For most broker-dealers one of the biggest challenges they face is achieving and maintaining complete data compliance across the entire organization. The multitude of industry regulations surrounding data compliance makes this especially complex for small firms that lack their own internal compliance and IT staff. Inadequate funds and reduced budget also make it difficult for these companies to build and maintain their own data compliant systems in-house. Simply archiving email is not enough today - all data across all systems must be addressed.
Each broker-dealer (regardless of size) must address the data compliance regulation defined in four main rules:
1. 17a-3 - Books and Records maintenance (SEC)
2. 17a-4 - Books and Records Retention (SEC)
3. 3510 - Business Continuity Planning (NASD/FINRA)
4. 3010 - Electronic Record Supervision (NASD/FINRA)
Despite this complexity, a broker-dealer firm will achieve 90 percent of these requirements if they perform (1) remote data backup, (2) long-term archiving and (3) disaster recovery planning. The last 10 percent of a data compliance plan involves documentation and supervision. Reaching these minimum requirements alone are key and must form the basis of a data compliance plan for firms to experience success during an SEC audit and ensure confidence in protecting customer records.
In order to successfully meet these mission critical compliance demands broker-dealers need a complete solution designed to address emails, books and records, databases, systems configuration and all other relevant communication across the entire operation.
This critical data needs to be consistently backed up and kept separate from originals, archived off site according to specific retention rules – and made available within 48 hours of any disaster or critical business disruption.
AdvisorVault is the only third party storage provider with the built-in capability to provide broker-dealers with a complete remote backup, long-term archiving and disaster recovery solution. Our out-of-the-box approach for data backup, archiving and recovery is designed to ensure compliance with the stringent rules broker-dealers face today from the SEC and FINRA (including newly consolidated rule from NASD and the NYSE).
A large source of confusion for broker-dealer firms is the requirement for a designated third party storage provider (D3P). Two main questions often arise.
1. What is the broker-dealer’s responsibility in choosing a data compliance partner as their D3P?
- It is critical that the broker-dealer establish a relationship with a third party that has the ability to provide the SEC (or other securities regulators) with independent access to their retained electronic records and information.
2. What are the third party’s responsibilities?
- Notify the SEC (or other designated securities regulators) in writing of their intention to fulfill the third-party access and download function for the broker-dealer
- Provide securities regulators with the information they need to download electronic records from the broker-dealer’s systems at the regulator’s request
- Provide securities regulators with access to records and information stored on the broker-dealer’s systems independently of the broker-dealer, even if the broker-dealer is not cooperating with the regulator
- Preserve records in a non-rewriteable, non-erasable format or one that prevents their overwriting, erasing, or otherwise altering during its required retention period through the use of integrated hardware and software codes
- Verify automatically the quality of the backup process and index records preserved on the storage media
Our comprehensive turnkey service offers a complete approach to achieving and managing data compliance for broker-dealer firms. We address six key technical areas and the related compliance rules contained within each.
STEP ONE - Remote data backup and Rule 17a-3
In efforts to assist securities regulators when conducting sales practice examinations of broker-dealers, particularly examinations of local offices, broker-dealers are subject to rule 17a-3, and as a result must make all effort to retain, protect and promptly reproduce documents relating to its books and records.
These recordkeeping requirements apply to a wide range of items such as purchase and sale documents, customer records, associated person records, customer complaints, and certain other matters. In addition, new amendments have expanded the types of records that broker-dealers must maintain and require them to promptly produce certain records at each office to which they relate.
Advanced backup technology. Designed for broker-dealers:
Achieving these stringent data protect rules contained in 17a-3 is the first step in the AdvisorVault data compliance process. This is done by ensuring required records are remotely and securely transferred each night. Using a pre-configured appliance with AdvisorVault’s unique remote backup software, the unit is shipped to the broker-dealer's office or offices and attached to the local network. AdvisorVault manages the process from then on and takes a complete snapshot of all required records. Using an advanced crawl technology, the AdvisorVault backup appliance finds all data on servers, PC, or any storage device on the network and securely transfers the data each night to the AdvisorVault remote data centre.
Branch offices, home, remote and traveling users are easily added into the AdvisorVault process to ensure complete compliance across all systems and locations is maintained.
STEP TWO - Long-term data archiving and Rule 17a-4
While rule 17a-3 addresses the backup of specific broker-dealer records, rule 17a-4 defines in detail the time requirements and type of hardware that can be used to store this archived data. This is especially important for broker-dealer firms and archiving data incorrectly could result in very costly storage disks, or not archiving enough will leave gaps and result in missing data for the review process.
The right retention for the right data
Archiving is built into the AdvisorVault and is automatically preformed at the remote data centre where the regular daily backup data resides. And due to AdvisorVault's understand of broker-dealer compliance, the correct data is kept for the exact amount of time. this avoids extra storage cost for unnecessary data. All archived data is kept in a non-rewritable format and can be recovered for regular review or during an audit
STEP THREE - Disaster Recovery and Rule 3510
Backing up and archiving data is the foundation of a broker-dealer's data compliance strategy. However, each firm is required to address how they plan to respond to a significant business disruption. Access to customer records, email and other critical documents during a disaster must be achieved in a timely manner such as a 48 hour window.
Data recovery confidence
The purpose of rule 3510 is to provide guidelines for customers to assess a broker-dealer's ability to maintain a level of service in the event of a disruption. AdvisorVault helps with this step and provides a method to retrieve all records at any time from any location. Because of the built in flexibility of the AdvisorVault remote backup software, even a major disaster at a central office can quickly be recovered from immediately by restoring electronic records to an alternate site, with or with out an Internet connection
STEP FOUR - Assign designated third party downloader D3P
Selecting the right third party downloader is critical for every broker-dealer and this becomes a key component in maintaining data compliance. Especially In the case of personnel changes in IT, corporate partnerships with other broker-dealers using different systems, destruction or loss of data. It is also important to have the ability to access data stored on legacy systems (after firms have upgraded or purchased new and different storage technologies)
The natural choice for broker-dealer
Since AdvisorVault solves all other requirement in data protection and archiving for broker-dealers we can easily act as the third party downloader, thus giving customers substantial efficiency by using one vendor for these extra data compliance requirements
STEP FIVE - Compliance documentation and Electronic filing requirements
After establishing processes and procedures to achieve data compliance, broker-dealer firms must create and make available the correct documentation supporting these initiatives.
Templates on demand
To accomlish this step, AdvisorVault provides the expertise to help broker-dealer firms create:
- Business Continuity Planning documentation
- Both Third party and broker-dealer electronic storage media letters
STEP SIX - Post all required "immediate disaster" documentation in accessible area
In the event a major disaster is declared, documents outlining the disaster recovery process must be instantly available. Failing to access this information may hinder the quick response and action steps needed to put the recovery plan in place. Ensuring all business continuity planning documentation is always available is the final step in achieving complete data compliance.
The Electronic Workspace for "always available" documents
Using this built in feature of AdvisorVault, broker-dealer firms will now have an "always available" location for posting and accessing business continuity planning documentation in the event of a major disaster. Even if all of a broker-dealers systems and data are inaccessible, this documentation is stored separately and will always be there to ensure the BCP plan can be immediately accessed and set in motion.
For a free assessment of your specific needs or to try our one-month trial offer contact us today.
Toll Free 1-866-925-1941
|
