Proving regulatory compliance requires meticulous record keeping, including records of a company’s website and social media. Even if you follow each regulation carefully, without an immutable archive and corresponding audit trail, there is no way to confirm it to regulating bodies.
Many years ago, when the internet was new, organizations may have only had a handful of web pages to manage, and meeting compliance requirements might have been handled with screenshots or even physical printouts. But those days are long gone. Today’s advanced Content Management Systems (CMS) handle thousands of complex web pages for a single enterprise, but companies in highly regulated industries such as finance and insurance still have to maintain archives to meet their regulatory compliance obligations.
Four Examples of Regulation Requiring Archiving
FINRA Regulatory Notice 10-06 specifically requires that any firm communicating with the public online retain records of communications related to its business.
FINRA Regulatory Notice 11-39 clarifies that “[w]hether a particular communication is related to the business of the firm depends upon the facts and circumstances [of the communication]. This analysis does not depend upon the type of device or technology used to transmit the communication.”
Links are potentially problematic too. Regulatory Notice 11-39 states that “Firms may not establish a link to any third-party site that the firm knows or has reason to know contains false or misleading content. A firm should not include a link on its website if there are any red flags that indicate the linked site contains false or misleading content.”
FINRA Regulatory Notice 17-18 extended that rule to other forms of communication and noted that before a firm can use a method to communicate with customers about its business, it “must first ensure that it can retain records of those communications as required.”
Additionally, Securities Exchange Commission (SEC) Rule 17a-4(f), which allows and governs the storage of books and records in electronic format, notes that those records must be “preserve[d] exclusively in a non-rewriteable, non-erasable format (WORM).”
Three Advanced CMS Challenges for Legacy Archiving Software
Traditional web archiving tools—such as PDF capture and screenshots—are ineffective at capturing the complex user experience (e.g. dynamic web applications or personalized UX) within an advanced CMS. Also, these legacy methods usually require a person to navigate a site and manually archive pages, which introduces the significant possibility of human error.
Here are three key challenges when archiving modern websites:
Screen capture methods, whether they generate PDFs or image files, create static representations of dynamic websites, rendering all of the dynamic elements that make modern websites so user-friendly nonfunctional. These still images miss out on interactive elements like drop-down menus, toggles, fillable forms, calculators, and other complex tools.
PERSONALIZED CUSTOMER JOURNEYS
Advanced CMSs allow variations in web pages based on an individual user’s cookies or log-in credentials. Traditional archiving methods would only be able to capture the singular static instance, but when websites are highly customizable depending on who is browsing them, a single static archive isn’t good enough for compliance. Instead, each possible customer journey must be archived.
ONGOING SITE MAP MAINTENANCE
Most traditional archiving solutions require the site administrator to provide an up-to-date site map, so the archivist knows which pages to capture. Providing a site map requires keeping track of and listing out every single page that should be captured. This requires ongoing site map maintenance every time a page is added. With advanced CMSs, web pages or page versions may be added on a daily basis, making site map upkeep overly burdensome and prone to human error.
Facing difficult challenges with website compliance? Download The Guide to Archiving Advanced Content Management Systems!