1310997244 forrester bloomberg whitepaper

8/2/2019 1310997244 Forrester Bloomberg Whitepaper

1/12

A Forrester Consulting Thought Leadership Paper Commissioned By Bloomberg

Financial Services Firms Accelerate Shift To

Cloud-Based Archiving For Compliance

April 2011


2/12

Forrester Consulting

Financial Services Firms Accelerate Shift To Cloud-Based Archiving For Compliance

Page 1

Table Of Contents

Executive Summary ................................................................................................................................................................................. 2

Financial Services Firms Struggle With Compliance Requirements ............................................................................................. 3Half Of Financial Services Firms Plan To Adopt Hosted Compliance Solutions ....................................................................... 6Key Recommendations ........................................................................................................................................................................... 9Appendix A: Methodology................................................................................................................................................................... 10Appendix B: Supplemental Material .................................................................................................................................................. 10Appendix C: Demographics/Data ...................................................................................................................................................... 11Appendix D: Endnotes .......................................................................................................................................................................... 11

2011, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources.

Opinions reflect judgment at the time and are subject to change. Forrester , Technographics, Forrester Wave, RoleView, TechRadar, and Total

Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional

information, go to www.forrester.com. [OrderID]

About Forrester Consulting

Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in

scope from a short strategy session to custom projects, Forresters Consulting services connect you directly with research analysts who apply

expert insight to your specific business challenges. For more information, visitwww.forrester.com/consulting.
http://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consulting


3/12



Page 2

Market shift: Half offinancial services firms

plan to expand or roll out a

hosted compliance

solution by the

end of 2012.

Executive Summary

Organizations are increasingly adopting cloud-based solutions for message archiving due to perceptions of lower total

cost of ownership (TCO), more rapid deployment capabilities, and other advantages

vis--vis traditional software deployments. Small and midsize organizations in

financial services have relied on software-as-a-service (SaaS)-based and hosted

message archiving solutions for years. Yet, many of their larger counterparts have

held off on leveraging this deployment model, citing security, operational, legal,

and other concerns. The market, however, has reached a tipping point and will see

significant adoption of cloud-based message archiving by financial services enterprises of all sizes over the next two

years. In November 2010, Bloomberg commissioned Forrester Consulting to evaluate the current state of archiving and

compliance in the financial services sector, capture enterprise expectations, and examine changes in anticipated

application delivery models.

Key FindingsIn conducting an online survey of 187 North American decision-makers with responsibility for compliance, messaging,

and legal risk mitigation employed by financial services firms, Forrester found that:

Financial services firms struggle with compliance. Fifty-five percent of respondents describe complying with

data privacy laws as challenging. Also, decision-makers report significant difficulties in meeting litigation

requirements, recording and archiving obligations, employee communications monitoring needs, and other

regulatory requirements.

Compliance challenges are multi-faceted. Edging out concerns about cost, 75% of the financial services

decision-makers surveyed highlight concerns about reputational damage in conjunction with regulatory

oversight and investigations. Respondents also cite major concerns with compliance-related application

integration and lengthy response times.

Financial services firms focus on a broad set of content and application types for compliance. In addition to

email, organizations perceive file shares, physical records, line-of-business applications, mobile messaging, and a

wide range of other content types and applications to be critical for regulatory purposes.

SaaS-based and hosted archiving solution adoption is increasing at a rapid clip. About half of financial

services firms plan to leverage hosted compliance solutions prior to 2013. While small and midsize customers

account for the bulk of the customers for these services today, over the next 24 months, larger financial services

organizations plan to ramp up adoption.
http://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consulting


4/12



Page 3

eDiscovery alert: Only 33% of

financial services firms are

very confident that they can

demonstrate that their

electronically stored

information is accurate,

accessible, and trustworthy.

Financial Services Firms Struggle With Compliance Requirements

In a late 2010 survey, Forrester found that 81% of respondents across all industries rated regulatory compliance as a

critical or high priority for the next 12 months. 1 Certainly compliance in the financial services sector isnt trivial. Even

though many organizations have faced stringent regulatory requirements for years, its clear that meeting archiving and

compliance objectives proves painful for many organizations. For example, in a Q1 2010 Forrester survey, fewer than

half of respondents reported satisfaction with their current message archiving solutions. 2

Companies in the financial sector face an alphabet soup of regulations. While other

regulations can apply, these obligations may include: US FINRA 3110, US SEC 17a-3 and 17a-4, UK FSA Code of

Business Sourcebook, EU Data Privacy Directive, US state data privacy laws, US Federal Rules of Civil Procedure(FRCP), and various others related to tax, corporate, and labor requirements. Wading into this mix, our survey found

that financial services firms face a broad set of frustrations in meeting regulatory and compliance challenges (see Figure

1). While privacy concerns lead the list, financial services firms describe major challenges in meeting litigation

requirements, recording and archiving obligations, employee communications monitoring requirements, and other

regulatory demands.

Our ongoing exchanges with

enterprises via inquiry, advisory, and consulting engagements highlight that major

challenges continue. Whats behind all of these difficulties? To address this

question and to get further insight into compliance and archiving challenges and

enterprise plans, Bloomberg commissioned Forrester to capture extensive survey

data from financial services firms.

To address this complex set of regulatory, compliance, and eDiscovery demands, many organizations have deployed a

mix of disjointed applications. The resulting application fragmentation itself can be a major challenge. Archiving and

retention management approaches, often built as separate, isolated, and incomplete initiatives, can't keep up with

current digital asset growth and the mandates that enterprises must follow to manage content proliferation. Fifty

percent of financial services decision-makers report that lack of integration across archiving, compliance, andeDiscovery applications inhibits their organizations cross-functional coordination for eDiscovery. Shifting from one

application to another during the eDiscovery process adds a "transformation tax" in the form of added cost, increased

time, and greater risk inconsistent technologies and policies add to eDiscovery pain.
http://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consultinghttp://www.forrester.com/consulting


5/12



Page 4

Figure 1

Financial Services Firms Face Challenges With An Array Of Compliance And Regulatory Obligations

Base: 187 North American decision-makers responsible for compliance, messaging, and legal risk mitigation at financial firms

Source: A commissioned study conducted by Forrester Consulting on behalf of Bloomberg, January 2011

Compliance Challenges Come In Many FormsFinancial services firms report that the cost of addressing compliance requirements, difficulties in integrating with

related systems, and slow response times stand out as major obstacles. Yet, potential reputational damage leads the list

of concerns stemming from regulatory oversight, reporting requirements, and investigations (see Figure 2). Reputations

matter a great deal in the financial services sector. Headlines matter consumers are fickle and often face low barriers

in shifting to alternate financial services providers. In addition to cost concerns associated with investigations and

eDiscovery, financial services firms take active steps to avoid allegations of improper activities or actual wrongdoing,

and these concerns can play a big role in rolling out compliance and archiving programs.

8%

27%

28%

30%

37%

35%

33%

36%

3%

10%

12%

14%

10%

12%

15%

19%

Other

The SEC Investment Advisers Act of 1940

Requirements related to outsourcing

Other record retention laws

Employee communications monitoring obligations

Recording and archiving requirements ofemployee communications

Litigation holds and other litigation requirements

Data privacy laws

Challenging Very chal lenging

Which of the following represent top regulatory and compliance challenges

as it relates to electronic communications for your organization?


6/12



Page 5

Figure 2

Compliance Challenges Stem From Multiple Concerns



Organizations Focus On A Broad Set of Content And Application Types for RegulationeDiscovery and regulatory requirements arent just about email. The revised US Federal Rules of Civil Procedure

(FRCP) highlight that a wide variety of electronically stored information can be relevant to eDiscovery. Seventy-eight

percent of our respondents state that they have been involved in extracting detail from email systems for investigation,

eDiscovery, or to respond to a regulatory request. The comparable figure is more than 35% for shared drives, physical

records, and Microsoft SharePoint repositories. Looking ahead, its clear that financial services firms have major

concerns about a broad array of content and application types (see Figure 3). For example, even with its relatively short

history, more than one-third of respondents rated regulatory concerns around social media as important and over half

give similar ratings to recorded voice data, instant messaging, and other types of unstructured and structured data.

49%

50%

47%

37%

18%

21%

27%

38%

Lengthy response times

Chal lenges integrating with related systems

Total cost of meeting these requiremen ts

Potential reputational damage

Concerned Very concerned

When thinking about the increasing amounts of regulatory oversight, reporting requirements,

and investigations, how concerned are you by each of the following?


7/12



Page 6

Figure 3

Multiple Content And Application Types Are Important For Regulatory Purposes



Half Of Financial Services Firms Plan To Adopt Hosted Compliance Solutions

Enterprises anticipate significantly expanding SaaS-based and hosted archiving and compliance applications. Forty-

nine percent of decision-makers in financial services expect to expand or roll out a hosted compliance archiving

solution prior to 2013 (see Figure 4). Historically, small and midsize financial services firms accounted for the largest

portion of customers for these solutions. Many of these companies grappled with a combination of very tight IT

budgets and strict regulatory requirements, and for them, cloud-based solutions were a good fit. With deeper pockets

and more extensive internal IT capabilities, however, many of their larger counterparts opted for traditional on-

premises software deployments to address archiving and compliance objectives. This market reality is rapidly changing.

For example, among financial services firms with 20,001 to 100,000 employees, 47% plan to roll out or expand a hosted

compliance archiving solution by the end of 2012 (see Figure 5) These results clearly demonstrate that a broad mix of

smaller firms and larger enterprises in financial services plan to adopt hosted compliance archiving solutions over the

next two years.

6%

17%

27%

36%

35%

36%

40%

33%

34%

32%

33%

25%

3%

17%

16%

19%

21%

23%

20%

29%

32%

42%

46%

57%

Other

Social media (e.g., Facebook, LinkedIn, Twitter)

Bloomberg Messaging

Recorded voice data (e.g., recorded phone calls and voicemail)

Corporate instant messaging

Microsoft SharePoint

Other document management/ECM

Mobile messaging (e.g., BlackBerry messaging)

Line-of-business applications (e.g., ERP, CRM)

Physical records

Shared drives/file shares

Email

Important Very important

How important are the following sources of regulated content to your organization?


8/12



Page 7

Figure 4

Half Of Financial Services Firms Plan To Adopt Hosted Compliance Solutions Prior To 2013



Figure 5

Firms Of All Sizes Plan To Adopt Hosted Compliance Solutions



Don't know22%

Yes49%

No29%

Do you expect your organization to expand or roll out a hosted compliance archiving

solution by the end of 2012?

Size Yes No Dont know N

501 to 1,000 employees 24% 31% 45% 29

1,001 to 5,000 employees 60% 29% 11% 45

5,001 to 10,000 employees 52% 26% 22% 27

10,001 to 20,000 employees 79% 5% 16% 19

20,001 to 100,000 employees 47% 37% 16% 38

More than 100,000 employees 38% 35% 28% 29

Do you expect your organization to expand or roll out ahosted compliance archiving solution by the end of 2012?


9/12



Page 8

Total Cost of Ownership and Deployment Speed Drive Hosted Compliance AdoptionSo, whats behind this anticipated increased adoption for SaaS-based and hosted archiving and compliance solutions?

Enterprises frequently express frustration with legacy on-premises message archiving software, and many are turning to

service-based approaches. In comparison with traditional software applications, top drivers leading to adoption of

hosted compliance archiving applications include perceptions of lower TCO, more rapid deployment capabilities, more

attractive cost models, and other deployment and functional advantages (see Figure 6). As vendors continue to address

security, operational, privacy, and legacy concerns associated with these deployment models, Forrester expects

adoption of SaaS-based and hosted archiving and compliance to increase at a rapid clip.

Figure 6

Low Cost, Rapid Deployment, And Attractive Cost Models Drive Hosted Compliance Archiving Adoption

Base: 92 North American decision-makers responsible for compliance, messaging, and legal risk mitigation at financial firms that plan to adopt a

hosted compliance archiving solution


3%

33%

39%

39%

45%

49%

59%

60%

Don't know

New regulatory requirements require an improved solution

Superior compliance and archiving features andfunctionality compared with on-premises alternatives

Global solution that can be easily deployed to all regions

Improved search and retrieval capabil ities compared withon-premises alternatives

More attractive cost model (impacting overall operational asopposed to capital budget) than on -premises alternatives

Easier and faster to deploy and manage than on-premisesalternatives

Lower overall total cost of ownership (TCO) than on-premises alternatives

What factors are driving your organization to expand or roll out a hosted compliance archivingsolution by the end of 2012?


10/12



Page 9

KEY RECOMMENDATIONS

Regulatory requirements and eDiscovery pain are driving many organizations to expand or roll out archiving and

compliance solutions. Over the next 24 months, about half of financial services firms plan to adopt hosted compliance

archiving solutions to address these needs. This represents a major market shift, and as companies go down this path theywill need to navigate carefully. Forrester recommends that financial services firms:

Take a close look at capturing advantages from cloud-based approaches but exercise caution. Hosted and

SaaS-based compliance and archiving applications can deliver significant TCO, deployment speed, and other

benefits, but companies should closely consider contractual and other supplier considerations. In addition to well-

defined service-level agreements, enterprises should document provisions for security, potential data loss, and

physical location of the data and ensure that these are sufficient for your organizations legal and corporate

guidelines. Ultimately, youre on the hook for your content. Its important to recognize that cloud-based

approaches dont absolve responsibility.

Dont expect to boil the ocean, but plan for a broad range of content and application types. Litigation,

investigations, and other regulatory actions often center on email. The survey findings, however, clearly show that a

broad range of content and application types are critical from compliance and eDiscovery perspectives. Of course,

its not feasible to apply archiving and compliance controls across all content types simultaneously. Instead,

Forrester recommends focusing on content types and applications that provide the greatest legal risk mitigation

and IT benefits, while weighting vendors cross-application functionality heavily during the selection process. Also,

while eDiscovery demands loom largest in the US, litigation and compliance requirements affect organizations

globally. Financial services firms must determine archiving needs across numerous country, regional, and local

regulatory requirements.

Make sure that you dont shift your digital landfill to the cloud. Many enterprises report difficulties in

establishing retention policies and synchronizing legal hold functions. All too frequently, companies end up stalling

on developing these policies and may simply not delete content due to litigation concerns. As a result, many

organizations are steadily building up a digital landfill that creates IT and legal risk mitigation burdens. In

transitioning to cloud-based approaches for archiving and compliance, financial services firms will need to ensure

that they develop and implement retention and legal hold policies for content captured by their service providers.

Emphasize stakeholder alignment. Without sufficient cross-functional collaboration across IT, legal, compliance,

records management, business, and other roles in developing retention policies, organizations often stumble with

change management, risking archiving and compliance program success. Make sure that your firm applies

appropriate attention to aligning stakeholders in developing policies and gathering system requirements and look

to support these efforts with governance structures.

Take a close look at how your cloud solution will integrate with related applications. Fragmentation across

archiving, compliance, and eDiscovery applications frustrates enterprises and leads to increased cost and risk

during litigation and investigations. Financial services firms evaluating offerings should be leery of end-to-end

vendor claims as these often reflect marketing hype as opposed to actual tight application integration. Companies

should expect to work with different providers to support archiving and compliance and broader eDiscovery needs,

but vendors with demonstrated integrated functionality (delivered natively or via proven partnerships) can

facilitate archiving and compliance objectives.


11/12



Page 10

Appendix A: Methodology

In this study, Forrester conducted an online survey of 187 decision-makers in North America from financial services

organizations to understand the regulatory and compliance challenges and concerns related to electronic

communications. Survey participants included decision-makers responsible for compliance, messaging, and legal risk

mitigation in firms with more than 500 employees. The survey began in December 2010 and was completed in January

2011.

Appendix B: Supplemental Material

Related Forrester ResearchThe Forrester Wave: Message Archiving Software, Q1 2011, Forrester Research, Inc., March 4, 2011

Q&A: eDiscovery Fundamentals For Content & Collaboration Professionals, Forrester Research, Inc., December 15,

2010

Q&A: Message Archiving Fundamentals For Content & Collaboration Pros, Forrester Research, Inc., September 7,

2010

Regulatory And eDiscovery Demands Drive A Growing Message Archiving Market, Forrester Research, Inc., March

17, 2010


12/12



Appendix C: Demographics/Data

Figure 7We Captured A Wide Distribution Of Organizations By Number Of Employees



Appendix D: Endnotes

1 Source: Forrsights Security Survey, Q3 2010.

2 Only 45% of respondents reported satisfaction with their current message archiving solution. Source: Q1 2010 Global

Message Archiving Online Survey, Forrester Research, Inc. Further findings from this survey are available. Source:

Regulatory And eDiscovery Demands Drive A Growing Message Archiving Market, Forrester Research, Inc., March

17, 2010.

501-999employees

16%

1,000 to 5,000employees24%

5,001 to 10,000employees

14%

10,001 to 20,000employees

10%

20,001 to 100,000

employees20%

More than 100,000employees

16%

"Using your best estimate, how many employees work for yourfirm/organization worldwide?"

1310997244 forrester bloomberg whitepaper

Documents