The long-term archiving of data for compliance is probably the biggest challenge facing small financial firms today. SEC rule 17a-4 lays out some very specific guidelines surrounding the retention of electronic records and FINRA members who fail to keep critical data and communication for the required amount of time risk audit failure and large fines. But small financial firms such as broker-dealers, independent financial advisors and boutique wealth management companies do not have the manpower to manage this process in-house, to effectively ensure they meet SEC and FINRA rules surrounding the long-term of retention of data, they need to hire an outside vendor.
However, they need to select a vendor that understands their unique needs, while keeping the overall cost of compliance down. There are three key requirements FINRA members need to look for in a vendor to help them outsource the long-term archiving of data in compliance with SEC rules.
1. Archiving of Various Data Types
When selecting a vendor to outsource the long-term archiving of electronic records, small financial firms need a provider that can backup and retain a wide range of data types. Ensuring they meet the requirements outline in SEC/FINRA rule 17a-3 in conjunction with rule 17-4, they must take into account data contained in the Books and Records, systems configuration, and all communications such as email, instant messaging and social media. In addition, the vendor must be able to retain the original data formats so that historical records can be accessed by compliance officers and auditors at any time.
Essentially, when a member of FINRA seeks a vendor to help them with the long-term archiving of data, it is important that the provider fully understand the specific requirents: ie. That current and historical data must be accessed used old legacy systems. This is not only important for on-going compliance reviews, but also during audits. So firms will find it beneficial to be able to provide auditors with archiving data in formats that can be easily read, and in essence, this will speed up the auditing process and ensure FINRA staff are out the door quickly.
2. Retention of data in a non-rewritable format
Once the proper formats of data are being archived and made accessible to auditors and compliance offices, FINRA firms need to be sure the data is stored on non-rewriteable media, also known as Worm storage. This is hard disk used by the provider that is storing the historical data on disk technology prevents the deleting or overwriting of data. This is a critical component of SEC data retention rules, and FINRA members must ensure they are using a provider that has implemented WORM disk to store their data.
3. Quick Recoverability
It is important that FINRA members select a vendor that can recover all current and archived data within a timely manner, usually within 48 hrs. This is an important aspect of FINRA Business Continuity Planning (BCP) process and should be a feature included with the vendor’s service. Often, archiving vendors will have several methods to allow for the recoverably of customers data, depending on the severity of the failure. For example, if systems are temporarily down due to a minor disaster, the vendor should offer a web interface access to archived data so customers can still view data in the interim while the systems are being recovered; in the event of a major disaster, the vendor should be able to make a full copy of its customer’s data on a removable drive and drop ship it to any location so the customers can fully recovery at a secondary disaster site.
The Business Continuity Planning (BCP) requirement is closely connect to the long-term archiving of data. Ensuring the same vendor who is performing the long-term archiving of data can also quickly recover critical systems in the event of a disaster is key to simplifying the data compliance strategy, it will also help to keep the overall costs of compliance down and speed up the auditing process.
Summary
Small financial firms need to outsource the long-term archiving of electronic records for compliance. Because of the lack of in-house expertise, they need to find a vendor who understands their unique requirements and can retain the data in the proper format and make it readily available in the event of a disaster or during audits. Choosing the right provider is critical to keeping the cost down and simplifying the process, failing to assign the proper third party can be costly and result in audit failure, large fines and untimely impact customer confidence.
About AdvisorVault
AdvisorVault, http://www.advisorvault.org, is the only remote backup provider specifically designed to help small broker-dealer firms achieve today’s stringent data compliance requirements. With our designated third-party status (D3P) we help small firms achieve all the required data compliance rules defined in 17a-3 & 17a-4, as well as the supervisory and disaster recovery demands contained in FINRA rules 3510 and 3010
By far the most confusing aspect of FINRA’s audit process deals with data compliance, and in particular the long-term archiving and supervisions of data such as books and records and emails in accordance with SEC and FINRA rule 17a-4. This is especially difficult for small financial firms such as broker-dealers, investment advisors and wealth management firms who don’t have large budgets to hire full time IT staff to manage this process themselves.
Naturally, the increased complexity of technology today has also compounded the problem; especially the explosion of mobile workers who now have critical data spread across the entire organization on laptops and handheld devices. Attempting to apply specific SEC and FINRA rules to ensure the long-term archiving and supervision of this dispersed data is a huge task and demands a deep understand of technology...
Download file
G.W. Sherwold Associates Inc, a registered Investment Advisory Firm, selects AdvisorVault for its electronic records archiving in accordance with FINRA and SEC rules.
In the press release today,
Allan Lonz, President of AdvisorVault, said small broker-dealers like Sherwold are a perfect fit for the solution. “For one low monthly fee, AdvisorVault offers a unique approach that achieves all today’s data compliance needs. The service automates the archiving of books and records and other data – including retention and supervision of email” Lonz added: “No other provider has tailored their service to small broker-dealers, we also provide the Designated Third Party service (D3P), to make sure this additional requirement is also met.”
A Solution Designed for Small Firms
Small financial firms have to deal with some of the most complex data compliance regulation in the industry. For example rules 17a-3 and 17a-4 demand they ensure critical records are properly archived for up to seven years and readily accessible during an audit or in the event of a disaster. But for most firms, managing this process themselves can be overwhelming. Also they don’t have the budgets to employ expensive consultants or purchase complex software.
Another major issue they have to deal with is the assignment of the Designated Third Party (D3P). Because of this rule, firms must assign an outside third party who has a copy of their data and can access it, making it available to auditors in a timely manner. This poses a major challenging for firms and finding the right provider who fully understands this rule is difficult, at the same time outsourcing this function to the wrong company can have huge ramification. It is important to have one provider such as AdvisorVault who can streamline and reduce the cost of the complete compliance process.
AdvisorVault has designed the solution to address all these challenges small financial firms face, especially broker-dealers, investment advisors and wealth management firms. The product is an automated process that runs seamlessly within its customer systems. It ensures all critical data on systems at head office, at branch locations and on laptops is continuously backed up and archived in accordance with all today compliance rules.
A Unique Approach
The AdvisorVault approach is unique because it includes everything financial firms need, and in the past firms had to engage several vendors for all these various data compliance tasks. Now for one low monthly fee AdvisorVault has bundled it all in one. This complete “Out of the box” approach also simplifies the whole auditing process and firms can now rely on one provider when auditors ask for proof of data protection and archiving of electronic records in accordance with SEC and FINRA rules.
In the end though, this helps to make sure auditors are out of the door quicker. But most importantly, no gaps are found in the data compliance process so the highest level of customer confidence is maintained at all times.
---------------------------------------------------------------------------------------------------------