In regulated industries such as financial services and government sectors, most regulators require organizations to capture and record text messages, as well as archive voice calls- among other types of mobile content–and store those records in unalterable formats.
A plethora of different storage technologies exist that will ensure that the organization’s original archives will never be altered – one such is WORM (write once, read many)storage. According to TechTarget, WORM is a data storage technology that allows information to be written to a single disk a single time and prevents editing, overwriting, renaming or erasing the data on the disk.
Using WORM technology eliminates the risk of original records being altered or deleted accidentally or intentionally– enabling financial companies and public agencies to comply with the record keeping standards from different regulators.
Read on as we discuss in this infographic what WORM compliance is all about for regulated industries, and when companies are required to comply with it.
What is WORM Compliance?
WORM compliance means the ability of a record keeping solution to store files in a format that cannot be tampered with in any way possible. This approach can prevent anyone, even archives administrators, from making any changes to the data before an expiration date or event.
WORM compliance is crucial in heavily regulated industries where highly sensitive data are often collected and stored. Bank account credentials, social security numbers, and business-related conversations are just some of the data that companies should ensure will never be altered in order to protect data integrity, ensure market transparency, and avoid data breach incidents.
When Is WORM Compliance Necessary?
Most archiving regulations around the world requires companies to store their archived records such as business-related text messages and voice calls using WORM technology. If your company is covered by these requirements, then it is essential to invest in an enterprise mobile archiving solution with WORM technology in order to ensure compliance.
Several key regulators require or suggest the use of WORM data storage technology for their electronic recordkeeping standards:
- SECand FINRA–Under the Rule 17a-4, electronic records must be preserved exclusively in a non-rewriteable and non-erasable format. WORM media is used for compliance with the rule. Records must be retained and indexed on the indelible media for a period of six years and with immediate accessibility for the first two years.
- NARA–While it does not explicitly require public agencies to use WORM media, NARA mandates agencies to have an archiving solution that has the ability to prevent unauthorized access, modification, or deletion of
- MiFID II– The newly-implemented EU-wide regulation requires firms to maintain electronic records like SMS and voice calls in a durable medium, such as WORM, for five years and for up to seven years.
- FCA–UK Firms are required to store records of text messages and voice calls in a durable medium which allows them to be replayed or copied; and retained at least five years and, where requested by the FCA, for a period of up to seven years, in a format that does not allow the original record to be altered or deleted.
- GDPR– While the new data protection regulation has no specific requirements for archiving text messages and voice calls, it does specify that those records must be kept safe and secure all the time.
Non-Compliance with WORM Requirements
Non-compliance with this regulation can lead to heavy fines and penalties. In 2017, FINRA fined 12 companies for a total of $14.4 million for “significant deficiencies relating to the preservation of broker-dealer and customer records in a format that prevents alteration.”
FINRA imposed sanctions against the following firms:
- Wells Fargo Securities, LLC and Wells Fargo Prime Services, LLC were jointly fined $4 million.
- RBC Capital Markets LLC and RBC Capital Markets Arbitrage S.A.were jointly fined $3.5 million.
- RBS Securities, Inc.was fined $2 million.
- Wells Fargo Advisors, LLC, Wells Fargo Advisors Financial Network, LLC and First Clearing, LLC were jointly fined $1.5 million.
- SunTrust Robinson Humphrey, Inc.was fined $1.5 million.
- LPL Financial LLC was fined $750,000.
- Georgeson Securities Corporation was fined $650,000.
- PNC Capital Markets LLC was fined $500,000.
According to Brad Bennett, FINRA’s Executive Vice President and Chief of Enforcement, these sanctions are a result of “FINRA’s focus on ensuring that firms maintain accurate, complete and adequately protected electronic records. Ensuring the integrity of these records is critical to the investor protection function because they are a primary means by which regulators examine for misconduct in the securities industry.”
WORM Compliance With TeleMessage
With TeleMessage Mobile Archiver, financial firms and public agencies will not only be able to capture and retain text messages, voice calls, email and other types of mobile content in real-time but also store them in a WORM-compliant medium.
Our platform not only retains records on a secure server, but also indexes mobile text messages/mobile content automatically, with immediate availability for review/supervision, on-demand search, and production.With such features, firms can comply with eDIscovery requests, respond to a regulatory audit more effectively, maintain compliance with various retention and storage standards and make their data management more efficient in the long-run.