How Can Email Archiving Solve FinTech Compliance Concerns?
FinTech businesses are innovators who create new approaches and solutions for the challenges facing financial services across the globe. As FinTech has exploded on the scene, the regulations have kept up with this ever-changing sector. FinTech companies, like many tech startups, are typically made up of small teams who lack the capacity to have a dedicated compliance department.
FinTech will always have to be compliant if they want to operate and survive in the heavily regulated industry and, due to this, email archiving for financial services is crucial. Here are 5 compliance concerns that email archiving can solve for FinTech:
1. Due Diligence, Money Laundering and Terrorist Funding
All financial businesses offer products and services could be used by criminals and terrorist groups to launder money. Jurisdictions ensure regulations are in place that deal with customer due diligence, anti-money laundering and counter-terrorist funding measures which will detect and deter activities it considers suspicious. The Financial Conduct Authority (FCA) is the UK’s main regulator on all matters relating to compliance. The US has various federal regulators including Office of Foreign Assets Control (OFAC), the Financial Crimes Enforcement Network (FinCen) and the Securities and Exchange Commission (SEC).
How can email archiving help in relation to criminal group activities? These groups are likely not only interested in using your software for their illegal activities but also the data you have on other businesses. For example, any financial transactions that are mentioned in your emails will be very appealing to criminals. By having a secure email archiving solution like Cryoserver in place, you can set up rigorous retention policies to periodically and automatically remove emails in your inbox and therefore the sensitive data contained in them, knowing full well that it’s always authentically preserved and retrievable in the archive. This way, FinTech can drastically limit the amount of sensitive data hackers can pilfer at any given time. Even in the worst case scenario of a staff member having access and abusing their privilege for criminal actions, emails cannot be edited and all actions are recorded for administrators to monitor.
2. Data Protection
Data protection is important for all businesses, including FinTech. Every major country in the world has rules in place to protect the data of consumers. The UK has the Data Protection Act which is enforced by the Data Protection Authority. Across the EU, GDPR enforces data protection rules in all its member states, with each country adopting the rules put in place by the Union. Most consumer privacy in the US is looked after by the Federal Trade Commission (FTC) but the Consumer Financial Protection Bureau (CFPB) has also intervened on Fintech organisations in certain cases. The US and EU also have a cross-continent agreement known as Privacy Shield which replaced the EU-U.S. Safe Harbour.
Most businesses associate email archiving with data protection compliance, and primarily partner with a service for that purpose. Data not only needs to be protected appropriately by a secure service but it must also be available for fast retrieval, if subject access requests are raised or a regulatory body asks for it during an investigation. There are strict time frames on responding to requests including 20 working days for FOIs (Freedom of Information) and 40 calendar days for a subject access request under GDPR. It’s important to note that the standard email inbox such as Outlook does not effectively search through thousands of emails and their attachments at once to make FOI/SAR requests an easy task.
3. Payments
Payments are made between businesses all the time and the systems in place are protected worldwide by various regulatory places. Each country gives FinTech businesses the rules they must follow, so they vary depending on where you’re based.
The EU has the most commonly discussed regulations known as the second Payment Services Directive (PSD2). The PSD2 ensures payment security is preserved along with the privacy of customers and clients.
Emails that have been sent to clients may have invoices or receipts with sensitive financial data. This information must be protected on a secure archive which is what your clients would expect when getting into business with you. Failure to protect this data could see FinTech businesses fined by regulatory bodies. For example, the GDPR fine framework states there are potential fines of up to €20 million or 4% of turnover for the preceding fiscal year – whichever is higher
4. Asset and Wealth Management
FinTech have helped in the development of robo-advisers in relation to asset and wealth management. The automated investment services provide considerable savings for investors, which are especially attractive to those with smaller portfolios.
Automated services must have a data retention policy in place. If these robo-advisers are also capable for sending out email correspondents, these must be captured in the archive to ensure they comply with company and regulatory policies. You must also be able to prove that no tampering has been made possible to the auto service. If any changes are made to emails after capture, the archiving software ensures the original copy is retained and all edits are logged within the system
5. Peer-to-Peer Lending
Peer-to-peer lending services are controversial – in recent years, China has toughened its rules regarding P2P lenders after a few cases of serious fraud emerged. The US is also looking to tighten its regulation after concerns were raised about the lending practices. The UK already has rules set in place with P2P in mind. The FCA expects all lending services to provide detailed information on the risks for potential investors.
With P2P lenders likely to come under scrutiny, it’s important that FinTech firms are ready in case information is requested by regulatory bodies during an investigation. Email archiving solves that issue with a secure bank of archived email communications you can search. Data is pulled in seconds to comply with any investigation.
Stay Compliant With Cryoserver Email Archiving
The easiest way to ensure your FinTech business is fully email data compliant around the world is to work with an email archiving provider that keeps up and complies with the ever-changing and tightening regulatory environment. Cryoserver offer cloud archiving and on-premise solutions depending on what is best for your company. Get in touch with us today to discuss your data protection, compliance requirements and learn more about email archiving for financial services.
Blog