Blog article
See all stories »

Does archiving increase risk?

MiFID II is putting archiving under the spotlight again as firms come to grips with being able to promptly recreate trades including all conversations, even if the  transaction didn’t happen. Archiving today has matured past the demands of email storage as organisations embrace unified communication technology, social media and other messaging tools. But the myth still persists that archiving creates an extra copy of the data that is potentially discoverable and therefore increases risk. While on the surface this may seem true there are other factors to consider.

Most archiving systems create two or more copies, which are then backed-up to ensure business continuity. Cloud based systems may even have the data residing in multiple locations, switching between data centres for load balancing or service performance purposes. With all this information moving around, it’s obvious why the lawyers get twitchy.

But the problem really lies in that many organisations don’t centralise their communications data and automate the management of it. Data collected in an ad-hoc manner with a mixture of PST files, imaged hard drives or an Exchange back-up can introduce any number of problems. Items may have been deleted from before the archive occurred or an IT administrator might make a mistake in processes designed to protect the chain of custody of a message.

There is also a concern that preserving everything is over-kill, but archiving doesn’t have to be an all or nothing proposition. Most archiving providers allow for retention policies to be set granularly, enabling general conversation traffic to be retained for as short a time as a few weeks, while communications made by specific teams or executive staff, who perhaps access more sensitive information, can be retained for a longer period.

Some organisations believe that retention decisions are best made by the individuals themselves, however this is dangerous position. Users are not record managers and are ill prepared to make archiving decisions. They are also more likely to delay procedures they see as “housekeeping tasks”, allowing further risk to enter the archiving process.

The idea of retaining nothing outside of regulated communications is also flawed, mainly because the courts take a dim view of this policy. In several high profile cases the outcome has not been favourable with the courts citing this policy as reckless, irresponsible, negligent, questionable and in some cases rendering other information provided as an unreliable source of discovery.

Under MiFID II, firms must make records available to clients for five years and for up to seven years for regulators, there is no getting around archiving at least some communications data. But ultimately the over-preservation risk argument is countered by the benefits gained in improving control over information, delivering visibility and improved productivity for those conducting investigations.


Comments: (0)