AKinder, Gentler SEC? Not Exactly. With a new chairman, a dramatically increased budget and continued public pressure to do more to protect investors, the SEC is not exactly becoming a kinder, gentler agency. The volume and intensity level of SEC e-mail and instant message investigations have continued to increase in 2003. For broker-dealer firms struggling with the problem of how to most effectively deal with SEC, NYSE and NASD e-mail and instant message compliance-here are the three most common mistakes of e-mail compliance-and how to best avoid them.
Mistake 1: Implementing Piecemeal, Off-the-Shelf, Point Solutions.
Broker-dealers are subject to both the SEC 17a-4 record retention regulations and the NYSE/NASD supervision requirements. Many broker-dealers mistakenly approach these needs with separate solutions. In reality, the technology required to solve both the archiving and supervision regulatory requirements overlap. By installing separate solutions for each of these problems, these firms are duplicating software and maintenance costs-and making it much harder to respond to discovery requests.
In addition, today's financial service companies are often full service institutions that provide a gamut of financial and insurance services. Only parts of their organization are subject to the regulations that require e-records supervision and archiving. But within these companies, non-regulated departments often also need e-mail management. These non-regulated departments require different means of capturing and managing e-mail and instant message. A common mistake is to attack the SEC and non-SEC requirements with different point solutions-once again duplicating software and maintenance costs and headaches-plus making it even harder to respond to broad discovery requests.
To control software and maintenance costs, broker-dealers should evaluate and select a single vendor that provides a total supervision and archiving solution. This solution should encompass e-mail, instant messaging, imaging, and Computer Output. When evaluating these solutions, take into context your entire organization's needs. Select a solution that not only solves all of your broker-dealer regulatory requirements, but can also extend to meet the supervision, e-records management and archiving needs of the rest of the corporation. By selecting a single, comprehensive solution, you'll not only cut down on capital investment and maintenance costs, you'll also dramatically facilitate discovery across the organization. From a single source you'll be able to easily search through, and be able to produce upon request, relevant material with less hassle, exposure, and cost.
Mistake 2: Selecting a Solution that Can't Scale with Exponential e-Mail Volumes.
Large broker-dealer firms generate millions of e-mail per day that require indexing, archiving, supervision, and ultimately searching. After three years, a typical large firm's e-mail archiving volumes translates to:
- 1.4 billion e-mail messages
- 140,000 GB's of storage (original & duplicate)
- 49,000 GB's of index data/metadata database (original & duplicate)
More than a few broker-dealers implement internal archiving solutions that quickly become overwhelmed by their volume or by their searching requirements. This costly failure could be due to miscues on hardware configurations or architecture design-or even worse, inherent limitations within their archiving application. Because this solution is used to fulfill regulatory discovery requests (which are often increasing exponentially), living with a bad solution is often unacceptable. For these firms, this means throwing out recently implemented solutions, and starting from scratch.
Plan and prepare for the tremendous volumes of e-mail and the indexing and searching demands of e-mail discovery. Spend the time to confirm volume assumptions are correct and that your planned hardware footprint more than adequately meets recommended vendor minimums. Confirm that the software you are about to invest in has a proven track record of scaling to your volume. In particular, what database platforms will the solution support-is that database a proven solution for multi-GB, transactional databases? What sort of customization and maintenance will be needed to scale the database in question to your volume? If you're not sure, ask your company's database experts. They may already have strict definitions on acceptable database platform types for similarly sized databases.
Additionally, you need to evaluate how full text indexing is performed. Can the solution provider demonstrate that their solution can meet your indexing volumes without the search response deteriorating six months into your implementation? Plan and prepare for the storage implications of full text indexing. Most solutions will on average add 30% to your total raw storage volume for advanced indexing. This volume can represent terabytes of index-related storage.
It is crucial to validate that the solution in question will scale to your needs. Firms should consider outsourcing this function to a proven provider with a track record of delivering enterprise-scale solutions. Outsource solutions, like Iron Mountain's Digital Archives solution, are built on platforms designed for massive, enterprise-wide scalability. By partnering with an outsource provider, you leverage their platforms native scalability. Outsourcing can also deliver these additional benefits:
Mistake 3: Ignoring the SEC Third Party Downloader Requirement.
SEC Rule 17a-4 requires broker-dealers to contract with an independent third party who can access and download the firm's e-records. The idea behind the Third Party Downloader requirement: in situations where your firm was unwilling or unable to provide access to required e-records, the SEC could contact this intermediary and have them provide access on your behalf.
Unfortunately, many firms who implement internal archiving solutions often ignore, or are unaware of, their obligations in regard to this SEC requirement. Consequently, they are not in full compliance...which generally becomes apparent during their next audit.
Contract with a third party downloader for a painless, low-cost way to avoid non-compliance with this non-negotiable SEC requirement.
Get Compliant - Today
If your company is committing any of these mistakes you are incurring significant costs and risks that can be avoided. These three mistakes are the most prevalent and dangerous, but there are at least seven other major mistakes that could be putting your firm at risk. As you investigate solutions that address these mistakes, evaluate Iron Mountain's Web-based digital archives solution. As an outsourced service, Iron Mountain offers financial service companies:
- A comprehensive solution designed for:
- Supervision and archiving of regulated electronic communications
- Enterprise e-mail and e-records management and supervision
- A massively scalable infrastructure that enables firms of all sizes to implement a solution in a fraction of the time-and with a lower TCO-than in-house solutions
- The leading third party downloader service for SEC compliance
- Trust-more broker-dealers put their trust in Iron Mountain than in any other company.