Data Retention for Financial Services - Best Practices and Top Tips

18 March, 2022

Data retention rules exist which cover almost all of the data gathered and stored by your business, creating many levels of complexity and business risk. Could the right cloud-based data management system be the key to navigating this minefield?

Keeping business records can be a double-edged sword, with many legal and regulatory implications. Financial records such as Profit and Loss statements or payroll are analysed for audits, or by management when making strategic decisions, such as for investments, expansions, or laying off staff, while customer data can be useful for making sales and marketing decisions, but needs to be handled carefully.

Most businesses will want to keep contracts and sensitive files in case of any regulatory investigations or legal issues, and such records are important for due diligence – often used during mergers and acquisitions.

Given the high degree of trust customers place in financial services firms, keeping accurate records is critical to maintaining a financial services firm’s reputation.

Regulatory risk in data retention

Data retention regulations protect customers from having their sensitive information leaked or hacked, as well as protecting financial services firms themselves.

Breaching these regulations means serious penalties, which vary by jurisdiction:

  • Hong Kong – Up to HKD$100,000
  • United Kingdom – Up to £17.5 million or 4% of annual turnover
  • Europe (GDPR) – Up to €10,000,000 or 2% of annual turnover
  • United States (17 CFR Part 210 & CCPA) – Up to $7,500 (Different states however have different regulations, such as California stronger laws are in place with heavier penalties).
  • Canada (PIPEDA) – Up to $100,000 CAD
  • Brazil (LGPD) – Up to $11,000,000
  • Others – + $500,000

What records are usually kept?

Banking data is required to be kept for an average of seven years, or longer in some places, which includes:

    • Bank statements
    • Accounting records
    • Deposit slips
    • Taxes
    • Payroll
    • Purchase orders
    • Employee expenses reports
  • Insurance records
    • Incident reports and claims
    • Policies
    • Safety reports
  • Legal documents
    • Agreements
    • Contracts
    • Employment contracts

Aside from storing these records, staff at financial services firms often share such data internally for business reasons, which could present additional risk.

This is why financial services firms need a comprehensive data retention strategy – not just for their stored records, but also their communications and chat records, where conversations could exist for years after they’ve been deleted from other systems in compliance with regulations. This includes WhatsApp, WeChat, and LINE, as well as internal team collaboration software like Slack.

CINNOX keeps financial services in-line with data retention regulations

CINNOX provides a comprehensive data retention package which covers all customer data, communication records, and any shared media such as files.

  • Instant messengers, such as WhatsApp, are integrated with CINNOX so conversations and shared records among staff and between staff and customers are backed up and deleted as per established policies
  • This includes all communication between staff via CINNOX, such as video/audio conference recordings, group chats, and shared files
  • Data is only retained on the CINNOX servers for a pre-determined period
  • Data is backed up and uploaded to your chosen secure file server using a strong encryption channel (RSA cryptosystem)
  • Files are encrypted and saved as a ZIP file with a password before uploading to your secure file server
  • You can generate your own encryption keys within the CINNOX system
  • All retention logs are available
  • Sync files with your database like MongoDB and define different permission for your team to access from CINNOX Retention Portal
  • CINNOX is safe, secure, and compliant with rigorous testing to ensure the latest security and encryption standards

Whatever your business needs, CINNOX can tailor a comprehensive and secure data retention package for your unique requirements. 

References for data retention regulations:

Magazine Arma summary of retention regulations

ICPAS – retention regulation guidelines

Leave a Comment