Security e-Series

How the Cloud Can Help with Data Collection and Retention for the Dodd-Frank Act


How the Cloud Can Help with Data Collection and Retention for the Dodd-Frank Act

Financial institutions collect large amounts of confidential and sensitive data about their clients. The Dodd–Frank Wall Street Reform and Consumer Protection Act was passed in 2010 as a response to the 2008 recession with the objective of bringing a sweeping overhaul of the US financial regulatory system. The act requires financial institutions to “keep full, complete, and systematic records together with all pertinent data and memoranda” for each swap transaction they are a counter-party in until five years after the swap’s termination. These records include (but aren’t limited to) “all related records (including related cash and forward transactions) and recorded communications, including electronic mail, instant messages, and recordings of telephone calls“. To remain compliant with the Dodd-Frank act, financial institutions must store and protect huge amounts of client data for lengthy periods of time. Consider this in the case of long term bonds where the record retention required by the Dodd-Frank act can be greater than thirty years! In 2015, fines for non-compliance came to a record $3.14 billion, higher than it’s ever been in previous years.



Several provisions of the Dodd-Frank act have created a two-fold challenge for banks over the years. Firstly, there is a dramatic increase in the amount of data. Secondly, the data has to be maintained in a searchable and compliant form for audits. Most financial institutions often store data in scattered, legacy databases that are hard to search or audit. This raises the cost of ensuring compliance with the act as well as being prepared for any potential electronic discoveries that may result from lawsuits.


One solution to maintaining this data is to migrate it from expensive and dated legacy storage to a private cloud, or a mix of public and private cloud i.e. hybrid cloud. Public cloud is best suited for data that does not have any special requirements (such as geographical restrictions) as data is housed in large data centers next to other data at a reduced storage cost. Hybrid cloud is a particularly appealing option in that data that has special compliance requirements, or needs to be highly secure, can be held on a private cloud, while less critical data can be housed on a public cloud. These clouds can be integrated on a single dashboard that allows financial institutions to quickly and easily search multiple types of data stored in many different locations and in many different formats.


To further simplify data storage, financial institutions can also opt for software solutions that can classify unstructured data. Data is stored in the same format, even if it came from different originating sources, which makes it even more searchable. Add-ons include automated reports which provide regular updates on data collection and storage, and dashboards which can give instantaneous snap shots of records. Financial institutions can invest in low cost hybrid cloud technology to ensure compliance and have the tools for simple, automatic and intelligent search and discovery.


For more on HPE cloud solutions, please check out: