Electronic-communication storage and retrieval has become a hot topic as major Wall Street firms, such as Merrill Lynch, have been accused of misleading investors and blurring the lines between research and investment-banking activities. How did these missteps come to light? Through analysis and review of electronic communications between analysts, customers and others.
Merrill Lynch and other financial firms are forced to maintain and store these communications in compliance with the Securities and Exchange Commission's Rule 17a-4 and National Association of Securities Dealers' rules 3010 and 3110. These rules require that all e-mails be preserved for a period of not less than six years, with the first two years in an easily accessible place. The rules also maintain that e-mails be preserved on non-rewrite able, non-erasable formats where the firm can automatically verify the quality and accuracy of the archiving process. Firms must also be able to provide full audits of the e-mail archive environment and be able to review both inbound and outbound e-mail content. These rules and recent calls for firms to comply with requests for email transcripts have prompted an increase in products for storing, maintaining, searching and organizing electronic communications within a firm.
KVS is one such vendor that offers e-mail retention and discovery services and is now releasing the latest addition to its product line, specifically targeted at financial-service firms at this year's show. The Enterprise Vault Compliance Accelerator provides proactive monitoring of e-mail content, as well as reporting for compliance reasons. The Compliance Accelerator is an add-on to KVS's Enterprise Vault for Microsoft Exchange product, which manages the archiving, retention and retrieval of documents and e-mail on Microsoft Exchange systems.
Nigel Dutt, co-founder and chief technology officer at KVS, explains that the Compliance Accelerator helps financial-services firms to perform regular audit checks on e-mail among employees to be sure, "that all of their people are behaving well and make sure that the Chinese wall between the desks is maintained and people aren't mis-communicating with each other." Dutt explains that companies might test about 1 percent of all mail on a daily basis to check for certain violations using words, phrases, etc.
These audits can be performed with either a random sampling on a regular basis, or on a certain group within the firm for a specific reason. "Say the investment bank is doing a flotation or an IPO for instance, then for the critical three weeks during that IPO, from when the road show is started to a week after they've put it on the market, they may do a targeted e-mail check that's looking specifically for the key word of the IPO and they may check 100 percent of the mail for a small target of people," says Dutt.
The scope of the e-mail review is defined by the user, such as a compliance officer, according to certain criteria including date, sender/recipient lists, internal and/or external mail or content search. The rule or rules are defined through a Web interface, with the sampling process taking place against the Enterprise Vault, an on-line, permanent, continuous archive of all e-mails. Once the review has been run and the e-mails collected, compliance officers, or those responsible for the review, can analyze the messages through a Web interface. The status of each message is tracked and action can be flagged for further review. The Compliance Accelerator also keeps an audit trail of the entire process in case of regulatory review.