Back to blog

Trump, Dodd-Frank and email compliance

Jun 21, 2016 by Romulo Melillo

What are the implications for Wall Street email retention, compliance and migration if Dodd-Frank is ‘unwound’?

Presidential candidate Donald Trump has made no secret of his distaste for Dodd-Frank, the US government’s regulatory framework covering financial trades. “Dodd-Frank has made it impossible for bankers to function,” he says, adding his plans “will be close to dismantling of Dodd-Frank.”

Although bank lobbyists would generally like to see changes to make compliance easier, financial firms have spent six years and millions of dollars adjusting the way they operate to comply with the law. Trump’s plan for a wholesale rewrite is certainly raising some eyebrows.

What is Dodd-Frank and how does it affect email records?

The Dodd-Frank Wall Street Reform and Consumer Protection Act is a federal law enacted in July 2010 that aims to prevent another financial crisis by using regulatory processes to enforce accountability and transparency.

The Act obliges firms to retain written transactional and non-transactional records for five years (or the life of a swap plus five years), so that trade details can be reconstructed through eDiscovery. It covers email, chat, SMS, and fax communication that led to each trade’s execution, and there are similar rules – with shorter retention periods – covering oral communication.
[vc_column width=”1/4″][vc_column width=”3/4″]In practice, the Act adopted existing rules on the use of Write Once Read Many (WORM) compliant media for storage. This type of storage includes devices where information, once written, cannot be modified; this is one reason why use of cloud services such as Office 365 need to be augmented by a standalone archiving system. Data must be viewable in its original format from any location, whenever it’s needed, and the archival mechanism must be able to capture traffic without disrupting the flow of email or instant messaging.

Archiving solutions such as Veritas Enterprise Vault contain all the tools needed to comply with Dodd-Frank, and the legislation has been a prime incentive for organizations to eliminate offline PST files and to centralize them into archives.

What is Donald Trump proposing?

President Obama has said Trump’s position would let companies do “the same stuff that almost broke our economy’s back”, but as with many of his eye-catching electioneering positions, Trump has given little real detail as yet. He has shown an interest in Republican Jeb Hensarling’s proposals to allow banks to choose between complying with the law or holding a much higher amount of capital.

It’s therefore difficult to predict with any certainty what effect a Trump dismantling of Dodd-Frank could have on email retention and compliance. Our best guess is that he may be focused on other aspects of the legislation, and that archiving requirements are unlikely to change radically; after all, what Dodd-Frank did in this area was simply tighten up what had gone before.

Email archives by their very nature contain all manner of sensitive data, and they are always going to be required for reconstruction of events after the fact.

What should banks and financial institutions do now?

Dodd-Frank was drafted very much from a consumer protection point of view, and to make sure that organizations that were ‘too big to fail’ would always be able to be wound down in a controlled manner. These aspects are likely to be what interest Trump.

Although the law demands strict archive retention, it’s actually in every bank’s own interest to make sure they retain the most detailed records possible. That’s how they protect themselves.

That means being strict about, for example, the outlawing of PST files. Being whiter-than-white when migrating old archives to new storage platforms. And making sure that shared resources – like Exchange Public folders – are not only discoverable, but have sensible, logical hierarchies. (In fact, one of the best ways to achieve that aim would be to migrate the Public folders into Office 365 Groups, from where the data can be archived effectively).

In short, it’s for your own good to keep doing what you’re doing now, regardless of what the law says.

When compliance meets technology

Most chief compliance officers come from a legal background. They’re much less concerned with how compliance is achieved than making sure that it’s actually done.

For technologists, the challenge is to keep costs as low as possible while demonstrating discoverability and compliance. They need to preserve Chain of Custody and clear records showing what has happened to any data, whenever it’s moved between platforms. The need to migrate can be driven by many factors – merger activity, or end-of-life for existing products and platforms, for example – that are nothing to do with compliance.

Even if it turns out you don’t need to change your existing systems and practices to comply with whatever Trump has in mind, you’ll always need to migrate and safeguard critical email and associated records for other reasons.

Whatever you’re trying – and need – to achieve, Quadrotech will be with you every step of the way.