In the modern world, of course, much of this paperwork will be held electronically; and in most cases, there is no legal or regulatory reason why this should present any barrier to discharging your record-keeping responsibilities properly. The FCA handbook (SYSC 9.1.4) states:
“Subject to any other record-keeping rule in the Handbook, the records required under the Handbook should be capable of being reproduced in the English language on paper.”
The principle here is that records must be reproducible on paper, but not necessarily stored on paper. A document kept on a computer drive in an electronic format, which could be printed if required, does satisfy this definition.
However, this shouldn’t be taken to mean that your electronic record-keeping process is automatically suitable. Typically we find that firms are highly attentive to matters of electronic security and questions about access to sensitive data, but can still fall short of best practice in record-keeping in other ways. Here are five considerations that should be kept in mind where firms do rely on records held on computer systems.
1. Backup and recovery
Your files will not be capable of being reproduced if they have been deleted, lost, or corrupted due to technology failures. You should ensure that every document with any compliance importance is properly backed up on a regular basis. Where an outsourced solution is employed to handle this, their process should be scrutinised with the same diligence given to any provider that handles paper records for your firm.
2. Timeliness requirements
Various regulation and legal obligations will apply a time limit for production of compliance documents. You should ensure that there is sufficient time to retrieve these if needed, especially if very large files are kept offsite and likely to be sent across a slow internet connection.
3. Organisation and conventions
If your process involves files being stored in directories on a computer disc, these should be diligently organised with common file naming conventions so that looking for a particular file doesn’t become an impossible task later on. Even better, consider using a database system that helps you label, categorise and search for documents much more powerfully.
4. Version control
One file might go through many iterations and you need to be clear on your policy for altering, renumbering, and storing these versions. Typically, document software available in standard packages contains some tools to track changes, but these are limited in scope when it comes to archiving large sets of adjustments over time.
5. Ownership and governance
Frequently, ownership of electronic records is considered to be the remit of an IT department, but where compliance documents are concerned there is often a need for greater control by other relevant functions. For example, if a document is mentioned within your CASS 10 resolution pack, it is critical that an IT resource doesn’t rename, move, or otherwise make unavailable that document. Even an innocent adjustment such as renaming a folder on a network drive could be considered a CASS breach if that folder was referenced in the pack.