Record Keeping and Data Compliance
With End of Financial Year just past and new year is upon us, it is an important time to consider your strategy in relation to record keeping and data compliance. All businesses have a responsibility to maintain certain types of records for a period of time for auditing and referencing purposes. In most cases, your daily backups won’t meet these requirements as they will generally only provide a few months of retention at best. It is most important to ensure this is done from a compliance perspective however it is always good to have your information at hand in the event that it needs to be referred back to in the future (Eg. For a legal matter).
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) states that at a minimum, most businesses must keep a record of all data for a minimum period of 7 years. The below extract from the AUSTRAC website gives a bit more information in relation to the minimum requirements.
| Type of record | Period of retention |
| Transaction records | Seven years after making the record |
| Records about EFTIs | Seven years after the transfer instruction was passed on to the person |
| Records of identification procedures | For the life of the customer relationship and for seven years after the reporting entity ceases to provide all designated services to the customer. |
| Verification information – credit reporting agencies | Seven years after the request was received by the credit reporting agency |
| Verification information – reporting entities | For the life of the customer relationship and for seven years after the reporting entity ceases to provide all designated services to the customer |
| Records of customer identification procedures carried out by a second reporting entity – where the first reporting entity gives a copy of the record to a second reporting entity | For the life of the customer relationship and for seven years after the second reporting entity ceases to provide all designated services to the customer. |
| Records relating to open accounts transferred between ADIs | Seven years after the reporting entity receives the document/record |
| Records relating to closed ADI accounts | Seven years after the giving of the second document |
Records of
| From the date the AML/CTF program was adopted until seven years after the program ceases to be in force. |
| Records about due diligence assessments of correspondent banking relationships | For seven years after making the record |
| Remittance registration records | Until the remitter’s registration with AUSTRAC ceases. |
Reference: http://www.austrac.gov.au/chapter-8-amlctf-record-keeping-obligations
The above is a guideline for all businesses however it is important to check the requirements specific to your industry. Businesses within the Legal, Medical and Financial industries must comply with much stricter guidelines than those listed above.
At this time of year, even if you don’t have these levels of data retention in place it is an opportune time start by completing EOFY backups of your systems. By completing this each year, you continue to expand your data retention periods, whether it be a full system backup to a secure external storage medium or implementation of an ongoing cloud based solution which is largely self-managed.
With the advent and progression of Cloud technologies, it has become easier than ever to get started. Products like Microsoft Azure provide a largely ‘Set and forget’ solution, with minimal ongoing management which eliminates human error (Eg. It was forgotten this year, the medium was damaged etc). The big plus is that it is extremely affordable, starting from as low as $20 per month. Put in comparison to the cost of a standard Backup Drive or Tape, it proves to be a compelling solution.
Get started today and make sure you are meeting your industry compliance and record keeping requirements. Contact one of our friendly staff to discuss how you can get started.
