Data retention is the main compliance headache for banks

Conducted by research firm Clearconcepts, the survey found that 20% of respondents listed data retention and retrieval as their most pressing compliance headache, closely followed by e-mail management.

Concerns over retention and retrieval included data security and fears that the volume of data would overload systems. Another issue was the requirement, imposed by various regulations, that data be stored for a set period of time – the length of which depends on the particular regulation.

For example, the Data Protection Act states that customer information should not be retained longer than necessary, yet other regulations - such as those on money laundering - put pressure on banks and building societies to store certain customer data for significant periods of time.

This conflict, said respondents, was slowing down the ability to formulate strategies for document retention and retrieval. In particular, it was giving IT directors a dilemma – should data be retained or deleted? They were all very aware that the impact of making the wrong decision and falling foul of regulators could lead to prosecution, large fines and adverse publicity both for the institution and individuals involved.

The ability to prove to the Financial Services Authority (FSA) that data is secure and accessible was seen as one of the most critical compliance issues by the IT directors interviewed. However, when questioned further, respondents said that accurate data retrieval is still a difficult hurdle for them to clear.

Problems included an inability to keep track of files that are sent across different lines of business, and applications that sit on different drives which make data disparate and harder to access.

The survey also found that a large number of the 80 financial services firms interviewed were concerned by the problems associated with the management of e-mail. They stated that the growth of e-mail as a knowledge base as well as a communication tool within financial services organisations has meant that the problems of retention and retrieval associated with other forms of data are applying equally to e-mail.

This was especially so, said respondents, in light of recent regulatory legal cases where e-mails have been used as evidence.

Finally, all interviewees were asked what compliance solutions they had already implemented or were currently implementing. Many firms said that they were adapting existing systems in the short term in order to meet immediate requirements such as FSA deadlines and to minimise risk. Others suggested that they would need to implement new platforms in the very near future if they were to support the number of changes and requirements of new regulatory standards.

Data retrieval systems are currently the most popular implementation at financial services companies with a quarter of responses emphasising this. More than one in five firms said that a surveillance solution such as an anti-money laundering system had been put in place at their organisation.