However, there’s confusion about preparation. How do you begin? What types of electronic messages need to be saved for review? What communications policies will regulators want to see? Will you need help from external resources to manage the actual exam process?
While audits and examinations vary by company, regulator, and exam type, one thing is clear: regulators now request the production of multiple types of electronic communications records, with supporting compliance program documentation.
If your firm is missing some of the basic fundamentals that allow your compliance team to prepare for the electronic communications data production component of an examination or audit, it’s time to re-evaluate your program and policies, and bring them up to par with requirements.
Three signs your firm may not be FINRA/SEC compliant:
- Your firm doesn’t know what to archive.
The types of messages that regulators request expands every year, as businesses and their customers rapidly adopt new communications channels. Firms are being asked to produce email records, website pages, SMS/text messages, instant messages, Bloomberg/Reuters messages, social media, and even communications for internal collaboration platforms including Slack and Symphony.
While email is still the most common type of data requested, you can anticipate your firm will be asked to produce an array of electronic communications records, at what can feel like a moment’s notice. It’s the content that counts—not the medium or device that broadcasts the content. The content is what makes a message a business record, and drives the requirement for the archiving of any electronic communications channels that a firm and its employees use in the course of business.
- Your firm lacks supporting documentation related to archiving.
Your firm must also have access to supporting documentation that accompanies archive records, since this may be requested during an examination. This documentation includes evidence of electronic communications supervision, and written supervisory procedures. With written supervision procedures, regulators look at how a firm retains and captures messages, and its process for message review.
Evidence of policy enforcement for retention and supervision are also examined. Written supervisory procedures show regulators what actions your firm takes to identify risk and enforce compliance policy. Proof of supervision may include detailed audit trails that show documented review procedures, which help demonstrate policy enforcement and evaluation.
In short, your compliance team must be able to show evidence of supervisory systems that monitor your firm’s electronic communications for compliance with corporate policy. It’s not enough to just have the messages available.
- You don’t know how to archive (or why it’s important)
If your firm doesn’t have an archiving solution that helps your compliance team capture, archive, search, supervise and produce many different types of messages on a wide variety of communications platforms, you can be caught in a bind at examination time. Since regulators may ask for records of all electronic communication, firms need an archiving and compliance solution that help manage message supervision and production on one The last thing you’ll want to do during an exam is wade through thousands of records in multiple archives.
A comprehensive archiving solution is important, because it’s the tool that gives your firm the ability to produce data upon request for regulators. As noted above, without an archive you’ll likely have a difficult time finding specific records. During exam time, you need to find records quickly, and show regulators that your compliance team supervised any business-related electronic communications. It’s not enough to let the data sit in storage; compliance has to review the communication as part of your firm’s written supervisory procedures.
- The Electronic Communications Compliance Maturity Assessment
- The 2016 Electronic Communications Compliance Survey Report
- 4 Considerations to Meet FINRA and SEC Regulations
How can we help!