYOD.

GDPR was developed to protect all EU citizens and provide them with more control over the use of personal data by organizations. The new regulation will grant EU citizens the right to erasure, or “right to be forgotten”, allowing them to initiate the removal of their data deemed no longer necessary in relation to the purposes for which they were collected. As concerns over the management of user data continue to grow, organizations must prepare for an overwhelming wave of erasure request submissions to avoid creating bottlenecks in their responses.

With MiFID II in effect and GDPR quickly approaching, regulations will continue to adapt to cover new technologies, in turn requiring banks to upgrade their archiving and compliance capabilities to adapt to the new regulations.

Embracing modern technologies and practices

To best equip themselves for new data regulations like MiFID II and GDPR, banks need to take a more modern approach to data archiving:

  • Bring their archiving to the cloud. By moving their archiving away from legacy technologies and incorporating newer cloud-based technologies, banks can ensure they have the scalability to handle the increase in volume generated by today’s tools. In addition, hybrid cloud environments allow the flexibility to customize deployments for meeting different geographical and regional data privacy requirements.
  • Partner with the right vendors. MiFID II’s and GDPR’s complexity make compliance a task bigger than any single organization can handle on their own—it’s a team effort that requires the right vendor partners. If it’s discovered that a bank is using a cloud vendor which doesn’t meet GDPR’s requirements, the bank can also become liable for fines as a result. Given the high cost of the penalties (up to 20 million euros or up to four percent of the total worldwide annual turnover of the preceding financial year, whichever is higher), it’s key that banks partner with companies that meet both their technical needs and regulatory requirements.
  • View the new regulations as opportunities, not burdens. Avoiding financial and reputational penalties is definitely a strong incentive to ensure data management regulations are met, but it shouldn’t be the main driving force. Many of GDPR’s requirements address numerous customer concerns regarding how their data is being collected, stored and used. By outfitting the communications tools customers prefer with better data security and privacy services, banks are gaining more trust from their clients by interacting with them on their terms, which often correlates to longer lasting relationships. They’re also gaining more control over their company’s data, allowing greater insight into bottom-line business improvements and the ability to better apply the latest analytics technologies to predict and respond to important trends — benefits that extend far beyond avoiding fines.

Meeting the requirements of MiFID II and GDPR

When it comes to data archiving and information governance, for MiFID II and GDPR, compliance is more than checking a box. Unfortunately, the limitations of legacy archiving solutions prevent companies from meeting the data-privacy standards set forth in these regulations. But with the development of the cloud and advanced analytics, banks today have the help they need to meet the challenge.


Tags: Communications Management
Previous Post

Auditing the Due Diligence Process

Next Post

TRACE: Weighing Red Flags

Robert Cruz

Robert Cruz

Robert Cruz is Vice President of Information Governance for Smarsh. He has more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance and discovery cost and risk reduction.
   

Related Posts

stack of newspapers on laptop

The Social Construction of a Scandal

by Michael Toebe
December 9, 2019

Do corporate execs and legal counsel truly understand the role news media plays in establishing the narrative about fault and...

woman holding smartphone with many "like" and "heart" reactions

Engaging Social Media is More Effective Risk Management

by Michael Toebe
October 25, 2019

Social media communication is a rarely implemented risk management tool, but it should get more play. Michael Toebe makes the...

black and white illustration of shark jumping out of water

The Shark in the Wave: Revealing the Lurking Danger of Slack Data

by James Murphy
June 17, 2019

Hanzo’s Jim Murphy explores the danger of Slack data; voluminous, informal, unstructured and context-dependent, it’s a threat hiding in plain...

hand holding whatsapp icon on pink background

The FCPA Compliance Challenges in Using WhatsApp and How Companies Can Address Them

by Matteson Ellis
May 13, 2019

Matteson Ellis describes what a compliance policy for ephemeral communications should look like – a concern for Latin American countries...

Next Post
Fred flag on plotted point on a map

TRACE: Weighing Red Flags

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT