Compliance Technology
Putting Principles to the Test | More Bang for the Records Management Buck | Regulators and Investors: A One-Two Compliance Punch | AML Solutions Are Comprehensive, Consolidated--and Costly |
More Bang for the Records Management Buck
August 14, 2007
Just keeping up with new regulations is a challenge in itself. They might be initiated by legislative action at the state or federal level. The self-regulatory organizations (SROs) have their rules. They and the industry at large fall under Securities and Exchange Commission dictates. The courts also set guidelines with recent revisions pertaining to e-discovery in the Federal Rules of Civil Procedure (FRCP), which can have a substantial impact on outcomes of lawsuits filed against brokerages.
Last December, FRCP revisions mandated a slew of requirements for corporations to ensure their records are managed properly. Routine forms of electronic communication are now considered corporate records and must be retained and made available if called upon in the event of litigation. For example, every e-mail is now considered a document and cannot be destroyed without adhering to a formal policy managing the retention and destruction of records. "Furthermore, if there is litigation, parties must demonstrate they have such a policy in place at pre-discovery meetings," said Tom Utiger, CEO of Data Empowerment Group, an enterprise content management provider in Henderson, Nev.
"The new rules are an outgrowth of what brokerage firms have been required to do," said Tod Sawicki, a partner in the securities litigation group at Atlanta-based law firm Alston & Bird. "They have always been required to keep electronic exchanges. These new rules are a clarification."
The rules require companies to keep records and produce them as needed, but they only mandate what needs to be retained, and for what time frame. The technical details of how the records are stored are left to the brokerages. "Firms have to focus on retention of records, review, approval, and must show evidence of this," said Sawicki. "It's difficult enough to maintain the reams of information, but it's trickier and more important to supervise it."
The new requirements mean brokerages are responsible for much more information than before, both internal and external, and this has caused surprise and concern. "Regulators and firms are still struggling with the issue, and regulators will be playing catch-up--they tend to observe and react to how firms use technology," said Sawicki.
Broader, Holistic View
The solution, experts say, is to take a more comprehensive approach to compliance. "Regulators are implicitly pushing for a single view of risk," said Cubillas Ding, a senior analyst in the London office of Boston-based research firm Celent. "Understanding how various regulations relate to one another and finding synergies from both a process and technology perspective are important aspects which compliance program need to tackle because addressing regulations piecemeal is becoming expensive due to overlapping, redundant activities," not to mention high staffing costs.
Brokerages increasingly have to deal with the problem of documents as works in progress.
Some of the technologies mandated to retain data treat documents as static, electronic versions of paper files to be stored in a vault, according to Data Empowerment's Utiger. "The basic issue is that SEC Rule 17a-4 specifically requires the use of write once, read many times, or Worm, technology, which as a basic technology platform is great," he said. "Write it out and it can be preserved for the life of the optical media, but optical media is slow and can't be changed." Rule 17a-4 of the Securities Exchange Act of 1934, which deals with records retention, was updated in 1997 to allow electronic storage of records.
