October 11, 2013

Ken Barnes, Options IT
Ken Barnes, Options IT
In what’s commonly referred to as the most sweeping piece of financial regulatory reform since the great depression era, the US government has imposed among (many) other things a range of new record keeping and reporting obligations on the swaps community.

Of course record retention is hardly new to the capital markets, where registered broker dealers have long been compelled to keep orderly and durable records of everything from transactions logs to customer communications (as dictated in 2003 by rules 17 a-3 and a-4 under the US Securities and Exchange Act of 1934, the UK FSA’s Conduct of Business Sourcebook section 11.8.1R, or more recent EU-wide MiFID legislation.) Dodd Frank only extends the scope of that record retention to a new set of asset classes and those who frequent in the trading and, in some cases, investing of them.

The Challenge: Interpretation & Implementation

That the enactment of these new regulations presents an operational challenge to banking and investing organization is clear enough. The strategic challenge is more subtle however, considering the evolving nature of these regulations. Institutions must not only interpret and accommodate them in their business applications - in order to compete, they must do so with a scalable technology vision that can effectively accommodate the next regulation and each thereafter.

A Platform Approach to Compliance

While the requirements of individual businesses will vary, there are five fundamental building blocks which can serve as the foundation for an enterprise recording and reporting platform. They are as follows:
1. Unified Authorization & Authentication: At the root of any compliance challenge lies the issue of identity, and the need to link every action and correspondence to a clearly recognized individual. A well designed platform will leverage a single, globally cohesive authentication and authorization platform to properly control user access and to properly identify their activities and records.
2. Data Storage and Archiving: Another foundational platform requirement lies in the storage tier. The storage fabric leveraged should not only be highly internally resilient but also paired with an archiving platform which continually persists data to a long term storage tier, indefinitely maintained at secure offsite facilities. This storage capability should be available for persistence of block data, files, emails & messages, database records or other application records.
3. Data Governance: A more advanced yet fundamental IT platform capability will leverage modern data governance tools to provide extensive audit logs & activity records. All file activities and file permission changes should be indelibly recorded to transparently demonstrate when and who accessed, edited, added or deleted files.
4. Email & IM Retention: A unified email, instant messaging and telepresence capable collaboration platform should not only build on the building blocks listed above, commits all communications to the storage platform in a non-erasable, non-rewritable manner that accords with rules such as 17 a-4.
5. Voice Recording: IP telephony capabilities, from desktop phones to trader dealerboards and turrets, should be enabled with an integrated voice recording capability that again leverages a common identity and storage platform. Both the call payload (the recording) and the call activity log should be persisted to that durable, secure enterprise archive. And compliance solutions increasingly call for mobile phone recording capabilities, given FSA’s Policy Statement 10/17 and speculation that Dodd Frank could soon impose similar requirements in the US.

Service Provider Integrity

Compliance solutions are equal parts technology and process of course, and increasingly those processes operate within one or more service providers. In those cases, independent attestations of process integrity can provide a critical form of validation of the provider’s integrity. A Service Organization Control report issued by an accredited CPA, in accordance with either SSAE 16 & AT101 in the US or the international ISAE 3402 standard, can provide the security and availability equivalent of audited financials to customers which such dependencies on outside specialists.

Ken Barnes is the SVP of Corporate Development for Options.

In this capacity Mr. Barnes is a principal and member of the executive management team with responsibility for development of the firm’s product development and strategic company initiatives. After having spent a dozen years in business development, product marketing and trading facilitation roles in the capital markets technology industry, Mr. Barnes joined Wombat in 2005. As head of Business & Planning, he helped the company quintuple revenue in three years and launch the company’s high performance middleware division, positioning it for a $225 million acquisition by NYSE in 2008. Mr. Barnes managed NYSE Technology's Infrastructure business in the US, leading the turnaround of SFTI and the launch of the Mahwah colocation facility in 2009, and subsequently launching the company's Capital Markets Community Platform.