Thursday, March 03, 2005
SEC Email Retention Policy
Financial-Planning.com
You've Got Mail
A new compliance rule raises a host of questions about recordkeeping and e-mail retention.
By Andrew Miller
March 1, 2005- Jo-Ann Gallerstein, a registered investment adviser in Morris County, N.J., has become as meticulous in handling compliance-related issues as she is in constructing clients' financial plans. She is taking no short cuts-investing nights and weekends familiarizing herself with the Securities and Exchange Commission's new and complex compliance regulation.
The rule, which went into effect in February, requires advisers to appoint a chief compliance officer and to adopt and implement written policies and procedures to prevent violations of federal securities laws. "I've dedicated a huge amount of time to compliance," Gallerstein says. The rule is designed to deter abuses uncovered by the SEC and state enforcement authorities involving advisers and broker-dealers, including self-dealing, misuse of nonpublic information, failure to supervise employee activities, and improper practices such as market timing and late trades.
The SEC has provided some general guidelines to help advisers follow the rule. "You should be tweaking your programs over time, not simply waiting until the annual review," Lori Richards, head of the SEC's Office of Compliance Inspections and Examinations, advised in a speech earlier this year. Yet the road to compliance isn't all that clear-cut.
Many investment advisers still are not sure what they need to do to meet the new guidelines, especially when it comes to recordkeeping. Although the rule doesn't explicitly mention retaining e-mails and other correspondence, it's widely viewed as requiring advisers to archive e-mails, in line with earlier broker-dealer rules that were issued by the SEC and the National Association of Securities Dealers.
The compliance rule comes about three years after the SEC issued a rule permitting advisers to maintain and preserve all forms of records, including documents received in any non-electronic format, on electronic media such as tapes or disks. That rule, which was meant to encourage greater use of electronic storage, did not explicitly mandate the use of electronic archiving, but did state that advisers "must have procedures to reasonably protect electronic records from loss, alteration, or destruction, to limit access to electronic records, and to assure that electronic records that are created from hard copy are complete, true, and legible." The earlier SEC rule also cited the "unique vulnerability of unprotected electronic records to undetectable alteration and falsification."
Anxious to avoid Eliot Spitzer's A list, the appetite of investment firms for new, more sophisticated archiving and search capabilities has grown with each developing scandal. The challenge is to fine-tune search capabilities to comb through ever-larger archives with greater precision, so that if regulators come calling or a case goes to court, the relevant records can be produced in a timely, cost-effective manner.
One case in point is UBS. Last year, the investment firm was sanctioned by a federal judge for destroying or failing to produce in a timely manner e-mails in a gender-discrimination lawsuit. The judge found UBS personnel had erased relevant e-mails-some were recovered from backup tapes; others were lost altogether. The case proves that all firms, including investment advisers, need to rethink their policies for routinely recycling or erasing such tapes, especially if they contain any evidence that may be used in a legal proceeding.
Investment advisers are now required to index records in a way that allows easy location, access, and retrieval; provide on demand a legible and complete copy of a record; and separately store, for the time required to preserve the original document (typically five years), a duplicate copy of the record on any medium. Dechert LLP, a Washington-based law firm, issued a memo this summer recommending investment advisers either save all of their e-mails, including personal e-mails and spam, or else save only those pertinent to business, while maintaining some system of surveying all deleted e-mails.
In the absence of more specific rulings from the SEC, many advisers, especially smaller, less-sophisticated ones, are finding themselves caught in a Catch-22. "They are uncertain whether they need to retain every electronic communication, including spam, explains Elizabeth Knoblock, an attorney in Dechert's financial services group.
Most regulatory experts urge advisers to be conservative. "The big question right now is, What do I save?'" says Mont Levy, a principal with Buckingham Asset Management, an investment adviser in St. Louis that provides advisory services to small investment advisers. Levy's answer: Save it all.
Other tips: Clearly mark e-mails that fall under attorney-client privilege, or else they're fair game for regulators. Also, do careful due diligence when evaluating vendors of e-mail retention systems; some are more robust than others, especially in litigation support, Levy says.
Most advisers are choosing to save everything. But merely saving e-mails to a hard drive isn't enough. "As I understand it, all business-related e-mails have to be maintained, be tamper-proof, well-organized, retrievable, and searchable by keywords and by categories," Gallerstein says. She's using AdvisorMail Lite, an e-mail compliance system from LiveOffice Corp. that's designed for investment advisers with 15 employees or less.
The product is a scaled-down version of AdvisorMail, which is used by 20% of the nation's largest broker-dealers to monitor, retain, and archive thousands of e-mails, attachments, and instant messages in a secure location. Both products allow for fast retrieval of electronic communications during audits, investigations, or litigation; monitor all inbound and outbound communications; and index communications by indicators like keyword, sender, recipient, and date.
The service costs about $2,500 annually, and includes one hour of compliance consulting services from National Regulatory Services (NRS), a regulatory consulting firm. (NRS and Financial Planning are both owned by Thomson Media). Despite the considerable sum, Gallerstein says that she has no choice: "I can't stay in business without being in compliance." She suggests e-mail retention is only part of an overall compliance strategy, which includes portfolio management processes, trading practices, accuracy of disclosures and advertising, safeguarding of client assets and privacy, and business continuity planning.
The pairing of LiveOffice and NRS is an example of the multidisciplinary approach needed to ensure advisers get the right blend of technology and regulatory advice. Shilanski and Associates, an Anchorage, Alaska-based investment adviser with 11 employees, uses Data Quality Institute, which provides a combination e-mail archiving and consulting service. The package costs about $3,000 a year, but again, it's a mandatory cost of doing business, says Rosa Shilanski, one of the firm's principals. She adds that the firm prohibits sending of any personal e-mails and instant messaging.
The key to meeting needs of investment advisers is keeping the costs down while providing the highest quality service, says Larry Nagelberg, president of Data Quality Institute in Richboro, Pa. Since the new compliance rule went into effect, customer inquiries have been rising noticeably, he notes. Data Quality Institute recently retained the services of Global Relay Communications, an e-mail archiving provider. Global Relay's core e-mail system, Record Keeper, connects to an investment adviser's internal e-mail system-such as Microsoft Exchange-in real time over a secure Internet connection; captures inbound, internal, and outbound e-mail; and then stores it on either the adviser's or Global Relay's servers.
Record Keeper captures, serializes, time-stamps, and duplicates each e-mail, concurrently storing a copy of each one in a primary database utilizing RAID (redundant arrays of inexpensive disks), in a secondary database using robotic tape libraries, and in a tertiary, offsite tape-storage database for disaster recovery and long-term storage. The system features lifecycle management of e-mail, including audit trails and action logs, to ensure that all retention and disposal schedules are met.
The system's Compliance Reviewer is a rules-based engine that scans an e-mail's header, body, and attachments, stripping all relevant text and metadata (data about data) from the e-mail. Users configure the rules to flag any keywords and phrases contained in the e-mail.
Bigger investment advisers with their own in-house information technology departments have to sort through a glut of technical and legal issues, such as complying with laws and regulations, protecting themselves from lawsuits and reducing the cost of e-mail environments. Among the technical decisions are whether to archive all incoming and outgoing e-mails, or just those for specific users or user groups, and whether to archive e-mails before or after they're sent or received.
Another technical decision is whether to rely on a pure e-mail archiving solution or a more comprehensive records management system aimed at handling a variety of paper and electronic records, including e-mail, documents, transactions, and voicemail. The two alternatives aren't mutually exclusive.
"For regulatory compliance purposes, a firm needs to get a solution up quickly. But for long-range purposes it needs to think about more than e-mail-it needs to implement a comprehensive records management policy where all information is maintained in one place," says Erica Rugullies, an analyst with Forrester Research, a market research firm in Cambridge, Mass.
E-mail archiving systems-offered by firms such as iLumin Software Services, Open Text, Veritas, and Zantaz-offer the ability to review a sample of messages randomly or based on a lexicon and to implement supervisory features such as alerts, holds, and workflow. Records management systems-offered by EMC, FileNet, IBM, Interwoven, and Stellent, among others-manage e-mail as part of a comprehensive document policy and don't offer supervisory features.
Although the e-mail archiving market is growing rapidly as firms seek compliance, that growth will slow as archiving functions are subsumed by records management systems, and as a new generation of mail servers emerges with built-in archiving capabilities. Forrester projects that the market for e-mail archiving systems, $200 million in 2003, will peak at $1 billion in 2006, then scale back to $660 million in 2008.
By that time, according to Forrester, 41% of the e-mail archiving market will be owned by vendors offering integrated records management and archiving products that will allow companies to define automated classification schemes and retention policies for all records, including e-mail. They'll also offer storage management features-allowing, for example, newer records to be stored on fast, erasable media and older records to be moved to slower, nonerasable media according to predefined rules.
Whatever happens on the technology front, it's clear that investment advisers need to make compliance part of their everyday routine. Those who flunk the compliance test could find themselves out of business-or in jail.
Andrew Miller is a freelance writer in New York specializing in business topics.
Copyright 2005 Thomson Media Inc. All Rights Reserved.
http://www.thomsonmedia.com http://www.Financial-Planning.com
You've Got Mail
A new compliance rule raises a host of questions about recordkeeping and e-mail retention.
By Andrew Miller
March 1, 2005- Jo-Ann Gallerstein, a registered investment adviser in Morris County, N.J., has become as meticulous in handling compliance-related issues as she is in constructing clients' financial plans. She is taking no short cuts-investing nights and weekends familiarizing herself with the Securities and Exchange Commission's new and complex compliance regulation.
The rule, which went into effect in February, requires advisers to appoint a chief compliance officer and to adopt and implement written policies and procedures to prevent violations of federal securities laws. "I've dedicated a huge amount of time to compliance," Gallerstein says. The rule is designed to deter abuses uncovered by the SEC and state enforcement authorities involving advisers and broker-dealers, including self-dealing, misuse of nonpublic information, failure to supervise employee activities, and improper practices such as market timing and late trades.
The SEC has provided some general guidelines to help advisers follow the rule. "You should be tweaking your programs over time, not simply waiting until the annual review," Lori Richards, head of the SEC's Office of Compliance Inspections and Examinations, advised in a speech earlier this year. Yet the road to compliance isn't all that clear-cut.
Many investment advisers still are not sure what they need to do to meet the new guidelines, especially when it comes to recordkeeping. Although the rule doesn't explicitly mention retaining e-mails and other correspondence, it's widely viewed as requiring advisers to archive e-mails, in line with earlier broker-dealer rules that were issued by the SEC and the National Association of Securities Dealers.
The compliance rule comes about three years after the SEC issued a rule permitting advisers to maintain and preserve all forms of records, including documents received in any non-electronic format, on electronic media such as tapes or disks. That rule, which was meant to encourage greater use of electronic storage, did not explicitly mandate the use of electronic archiving, but did state that advisers "must have procedures to reasonably protect electronic records from loss, alteration, or destruction, to limit access to electronic records, and to assure that electronic records that are created from hard copy are complete, true, and legible." The earlier SEC rule also cited the "unique vulnerability of unprotected electronic records to undetectable alteration and falsification."
Anxious to avoid Eliot Spitzer's A list, the appetite of investment firms for new, more sophisticated archiving and search capabilities has grown with each developing scandal. The challenge is to fine-tune search capabilities to comb through ever-larger archives with greater precision, so that if regulators come calling or a case goes to court, the relevant records can be produced in a timely, cost-effective manner.
One case in point is UBS. Last year, the investment firm was sanctioned by a federal judge for destroying or failing to produce in a timely manner e-mails in a gender-discrimination lawsuit. The judge found UBS personnel had erased relevant e-mails-some were recovered from backup tapes; others were lost altogether. The case proves that all firms, including investment advisers, need to rethink their policies for routinely recycling or erasing such tapes, especially if they contain any evidence that may be used in a legal proceeding.
Investment advisers are now required to index records in a way that allows easy location, access, and retrieval; provide on demand a legible and complete copy of a record; and separately store, for the time required to preserve the original document (typically five years), a duplicate copy of the record on any medium. Dechert LLP, a Washington-based law firm, issued a memo this summer recommending investment advisers either save all of their e-mails, including personal e-mails and spam, or else save only those pertinent to business, while maintaining some system of surveying all deleted e-mails.
In the absence of more specific rulings from the SEC, many advisers, especially smaller, less-sophisticated ones, are finding themselves caught in a Catch-22. "They are uncertain whether they need to retain every electronic communication, including spam, explains Elizabeth Knoblock, an attorney in Dechert's financial services group.
Most regulatory experts urge advisers to be conservative. "The big question right now is, What do I save?'" says Mont Levy, a principal with Buckingham Asset Management, an investment adviser in St. Louis that provides advisory services to small investment advisers. Levy's answer: Save it all.
Other tips: Clearly mark e-mails that fall under attorney-client privilege, or else they're fair game for regulators. Also, do careful due diligence when evaluating vendors of e-mail retention systems; some are more robust than others, especially in litigation support, Levy says.
Most advisers are choosing to save everything. But merely saving e-mails to a hard drive isn't enough. "As I understand it, all business-related e-mails have to be maintained, be tamper-proof, well-organized, retrievable, and searchable by keywords and by categories," Gallerstein says. She's using AdvisorMail Lite, an e-mail compliance system from LiveOffice Corp. that's designed for investment advisers with 15 employees or less.
The product is a scaled-down version of AdvisorMail, which is used by 20% of the nation's largest broker-dealers to monitor, retain, and archive thousands of e-mails, attachments, and instant messages in a secure location. Both products allow for fast retrieval of electronic communications during audits, investigations, or litigation; monitor all inbound and outbound communications; and index communications by indicators like keyword, sender, recipient, and date.
The service costs about $2,500 annually, and includes one hour of compliance consulting services from National Regulatory Services (NRS), a regulatory consulting firm. (NRS and Financial Planning are both owned by Thomson Media). Despite the considerable sum, Gallerstein says that she has no choice: "I can't stay in business without being in compliance." She suggests e-mail retention is only part of an overall compliance strategy, which includes portfolio management processes, trading practices, accuracy of disclosures and advertising, safeguarding of client assets and privacy, and business continuity planning.
The pairing of LiveOffice and NRS is an example of the multidisciplinary approach needed to ensure advisers get the right blend of technology and regulatory advice. Shilanski and Associates, an Anchorage, Alaska-based investment adviser with 11 employees, uses Data Quality Institute, which provides a combination e-mail archiving and consulting service. The package costs about $3,000 a year, but again, it's a mandatory cost of doing business, says Rosa Shilanski, one of the firm's principals. She adds that the firm prohibits sending of any personal e-mails and instant messaging.
The key to meeting needs of investment advisers is keeping the costs down while providing the highest quality service, says Larry Nagelberg, president of Data Quality Institute in Richboro, Pa. Since the new compliance rule went into effect, customer inquiries have been rising noticeably, he notes. Data Quality Institute recently retained the services of Global Relay Communications, an e-mail archiving provider. Global Relay's core e-mail system, Record Keeper, connects to an investment adviser's internal e-mail system-such as Microsoft Exchange-in real time over a secure Internet connection; captures inbound, internal, and outbound e-mail; and then stores it on either the adviser's or Global Relay's servers.
Record Keeper captures, serializes, time-stamps, and duplicates each e-mail, concurrently storing a copy of each one in a primary database utilizing RAID (redundant arrays of inexpensive disks), in a secondary database using robotic tape libraries, and in a tertiary, offsite tape-storage database for disaster recovery and long-term storage. The system features lifecycle management of e-mail, including audit trails and action logs, to ensure that all retention and disposal schedules are met.
The system's Compliance Reviewer is a rules-based engine that scans an e-mail's header, body, and attachments, stripping all relevant text and metadata (data about data) from the e-mail. Users configure the rules to flag any keywords and phrases contained in the e-mail.
Bigger investment advisers with their own in-house information technology departments have to sort through a glut of technical and legal issues, such as complying with laws and regulations, protecting themselves from lawsuits and reducing the cost of e-mail environments. Among the technical decisions are whether to archive all incoming and outgoing e-mails, or just those for specific users or user groups, and whether to archive e-mails before or after they're sent or received.
Another technical decision is whether to rely on a pure e-mail archiving solution or a more comprehensive records management system aimed at handling a variety of paper and electronic records, including e-mail, documents, transactions, and voicemail. The two alternatives aren't mutually exclusive.
"For regulatory compliance purposes, a firm needs to get a solution up quickly. But for long-range purposes it needs to think about more than e-mail-it needs to implement a comprehensive records management policy where all information is maintained in one place," says Erica Rugullies, an analyst with Forrester Research, a market research firm in Cambridge, Mass.
E-mail archiving systems-offered by firms such as iLumin Software Services, Open Text, Veritas, and Zantaz-offer the ability to review a sample of messages randomly or based on a lexicon and to implement supervisory features such as alerts, holds, and workflow. Records management systems-offered by EMC, FileNet, IBM, Interwoven, and Stellent, among others-manage e-mail as part of a comprehensive document policy and don't offer supervisory features.
Although the e-mail archiving market is growing rapidly as firms seek compliance, that growth will slow as archiving functions are subsumed by records management systems, and as a new generation of mail servers emerges with built-in archiving capabilities. Forrester projects that the market for e-mail archiving systems, $200 million in 2003, will peak at $1 billion in 2006, then scale back to $660 million in 2008.
By that time, according to Forrester, 41% of the e-mail archiving market will be owned by vendors offering integrated records management and archiving products that will allow companies to define automated classification schemes and retention policies for all records, including e-mail. They'll also offer storage management features-allowing, for example, newer records to be stored on fast, erasable media and older records to be moved to slower, nonerasable media according to predefined rules.
Whatever happens on the technology front, it's clear that investment advisers need to make compliance part of their everyday routine. Those who flunk the compliance test could find themselves out of business-or in jail.
Andrew Miller is a freelance writer in New York specializing in business topics.
Copyright 2005 Thomson Media Inc. All Rights Reserved.
http://www.thomsonmedia.com http://www.Financial-Planning.com
# posted by Tom @ 11:15 AM 
Comments:
<< Home
Thanks for providing this information was of great help for my needs, Keep posting content related to regulatory compliance consulting services
Post a Comment
<< Home
