IQZ WORM Compliance Enterprise Solution

Inspiration

Financial industry deals and manages extremely sensitive customer and broker-dealer data that could be used to commit insider trading or if breached, leading to identity theft and or credit card fraud causing huge financial impact to the customers and hefty fines imposed by regulators on the firms who deals with the data. According to Javelin Strategy & Research, identify fraud resulted in $16.9 billion lost in 2019, and impacted 5.1% of customers. The Nilson report says payment card fraud losses reached $27.85 billion in 2019.

To prevent further catastrophe, the industry has built a wall around this data in the form of regulation. Electronic records pertaining to customers and broker-dealer must be archived, not able to be destroyed nor tampered. This regulation is achieved by storing these sensitive data in *Write Once Read Many (WORM) * format in a WORM compliant storage (DB).

*“Over the past decade, the volume of sensitive financial data stored electronically has risen exponentially and there have been increasingly aggressive attempts to hack into electronic data repositories, posing a threat to inadequately protected records, further emphasizing the need to maintain records in WORM format.” – FINRA *

At IQZ, we take pride in solving world business problems. This inspired us to build a scalable solution that is faster to implement, easier to integrate with any WORM compliant storage system that will help protect and prevent from alteration and destruction of data. *We chose Pega, the low-code, no-code model driven platform and Pega’s Center-Out business architecture to build the solution to crush the complexity. *

What it does

The application is called TPAC. TPAC stands for Third Party Access Request and Compliance System. Though the application is built for financial industry, this application can be used in any industry that deals with PI or PHI compliance as well. The goal of this project is to build a compliance system for the finance industry to meet SEC and FINRA's WORM compliance requirements. We chose a specific use case where a broker firm needs to save vendor data and related attestation details in a WORM storage when they onboard a 3rd party service provider who will have access to extremely sensitive data. This storage mechanism allows the agreement to be kept safe, untampered and unremoved for certain period of time determined by the regulators. We built the solutions using Pega Infinity and an API integration to Azure's WORM storage on cloud. So, we push the case to Azure storage upon completion of the case in Pega. This solution is scalable and can integrate with any WORM on-prem or cloud storage such as AWS or GCP. This solution helps broker firms avoid millions of dollars in fine.

How we built it

We build the solution in Pega to offer the flexibility for enterprises to use this for any case types. You could literally turn any case type into WORM compliant by configuring steps in a case management application. The application was built using Pega 8.4 with Angular front-end to enable compliance team to toggle on and off WORM compliance based on their legal requirements. WORM compliance storage is provisioned via Microsoft Azure. This is another classic example of including multi-cloud solutioning approach with Pega hosted on AWS integrating with Microsoft Azure.

Challenges we ran into

When the team gathered to hash out the use case, to our surprise, every team member presented a unique use case from the financial industry that requires this solution. This posed a challenge on which use case we should address. We used *Design Thinking and Pega’s Micro Journey approach * to evaluate each of the use cases, its merits and demerits, the financial impact it can address, other positive impacts, and the value it brings to the industry.

Accomplishments that we're proud of

The application we have built helps brokerage firms meet the compliance by storing electronic data and attestations from the 3rd party firms when they are onboarded as a vendor and have the approval to access the overly sensitive data from the brokerage firms. This helps the brokerage firms meet the WORM compliance and avoid millions of dollars in fine. We are very happy with the accomplishment of identifying the use case and executing it.

What we learned

We were not aware of the hefty fines financial and brokerage firms are subjected to if they do not meet the WORM compliance requirements. We understood the business impact and how we as a solution provider can better enable & empower our clients and help them avoid major legal penalties.

What's next for IQZ WORM Compliance Solution

A lot of possibilities :smiley: We believe that we are just scratching the surface of using Pega not only for digital transformation but also using the power of the platform to help clients be legally compliant for various regulatory requirements like HIPPA, PII, and SOX