Record Keeping and Data Compliance

With End of Financial Year just past and new year is upon us, it is an important time to consider your strategy in relation to record keeping and data compliance. All businesses have a responsibility to maintain certain types of records for a period of time for auditing and referencing purposes. In most cases, your daily backups won’t meet these requirements as they will generally only provide a few months of retention at best. It is most important to ensure this is done from a compliance perspective however it is always good to have your information at hand in the event that it needs to be referred back to in the future (Eg. For a legal matter).

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) states that at a minimum, most businesses must keep a record of all data for a minimum period of 7 years. The below extract from the AUSTRAC website gives a bit more information in relation to the minimum requirements.

Type of recordPeriod of retention
Transaction recordsSeven years after making the record
Records about EFTIsSeven years after the transfer instruction was passed on to the person
Records of identification proceduresFor the life of the customer relationship and for seven years after the reporting entity ceases to provide all designated services to the customer.
Verification information – credit reporting agenciesSeven years after the request was received by the credit reporting agency
Verification information – reporting entitiesFor the life of the customer relationship and for seven years after the reporting entity ceases to provide all designated services to the customer
Records of customer identification procedures carried out by a second reporting entity – where the first reporting entity gives a copy of the record to a second reporting entityFor the life of the customer relationship and for seven years after the second reporting entity ceases to provide all designated services to the customer.
Records relating to open accounts transferred between ADIsSeven years after the reporting entity receives the document/record
Records relating to closed ADI accountsSeven years after the giving of the second document
Records of

  • the adoption of an AML/CTF program; and
  • a copy of an AML/CTF program
From the date the AML/CTF program was adopted until seven years after the program ceases to be in force.
Records about due diligence assessments of correspondent banking relationshipsFor seven years after making the record
Remittance registration recordsUntil the remitter’s registration with AUSTRAC ceases.

Reference: http://www.austrac.gov.au/chapter-8-amlctf-record-keeping-obligations

The above is a guideline for all businesses however it is important to check the requirements specific to your industry. Businesses within the Legal, Medical and Financial industries must comply with much stricter guidelines than those listed above.

At this time of year, even if you don’t have these levels of data retention in place it is an opportune time start by completing EOFY backups of your systems. By completing this each year, you continue to expand your data retention periods, whether it be a full system backup to a secure external storage medium or implementation of an ongoing cloud based solution which is largely self-managed.

With the advent and progression of Cloud technologies, it has become easier than ever to get started. Products like Microsoft Azure provide a largely ‘Set and forget’ solution, with minimal ongoing management which eliminates human error (Eg. It was forgotten this year, the medium was damaged etc). The big plus is that it is extremely affordable, starting from as low as $20 per month. Put in comparison to the cost of a standard Backup Drive or Tape, it proves to be a compelling solution.

Get started today and make sure you are meeting your industry compliance and record keeping requirements. Contact one of our friendly staff to discuss how you can get started.