By Bill Tolson, Vice President of Marketing, Archive360

Salesforce is the most popular customer relationship management (CRM) software and cloud computing platform in the world. As such, many regulated organizations, including the financial services sector, rely on it for assistance in managing their sales and marketing since its functionality is targeted to these roles and it is exceptionally well-designed. Using Salesforce, customers can track all of their sales activity, including every lead, opportunity, and customer interaction, empowering them to take action immediately.

But Salesforce content compliance doesn’t happen by itself, and this can create problems in regulated industries if companies are unprepared. For example, since every Salesforce instance must be legally defensible so that a company can quickly react to government information requests, litigation holds, and eDiscovery requests, financial firms need a way to:

  • Meet regulatory data retention and access requirements per the SEC Rule 17, MiFID II, and other regulations
  • Review past Salesforce activities and individual account changes at particular points in time
  • Preserve older data for ongoing analytics and compliance instead of being forced to delete it to make room for more current files

With these realities in mind, companies must seek a Salesforce archiving strategy that’s not only compliant with industry regulations, but also comprehensive, secure, and affordable. The best and simplest way to do this is to employ a cloud archive built on your own Azure tenancy, so that you don’t have to rely on a proprietary cloud vendor to store your regulated data. Instead, you have direct control of your data and encryption keys as well. In order to see why this type of nonproprietary solution is so powerful, it helps to understand how far we’ve come in terms of on-premise archiving versus cloud archiving.

Hard Choices

In the past, financial services companies found themselves in the difficult position of having to choose between storing their regulated content in either an archive on-premise or a proprietary cloud solution. None of these older solutions were quite right, since the choices for on-premise solutions included pricey WORM storage, servers, floor space, power, archiving software annual software and hardware support fees, as well as personnel to support it all. Because of these escalating costs, on-premise archiving has fallen out of favor in the financial services industry.

On the other hand, proprietary cloud archiving solutions for financial services are also very expensive with several issues that many don’t realize until its too late. While these solutions offered obvious advantages, security, ease of access, and simplicity, there was a serious downside: data conversion. This data conversion occurred for two main reasons. More efficient storage in the proprietary cloud, and it serves as a way to stop customers from leaving the proprietary cloud without needing to pay a “re-conversion fee,” sometimes as high as $40.00 per GB. These proprietary cloud archives are much like data prisons where you have pay a ransom to get your data back.

Besides the conversion trick, another common practice that cloud vendors use is throttling the data export speed if you wanted to move your data out to another vendor, which meant it could take months or even years for an organization to move its own data back out of the third-party archive.

Despite these limitations of proprietary cloud systems, most financial services organizations have moved to the cloud or have plans to do so. But some firms still wonder whether they really need to archive all of their Salesforce data. Let’s examine some industry-specific reasons why the answer is an unequivocal yes.

Financial Services and Salesforce

Salesforce’s capabilities allow financial services firms to capture and track a wide range of data, communicate internally, and communicate with customers. This is critical when you consider the industry’s strict regulations, including SEC Rule 17 and MiFID II, which require all target communications and related trading records, both interal and external, be archived or managed in a repository that guarantees the information is “copy of record” quality in an immutable (WORM) repository. This means companies need to maintain an unchangable copy of all original records with all metadata. So to be compliant, companies need a way to capture and manage all Salesforce data that meets regulatory retention requirements.

To meet the “ease of access” requirement which specifies regulators must be able to easily access and review specific data quickly, financial services companies should provide the ability to:

  • Quickly and easily search, review, tag, and export of data
  • Define and manage cases
  • Review date and custodian-searchable broker/trader communications and records

And since security of sensitive financial data is also a major concern, having direct control of Salesforce data is important. By archiving data into a proprietary cloud, a company loses direct control of its own data. When considering data security and deciding which Salesforce data should be archived, completeness counts. Some proprietary cloud archiving vendors do offer archiving of Salesforce email and the software’s enterprise collaboration platform, Chatter. But since they don’t offer archiving for the additional data objects within Salesforce, the data archiving is incomplete and puts client companies at a compliance and legal risk.  

Preparing for eDiscovery

While no organization wants to face litigation, all must prepare for its eventuality by following eDiscovery best practices. Most eDiscovery requests target existing data of target custodians between specific dates. But eDiscovery requests can be much broader than this to include new data such as ongoing email or Chatter traffic from target employees.

When using Salesforce CRM for sales-related data like names, contact information, times, communications, activities, and notes, on-going archiving of this data is an absolute requirement to enable a proper response to an eDiscovery order. Without a solid process to capture and quickly produce Salesforce data in response to eDiscovery, you risk that the company may be found noncompliant.

With these eDiscovery needs in mind, every financial firm’s Salesforce platform should incorporate a complete archiving capability. Yet Salesforce doesn’t include a comprehensive archiving mechanism that ensures regulatory compliance within the program. Plus, most companies eventually run into data-storage limitations using Salesforce since it only has a limited amount of default storage included in the contract, so a company can must purchase more data storage capability, turn to a third-party application, or purge data.

Why not just buy some additional storage? It’s very pricey for a piecemeal solution and purchasing additional data storage can cost upwards of $1500 for 500 MB per year. And since there can be legal and regulatory issues with deleting data to free up space, a more compliant solution is needed. A best practice for optimizing data-storage usage while reducing cost and ensuring regulatory compliance is to archive the complete Salesforce dataset utilizing an Azure archiving platform designed specifically for the Salesforce platform.

Peace of Mind, Not Piecemeal

By using an archiving solution with the ability to archive a financial firm’s entire Salesforce dataset, an organization can rest assured of meeting all regulatory requirements for data retention, including SEC Rule 17, FINRA, MiFID II, FDA 21, CFTC, IIROC, FERC, and FAR 4.7.

With so many regulations, the name of the game for the financial services industry needs to be complete Salesforce data capture. This comes down to the fact that the Salesforce application includes an incredibly large number of data objects that all must be captured, archived, and made accessible for regulators to search and access whenever requested. Since the Salesforce platform lacks native comprehensive data archiving, the only way for regulated industries like financial services to remain compliant is to employ a solution that automatically facilitates archiving all Salesforce data objects.

One function that’s particularly helpful in this regard is the ability to review data as it was at a particular point in time, almost like a time machine. Regulated companies should seek an archiving solution that enables users to view records as they were on a specific date or dates. This allows for review of a customer record as it was on a day in January 2015, again in July 2016, and finally today showing how the changes and updates that were made to the record at each point in time. That way, if regulatory compliance or eDiscovery comes into question, you can quickly show how records changed over time and who made the changes.

There are many benefits to this type of comprehensive Salesforce archiving solution. Not only can you meet regulatory data retention and access requirements for your Salesforce app and ensure that your Salesforce instance can quickly react to an eDiscovery request or litigation hold, but you can also keep little-used data available for compliance requests instead of deleting them because of space limitations in the Salesforce platform. It’s also infinitely scalable to keep storage costs down. And best of all, it’s non-proprietary, which means there is no third-party vendor lock-in. It’s your data in your own Azure cloud, a security that brings true peace of mind.

About the Author

Bill Tolson, Vice President of Marketing, Archive360, has more than 25 years of experience with multinational corporations and technology start-ups, including 15-plus years in the archiving, ECM, information governance, regulations compliance and legal eDiscovery markets. Prior to joining Archive360, Bill held leadership positions at Actiance, Recommind, Hewlett Packard, Iron Mountain, Mimosa Systems, and StorageTek. Bill is a much sought and frequent speaker at legal, regulatory compliance, and information governance industry events and has authored numerous articles and blogs. Bill is the author of two eBooks, “The Know IT All’s Guide to eDiscovery” and “The Bartenders Guide to eDiscovery.” He is also the author of the book “Cloud Archiving for Dummies” and co-author of the book “Email Archiving for Dummies.” Bill holds a Bachelor of Science degree in Business Management from California State University Dominguez Hills. Connect with Bill @wtolson or @archive360.