7 Fintech Best Practices when Implementing Email Archiving

By Harriet Christie
Harriet Christie of MirrorWeb looks at ways fintechs can securely manage their email archiving in the wake of bigger cybersecurity threats in the space.

Email archiving is common among financial services companies, which must retain all business emails for several years under regulations from the Securities Exchange Commission (SEC) and other agencies.

However, companies outside of the financial services industry can also benefit from an email archive. Archived emails can be invaluable in the event of legal proceedings. An archive is a repository of tribal information, which can support HR functions and act as a source of business insight.

Because of its potential value, an email archive must be set up properly. By following email archiving best practices, a company can ensure its archive functions properly and serves its purpose effectively. For instance, some companies may assume that their email platform serves as a default archive. However, even  common platforms such as Office 365 don't always come with long-term archiving capabilities.  A smart, proven approach is therefore essential to maintain a useful archive.

1) Consult with legal team to remain compliant

Various businesses and industries are governed by different regulations. For instance, organizations in the US healthcare industry must adhere to strict guidelines on how information should be archived under the Health Information Portability and Accountability Act (HIPPA).

If a company does not remain compliant with the guidelines for its industry, it could result in a loss of revenue, damage to its brand, millions of dollars in fines, non-monetary penalties, and even jail time for individual offenders. Clearly, compliance is the most important aspect of an email archiving solution.

Companies looking to set up and maintain an email archive should first consult with their legal team. Legal compliance experts understand how to put safeguards in place based on the specifics of these complicated regulations, and are therefore the most important resource when it comes to setting up and maintaining an email archive.

2) Invest in a suitable solution 

The number of emails generated in a day can vary from business to business, and it’s important for a company to use an archive that is suited to its needs. For example, a company might start out with a few terabytes of data storage, only to find out that it needs even more space after just a couple of years.

Companies looking for an email archiving solution need to consider not only their current needs but also their future needs. The last thing a company should be doing is scrambling for space as their archive gets close to full.

3) Establish an email archiving committee

Because an email archive is relevant to everybody in a business, the archive should meet all of their needs. An archiving committee that represents a diverse array of stakeholders can help ensure effectiveness and ease of use. Members of an archiving committee should include people from every type of department and at every level of an organisation.

4) Establish a high-water mark retention period

An email archive needs to meet different regulations and address different needs. Because of this, timeframes for retention can vary significantly from rule to rule and function to function.

An effective way to simplify an email archiving strategy is to establish a high-water mark retention period. This is a “one period to rule them all” timeframe that meets all essential functions. For example, if a legal situation requires storing emails for nine years and an SEC rule calls for six years of storage, the high-water mark retention period should be nine years.

5) Fintech companies should leverage automation 

A high-water mark retention period can simplify one aspect of an email archiving system. However, different departments within a company often have different retention needs. For instance, emails sent by the finance department fall under different regulations than emails sent for customer support.

Fortunately, many email archiving solutions have automated features designed to simplify this situation. Most solutions offer a function called ‘real-time fetching’ that collects all inbound and outbound emails in real-time and remands them to a safe, tamper-proof database. This automation avoids the time, effort, and stress associated with manually archiving emails. Some email archiving solutions offer an automated legal hold process that simplifies scheduled searches and access to files during e-discovery or imminent litigation.

Automated expunging of emails that no longer need archiving is also a desirable feature in email archiving software. For instance, the software could expunge HR emails after a retention period of seven years, exempting any emails that may pertain to litigation or compliance.

6) Make email archiving easy for employees

Leaders should make email archiving as simple as possible for workers. If employees are forced to recall pages of policy and procedures, they’ll be less likely to follow the necessary protocols. Furthermore, unnecessary complexity leads to the wasting of valuable time.

In addition to making procedures easy to follow, leaders should also make sure employees are always kept in the loop regarding any changes. Employees are notoriously resistant to change, so explaining the reasoning behind any modifications can help them to stay engaged with this critical business function.

7) Regularly review regtech changes and make updates

Laws and regulations regarding record retention often shift over the years. Companies that don't keep up with the changes run the risk of getting an unpleasant surprise. The archive and legal teams should regularly review changes and make relevant updates. HR personnel and the archive team should also follow all regulatory agencies that could suddenly issue new rules related to archiving. 

By implementing the above steps and then keeping on top of regulations as they evolve, businesses give themselves the best possible chance of ensuring and maintaining compliance. After all, partial compliance is the same as noncompliance, so it pays to be as scrupulous as possible with your approach to email archiving.

About the author: Harriet Christie graduated from the University of Sheffield in 2010, with a BA in Management Accounting, Entrepreneurship, Business Law, BSR, HR. She entered the Tourism space, starting as an Accounts Executive at LateRooms.com, and earning the title of Global Accounts Manager within three years. She later joined as a Key Account Manager with MirrorWeb, a data archiving solution based in Manchester.