Financial Conduct Authority (FCA) Requirements for Email Archiving

The Financial Conduct Authority (FCA) are the the organisation responsible for regulation and protection of all aspects of the financial services industry in the UK. If you’re a company operating in this sector, their somewhat ‘comprehensive’ guidelines aren’t ones you can afford to ignore. 

The FCA Handbook covers a wide range of provisions, however in this post I’m going to focus on those that apply to email storage and archiving only – hopefully saving you a little legwork when it comes to checking whether you currently comply.

This is a follow-up to the more general post we published last year addressing the legislation and compliance requirements that apply to UK businesses in relation to email storage.

FCA Handbook guidelines 

High Level Principal 3 in PRIN 2.1 states that “A firm must take reasonable care to organise and control its affairs responsibly and effectively”. This is a RULE, not guidance, and not keeping a record of communications between the firm and its clients, or the clients’ product providers, would leave a firm open to an accusation of a breach of this.
In this event the firm’s senior people would also be in breach of APER 2.1a, which has the full statutory force of S64 of the Financial Services and Marketing Act 2000 (FSMA2000), and the regulator could probably cite additional breaches of APER principles 5, 6 and 7.

Under Systems and Controls the RULE at SYSC 3.2.20 is a broad requirement to keep records of matters that are ‘subject of requirements and standards of the Regulatory System’ and the glossary’s definition of the regulatory system is very broad.

In the Conduct of Business sections of the handbook for General Insurance and Mortgage people the rules are not specifically descriptive, but both ICOBS and MCOB refer the reader to SYSC 3.2.20. Schedule 1 of MCOB has a detailed list of what ought to be kept, and if documents are sent by email, or are the subject of email communication then those emails need to be kept.

For Independent Financial Advisors (IFAs), COBS 9.4 and 9.5.2 make very specific requirement to keep copies of suitability letters and associated emails, which is essentially any kind of recommendation or guidance to enter into any kind of investment activity. An FCA enforcement supervisor could also cite COBS4.11.1 where a record must be kept of every financial promotion, which is any kind of recommendation, offer or inducement to any one person or persons to engage in any investment activity.

Archiving software for compliance

MailStore Server is one of the software solutions available to ensure your company is meeting the appropriate compliance requirements. Regularly certified by an independent auditing firm and to Internationally recognised standards, MailStore installs alongside your email server (or hosted email account), taking a copy of every mail that you send and receive, storing it securely and ensuring nothing can be deleted or modified in any way.

Compliance related features include:

  • Archived email is identical to the original email in every respect
  • Storage periods can be set accordingly
  • Changes and events are logged via an integrated auditing feature in the Windows event log
  • Auditor access via a special “auditor” user type
  • Legal hold

Tamper-proofing:

  • Generation of SHA1 hash values from email content
  • Internal AES-256 encryption of email texts and attachments
  • No direct access by MailStore client components to the archive files
  • It is not possible to change email content, either in the graphical interface or in the internal program

MailStore is available to download and test as a free 30-day trial.

Many thanks to Robert White of Somerset-based Durell Software for providing the content for this post which uses an excerpt from an article originally written and published for a customer newsletter. Durell are a trusted Zen Software partner and have been providing back office administration and accounting software to IFAs, Mortgage and General Insurance Brokers for over twenty years.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Zen Software logo       Try any of our software completely free for 30-days:

MDaemon email server  |   BackupAssist   |   MailStore email archiver

Let us know what you think....

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s