A firm must arrange for orderly records to be kept of its business and internal organisation, including all services and transactions undertaken by it, which must be sufficient to enable the FSA or any other relevant competent authority under MiFID or the UCITS Directive4 to monitor the firm's compliance with the requirements under the regulatory system, and in particular to ascertain that the firm has complied with all obligations with respect to clients.
In relation to its MiFID business, a common platform firm must retain records in a medium that allows the storage of information in a way accessible for future reference by the FSA or any other relevant competent authority under MiFID, and so that the following conditions are met:
it must be possible for any corrections or other amendments, and the contents of the records prior to such corrections and amendments, to be easily ascertained;
it must not be possible for the records otherwise to be manipulated or altered.
[Note: article 51(2) of the MiFID implementing Directive]
Subject to any other record-keeping rule in the Handbook, the records required under the Handbook should be capable of being reproduced in the English language on paper. Where a firm is required to retain a record of a communication that was not made in the English language, it may retain it in that language. However, it should be able to provide a translation on request. If a firm's records relate to business carried on from an establishment in a country or territory outside the United Kingdom, an official language of that country or territory may be used instead of the English language.1
In relation to the retention of records for non-MiFID business, a firm should have appropriate systems and controls in place with respect to the adequacy of, access to, and the security of its records so that the firm may fulfil its regulatory and statutory obligations. With respect to retention periods, the general principle is that records should be retained for as long as is relevant for the purposes for which they are made.1
1The Committee of European Securities Regulators (CESR) has issued recommendations on the list of minimum records under Article 51(3) of the MiFID implementing Directive. This can be found at: www.fsa.gov.uk/pubs/other/CESR_Minimum_List_Recommendations.pdf.