AdvisorVault - Complete data compliance for Broker-dealer firms | remote data backup | long-term data archiving | disaster recovery | SEC, FINRA, NASD, NYSE data compliance solution for broker-dealer firms

The long-term archiving of data for compliance is probably the biggest challenge facing small financial firms today. SEC rule 17a-4 lays out some very specific guidelines surrounding the retention of electronic records and FINRA members who fail to keep critical data and communication for the required amount of time risk audit failure and large fines. But small financial firms such as broker-dealers, independent financial advisors and boutique wealth management companies do not have the manpower to manage this process in-house, to effectively ensure they meet SEC and FINRA rules surrounding the long-term of retention of data, they need to hire an outside vendor.

However, they need to select a vendor that understands their unique needs, while keeping the overall cost of compliance down. There are three key requirements FINRA members need to look for in a vendor to help them outsource the long-term archiving of data in compliance with SEC rules.

1. Archiving of Various Data Types

When selecting a vendor to outsource the long-term archiving of electronic records, small financial firms need a provider that can backup and retain a wide range of data types. Ensuring they meet the requirements outline in SEC/FINRA rule 17a-3 in conjunction with rule 17-4, they must take into account data contained in the Books and Records, systems configuration, and all communications such as email, instant messaging and social media. In addition, the vendor must be able to retain the original data formats so that historical records can be accessed by compliance officers and auditors at any time.

Essentially, when a member of FINRA seeks a vendor to help them with the long-term archiving of data, it is important that the provider fully understand the specific requirents: ie. That current and historical data must be accessed used old legacy systems. This is not only important for on-going compliance reviews, but also during audits. So firms will find it beneficial to be able to provide auditors with archiving data in formats that can be easily read, and in essence, this will speed up the auditing process and ensure FINRA staff are out the door quickly.

2. Retention of data in a non-rewritable format

Once the proper formats of data are being archived and made accessible to auditors and compliance offices, FINRA firms need to be sure the data is stored on non-rewriteable media, also known as Worm storage. This is hard disk used by the provider that is storing the historical data on disk technology prevents the deleting or overwriting of data. This is a critical component of SEC data retention rules, and FINRA members must ensure they are using a provider that has implemented WORM disk to store their data.

3. Quick Recoverability

It is important that FINRA members select a vendor that can recover all current and archived data within a timely manner, usually within 48 hrs. This is an important aspect of FINRA Business Continuity Planning (BCP) process and should be a feature included with the vendor’s service. Often, archiving vendors will have several methods to allow for the recoverably of customers data, depending on the severity of the failure. For example, if systems are temporarily down due to a minor disaster, the vendor should offer a web interface access to archived data so customers can still view data in the interim while the systems are being recovered; in the event of a major disaster, the vendor should be able to make a full copy of its customer’s data on a removable drive and drop ship it to any location so the customers can fully recovery at a secondary disaster site.

The Business Continuity Planning (BCP) requirement is closely connect to the long-term archiving of data. Ensuring the same vendor who is performing the long-term archiving of data can also quickly recover critical systems in the event of a disaster is key to simplifying the data compliance strategy, it will also help to keep the overall costs of compliance down and speed up the auditing process.

Summary
Small financial firms need to outsource the long-term archiving of electronic records for compliance. Because of the lack of in-house expertise, they need to find a vendor who understands their unique requirements and can retain the data in the proper format and make it readily available in the event of a disaster or during audits. Choosing the right provider is critical to keeping the cost down and simplifying the process, failing to assign the proper third party can be costly and result in audit failure, large fines and untimely impact customer confidence.

About AdvisorVault
AdvisorVault, http://www.advisorvault.org, is the only remote backup provider specifically designed to help small broker-dealer firms achieve today’s stringent data compliance requirements. With our designated third-party status (D3P) we help small firms achieve all the required data compliance rules defined in 17a-3 & 17a-4, as well as the supervisory and disaster recovery demands contained in FINRA rules 3510 and 3010

By far the most confusing aspect of FINRA’s audit process deals with data compliance, and in particular the long-term archiving and supervisions of data such as books and records and emails in accordance with SEC and FINRA rule 17a-4. This is especially difficult for small financial firms such as broker-dealers, investment advisors and wealth management firms who don’t have large budgets to hire full time IT staff to manage this process themselves.

Naturally, the increased complexity of technology today has also compounded the problem; especially the explosion of mobile workers who now have critical data spread across the entire organization on laptops and handheld devices. Attempting to apply specific SEC and FINRA rules to ensure the long-term archiving and supervision of this dispersed data is a huge task and demands a deep understand of technology...

Download file

G.W. Sherwold Associates Inc, a registered Investment Advisory Firm, selects AdvisorVault for its electronic records archiving in accordance with FINRA and SEC rules.

In the press release today, Allan Lonz, President of AdvisorVault, said small broker-dealers like Sherwold are a perfect fit for the solution. “For one low monthly fee, AdvisorVault offers a unique approach that achieves all today’s data compliance needs. The service automates the archiving of books and records and other data – including retention and supervision of email” Lonz added: “No other provider has tailored their service to small broker-dealers, we also provide the Designated Third Party service (D3P), to make sure this additional requirement is also met.”

A Solution Designed for Small Firms

Small financial firms have to deal with some of the most complex data compliance regulation in the industry. For example rules 17a-3 and 17a-4 demand they ensure critical records are properly archived for up to seven years and readily accessible during an audit or in the event of a disaster. But for most firms, managing this process themselves can be overwhelming. Also they don’t have the budgets to employ expensive consultants or purchase complex software.

Another major issue they have to deal with is the assignment of the Designated Third Party (D3P). Because of this rule, firms must assign an outside third party who has a copy of their data and can access it, making it available to auditors in a timely manner. This poses a major challenging for firms and finding the right provider who fully understands this rule is difficult, at the same time outsourcing this function to the wrong company can have huge ramification. It is important to have one provider such as AdvisorVault who can streamline and reduce the cost of the complete compliance process.

AdvisorVault has designed the solution to address all these challenges small financial firms face, especially broker-dealers, investment advisors and wealth management firms. The product is an automated process that runs seamlessly within its customer systems. It ensures all critical data on systems at head office, at branch locations and on laptops is continuously backed up and archived in accordance with all today compliance rules.

A Unique Approach

The AdvisorVault approach is unique because it includes everything financial firms need, and in the past firms had to engage several vendors for all these various data compliance tasks. Now for one low monthly fee AdvisorVault has bundled it all in one. This complete “Out of the box” approach also simplifies the whole auditing process and firms can now rely on one provider when auditors ask for proof of data protection and archiving of electronic records in accordance with SEC and FINRA rules.

In the end though, this helps to make sure auditors are out of the door quicker. But most importantly, no gaps are found in the data compliance process so the highest level of customer confidence is maintained at all times.

---------------------------------------------------------------------------------------------------------

The Truth about Remote Backup

Broker-dealer firms should look for the following features in a remote backup provider:

1. Comprehensive
Rule 17a-4 stipulates that a broker-dealer must protect and keep available the books and records relating to its business. This often covers a wide range of electronic records and it is vital that a remote backup provider is selected that can protect these various data formats. This must include data such as email residing on internal servers and on individual PCs such as PST files saved on users hard drives. Other documents that hold client information created with Microsoft Office Word, Excel, PDF reports and customer data imputed into databases should easily be supported. The software should be configured to initially capture a full backup of this data and then be set to run every night and backup the daily incremental changes from then on.

In addition to regular protection of this user data, a provider should have the built in ability to perform full-system state backups of critical systems to enable “bare metal” restored to alternate hardware. This will allow the quick recover of servers and their associated operating systems and programs in the case of complete failure.

2. Licensing Free Software
In choosing a remote backup provider, small-broker dealers should select a provider that does not charge software licensing. A cost based only on the amount of data stored eases administration and allows branch offices, remote and home users to be added easily to the data compliance process.

3. Completely Self Managed
Small broker-dealer firms can't spend valuable time managing backups. They should choose a provider who will completely administer the backup process and offer the ability to remotely connect to their software and immediately addresses problems when they arise. This should be included as part of the provider’s service to ensure missed backups do not leave gaps in a broker-dealers data compliance strategy.

4. Built-in Archiving
SEC rule 17a-4 poses particular challenges for small broker-dealers firms because of the specific technology required to achieve the long-term retention requirements of this mandate. In choosing a remote backup provider, it is critical that a firm understands the difference between backup and archiving. By default, to keep cost low, remote backup providers only store customer’s data on a limited retention basis using quick access hard disk. This will be set within their software to overwrite files that change frequently and keep only 10 to 30 versions of changes.

Unfortunately, this is not compliant and data that changes frequently will be overwritten. Therefore, older copies of files may not be available during an audit or in the event of a disaster. An additional archiving process must be added in this case to perform regular full “snap-shots” of data at least monthly and moved to non-rewriteable optical disks. This will then be stored securely for at least 6 years. Non-rewriteable DVDs are a perfect technology for this because of their capacity, durability and low cost.

5. Reporting
A provider’s backup software should have the ability to send automatic email reports to compliance officers for review. This will be part of the broker-dealer's supervisory duties and a key component of their regular compliance reporting and auditing procedures.

6. Ease of recovery
In the event of a disaster it should be easy for broker-dealers to restore data back to its original location or to alternate systems. Also, during SEC audits broker-dealers may be requested to reproduce current or archived data on separate media such as USB drives, CDs or DVDs so it can easily be reviewed by auditors. Ensuring a provider can easily restore this data to common file formats on alternate media will ease the audit review process. In addition, providers should be able to integrate seamlessly with FINRA’s Small Firm Emergency Partner Program and allow data to be immediately restored to a pre-designated partner firm at a geographically separate location.

Additional articles from AdvisorVault:

Disaster Recovery (DR) for Small Firms

As a backup provider to independent securities firms, I often ask customers, “If your office burned down to ashes, what would you do?” desperate stares aside, this particular question is aimed to get the DR juices flowing and help paint a complete picture of the worst case scenario. In reality though, answering this question is not easy, but it’s critical that broker-dealer firms have a strategy to recovery from a major disaster. More importantly, as members of FINRA regulated under the SEC they must create a Business Continuity Plan describing in detail how they will respond to events that significantly disrupt their business.

For larger brokerages, this is not a problem and a clear method exists for them: assign the proper resources to build a secondary DR site that replicates critical systems and at the main office. Then in the event of a disaster simply failover to this pre-configured infrastructure and continue operations as normal.

To read the full article click the link below:

http://www.prlog.org/10905539-laserfiche-and-sec-designated-third-party-d3p-by-advisorvault.htm

Designated Third Party (D3P)
Your Key to SEC Audit Success and Customer Confidence

Ensuring Success:

The FINRA Designated Third Party (D3P) requirement as outlined in rule 17a-3 &17a-4 is hands-down the most confusing aspect of data compliance. But it is critical that broker-dealer firms address this key mandate and make it a part of their data compliance strategy. In reality though, it is usually the last step taken once a firm has chosen a remote backup provider for their electronic records.

For small broker-dealer firms with limited time and budgets, finding the best partner to assist them with their D3P needs can be a daunting task. They need to choose a provider that can help them achieve these requirements effectively - choosing the wrong D3P can cause unnecessary burden and quickly increase the overall cost of data compliance. But more importantly failing to assign a D3P can result in SEC audit failure or cause serious damage to a firm’s reputation.

To read the full article click the link below:

http://www.prlog.org/10905539-laserfiche-and-sec-designated-third-party-d3p-by-advisorvault.html