Archiving Challenges and Priorities: Apply Lessons Learned from a Regulated Industry

By Stephen Marsh -- Founder and CEO; Smarsh Inc.
in

Compliance with SEC and FINRA electronic communication mandates has driven significant growth in the message archiving market, and the sophisticated needs of this audience have, in turn, accelerated technological development. All indications for 2010 suggest the expansion of regulatory oversight to more businesses, as well as more sophisticated obligations for those already managing compliance initiatives.

Electronic communication compliance obligations are bound together by themes of risk management and mitigation, transparency and consumer protection. These issues span all industries, regulated or not, and virtually every business benefits from litigation or eDiscovery preparedness efforts.

With that in mind, what are some of the message archiving challenges and priorities in financial services for the year ahead, and what can businesses of all stripes learn from their most-regulated peers?

Test your system, produce your data. If your company needs to produce messages from the archive for compliance or litigation purposes, make sure that system performance measures up to expectations. Technology has in many ways changed the definition of “reasonable” when it comes to the time period allotted for data production. Test your archiving system or service provider, so that when necessary, you can confidently and efficiently produce requested data sets with specific search criteria from the archive.

Social media cannot be ignored. Social media’s emergence as a communication tool is providing great value and benefit to businesses, but does not come without legal or reputational risk. FINRA has created an internal task force on social networking that will “explore how regulation can embrace technology advancements in ways that can improve the flow of information between firms and their customers without compromising investor protection.”

The lesson here is simple: these tools are growing in popularity, they’re going to be used by your employees, and your company had better be prepared. At a minimum, implement a policy to govern usage of social media at your company.

Enforce and evaluate your policies. Policy by itself is virtually useless without enforcement. Oversight of employee usage of the corporate email system, instant messaging and social media channels is absolutely critical to manage and mitigate risk. Message archiving technology enables companies to monitor and automate policy enforcement with systematic precision.

In the coming year, FINRA members will need to be more prepared to demonstrate the effectiveness of their electronic messaging compliance policies. Solutions need to document oversight, providing a comprehensive audit trail of every action taken within the system. This serves as evidence of message review and illustrates policy enforcement. It also fosters accountability among multiple managers tasked with message review.

Are your system supervision procedures uncovering problematic employee behavior, and if so, what is being done to address it? The data from a comprehensive auditing system should be quantifiable and will lend empirical insight into whether a policy is working as designed. If not, fine-tune your policies with appropriate adjustments.

Finally, it should come as no surprise that the protection of consumer data has emerged as a top consideration for regulators, and applies to every facet of business operations. FINRA is looking for member firms to implement, enforce and evaluate policy dedicated to protecting consumer data at rest and in-transit. From the FTC Red Flags Rule and state laws, to the growing risk of financial and reputational damage that occurs with data breaches, organizations must implement policy and enforcement procedures to protect against inadvertent or malevolent disclosures of confidential customer data.

Stephen Marsh -- Founder and CEO; Smarsh, Inc.
Stephen Marsh built Smarsh into a premier email archiving and compliance vendor, helping companies in the strictly-regulated financial services industry satisfy SEC and FINRA regulatory obligations. Prior to founding the company, Steve led product management and development efforts at CCBN, now a division of Thomson Financial, a market leader in investor relations communications services. He also gained experience working at both Fidelity Investments and Morgan Stanley Dean Witter.

Bookmark/Search this post with:
  • Forward
  • Reprints
  • Twitter
  • Facebook
  • Digg
  • del.icio.us
  • LinkedIn
  • StumbleUpon
  • Technorati
  • Google
Published December 31, 2009