Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:36 PM
Ivy Schmerken
Ivy Schmerken
Connect Directly

The Check’s In the Mail

Financial-services firms are well advised to check their e-mail-retention policy against evolving regulations.

Concerns over compliance with e-mail-retention rules dominated a recent discussion moderated by Wall Street & Technology at InformationWeek's annual technology conference in Tuscon, Ariz.

One of the major challenges facing the securities industry is not only storage of all electronic records - including e-mails and instant messages - but being able to access the material in the event of an investigation. "Retention without accessibility is not retention," warns Jay Cohen, vice president and chief corporate compliance officer of The MONY Group, a diversified financial-services firm that owns Advest, a retail-brokerage firm.

Another lesson learned by financial-services firms is that backup is not retention. Cohen, a former prosecutor, cited a recent case involving the research investigation of five major securities firms fined by the National Association of Securities Dealers $1.65 million apiece. Although the firms had stored e-mails on backup tapes for several years, they were fined because they were unable to retrieve the e-mails according to the rule's requirements.

In the course of regulatory review or litigation, firms must be able to "access what the regulators are looking for," and companies that don't have that ability will be in a difficult situation, Cohen says. At that point, they will be forced to resort to "enormous expenditure of time and resources," to retrieve the information.

Even though the number of e-mails flowing through the financial industry is skyrocketing, Richard Rzasa, vice chairman and chief information officer of technology solutions for TD Waterhouse, told the audience his firm is saving all of them. "I think the storage vendors are going to make out best in this exercise," jokes Rzasa. But Rzasa was perfectly serious in saying, "We are retaining all of the e-mails that our associates send to customers and colleagues, and archiving them in a third-party system."

To be more proactive in interrogating e-mails, Rzasa is currently implementing an artificial-intelligence, fuzzy-logic technology and applying that with a lexicon of unacceptable terms to the e-mails, "to figure out if the firm has a rogue broker or someone who is misleading the customer," he says. TD is also making sure that every instant message - the technology is only deployed in a few areas of the firm - is being captured and surveilled as well.

Instant messaging has come to the forefront because regulators have made it clear "retention applies on the basis of content, not medium," says Cohen. Meanwhile, financial-services firms are grappling with how to interpret the rules with regard to time period and storage in a "readily accessible place."

Cohen says the rules require retention periods ranging from two to seven years for e-mail and other electronic records.

Rzasa says, "We're being very, very conservative under the rules which say to retain electronic records for three years - and two years in readily accessible place." But how much time a firm has to retrieve and turnover records to a regulator is still open to interpretation. "Is it 48 hours? Is it 24 hours? Is it two hours?" he asks. "As you have to get more real time with being able to provide more access, obviously the cost of it goes up."

Martin Colburn, executive vice president and chief technology officer of the NASD, says accessibility means firms need to "spend the resources to not only backup the data, but to be able to restore it and restore it readily. What we've done is actually put (our own e-mails) online and have compliance people check it on a regular basis," says Colburn. "We recommend that because we believe that self-compliance is as much a tool as the enforcement of the rules."

Though e-mail retention dominated the agenda, the session also covered the policies firms are putting into effect to comply with Sarbanes-Oxley and The USA Patriot Act, as well as the evolving partnership between the chief information officer and the chief compliance officer.

Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.