Delivering on Data Management in Large Financial Institutions

Financial Institutions Are Grappling With Significant, Ongoing Challenges in Data Management

Financial institutions are grappling with significant, ongoing challenges in their management of valuable communications data . These challenges are driven by accelerated technology change, a wholesale shift to cloud platforms and many long-lasting changes in working practices and behaviours. Financial institutions have experienced a seismic shift from an era where all communications data was stored in centralised servers within the walls of its enterprise data centres. Now, email, chat, voice and video along with other dynamic forms of collaborative content are stored across a myriad of third-party communications channels and cloud-based platforms outside the perimeter of the enterprise.

Adding to data complexities, authorities in financial centres worldwide are increasingly focused on the risks and potential gaps in institutions’ ability to comply with necessary regulations.

Against this backdrop, how can risk and compliance leaders retain the flexibility and agility of instantaneous digital communication while keeping the increasing volume and veracity of critical communications data under control?

Modern Data Challenges

Financial institutions have long been highly regulated organisations. Traditionally, managing the communications perimeter was limited to retaining copies of emails backed-up from on-premises email server and maintaining audio recordings of phone conversations conducted on landline phones and dealer rooms turrets. Now, as bankers, traders and other financial services personnel communicate with clients across multiple channels, many of which are hosted externally to the enterprise, and some with additional layers of encryption on the device itself, the challenge is how to capture, store and retrieve this data to meet compliance and legal requirements. This challenge is made more difficult due to the fact that many of the communications channels and collaboration platforms used have been designed with end-user needs in-mind and lack the necessary retention, discovery and retrieval tools to fulfil financial services legal and compliance obligations.

To date, most financial services institutions have been forced to piecemeal solutions as each new app or tool has been incorporated. Each new challenge has called for another point solution to be incorporated into an increasingly complex compliance and legal landscape, encompassing analogue and VOIP voice data, email, instant messaging and chat, mobile apps and collaboration platforms. This approach of multiple vendor solutions supported by a wide range of technologies that don’t integrate and require vast resources to manage continues to fall short of regulatory expectations.

These shortfalls can come at a steep price. In recent years, the Securities and Exchange Commission and the Commodity Futures Trading Commission levied billions in fines on dozens of financial institutions for failing to manage appropriately “off-channel communications,” such as WhatsApp.

Under the Markets in Financial Instruments Directive (“MiFID”) in Europe and Sarbanes-Oxley in the U.S., banks must be able to retrieve and reconstruct relevant communications data, and to begin dialogue with regulators within tight timeframes of a new alert or request. , Given how stringently these deadlines are policed, the ability to query a single integrated data store containing all relevant communications data, no matter the originating platform, is vital.

Regulatory and compliance leaders are beginning to recognize the benefits of migrating to a single integrated data store and leveraging advanced cloud-based tools for real-time indexing supported by machine learning and artificial intelligence. This openness to a holistic, proactive approach is an important step in the direction of solving the ever-evolving landscape of data challenges. However, to be effective, a single source of truth must be architected and maintained for flexibility and attention to common data management pitfalls.

Comprehensive Data Management

The speed, scalability and cost effectiveness of cloud archiving platforms provide significant benefits over the traditional on-premise solutions. The long-term goal to meet regulatory requirements is to develop a single cloud-based hub for communications data, where access is granted to select parties and dynamically managed. Such a solution will ensure it’s easy to connect to data sources, and to find, retrieve and reconstruct communications. Such solutions should include:

  • Enablement of business objectives and ensuring the data and archiving strategies comply with both current legal and regulatory requirements and pre-empt emerging requirements driven by technology advancements (i.e., use of personal devices and ephemeral messaging applications).
  • Design, development and implementation of desired data, archiving and legal hold strategies with operating models to achieve defensible data archiving and minimisation whilst managing adjacent costs and risks across the enterprise.
  • Day-to-day management of global enterprise archives, retention policies, legal holds and business-as-usual optimisation, to ensure business objectives and end-user requirements are satisfied in concert.

Solutions should encompass all steps from initial data capture and archiving through to retrieval and analysis and support multiple end-user teams across an enterprise, so communications data may be easily accessed for critical functions, including legal, investigations, disputes, regulatory compliance, privacy and customer rectifications.

Financial institutions are confronting a complex and fragmented communications universe, with alert and engaged regulators placing new burdens on legal, compliance and risk teams. Robust data management capabilities, technology offerings and holistic solutions can give institutions the confidence to take decisive action, reducing infrastructure costs and minimising regulatory risk amid a constantly changing communications environment.

Footnotes:

1: Rowley, Simon, “Organisations struggling to control sensitive content, study finds,” Data Centre & Network News (2024).

2: Grip, “Recordkeeping fines and actions,” 16 October 2025.

3: “Implementing and delegated acts – MiFID II,” European Commission (2023).

4: Sarbanes-Oxley Act of 2002, Link.

Related Insights

Related Information

Datum

04. Nov 2025

temp Ansprechpartner

Richard Palmer

Senior Managing Director

Most Popular Insights

  1. Navigating Tariffs: 10 Strategies to Protect the Bottom Line
  2. The Hidden Risk for Data Centers That No One is Talking About
  3. It's La La Land Again in Financial Markets
  4. Geopolitisches Risikomanagement: Für global agierende Unternehmen kein Luxus
  5. Corporate Sustainability Report

Insights von FTI Consulting abonnieren

Abonnieren