Email & IM Compliance: Opting for Digital Archiving

The Radicati Group estimates that more than 541 million workers worldwide rely on email to conduct daily business activities. The rise in importance of email and instant messaging as business communication tools has led to an increase in the amount of regulatory scrutiny (SEC, NASD, Sarbanes-Oxley, etc.) placed on financial services organizations’ electronic communications. In addition, recent amendments to the Federal Rules of Civil Procedure (FRCP) have placed pressure on companies to properly store emails, while ensuring that that they are easily searchable and accessible in the event of an e-Discovery request during federal litigation. Ultimately at stake are millions of dollars in fines, legal fees and crisis communications costs that can be avoided by having the right email archiving system in place and making sure that it is properly managed.

Today, financial services organizations are dealing with a range of regulations from NASD 3110 to SEC 17a-3 and 17a-4, Sarbanes-Oxley Section 404 and the FRCP amendments, which all consider email to be a permanent business record. In fact, according to Researchers Maurene Grey and Mark Gilbert - “In today’s highly regulated and litigious world, an enterprise that fails to manage email as a record is testing fate.” The message is clear, companies are liable for the content that employees send in corporate email and since shutting off email isn’t an option, it is up to financial services organizations to implement policies and technology systems that enforce the requirements set forth by the regulatory bodies.

Financial services organizations of all sizes, from registered investment advisory firms to independent broker-dealers, are learning that controlling electronic records is a monstrous task, encompassing the establishment of clear policies specifically related to email and IM as well as the selection of a message archiving system that can sufficiently enforce the policies.

For organizations embarking on this process, several steps are necessary to ensure that all corporate objectives are met and that emails and instant messages are properly handled. First, it is important for compliance, IT and legal to agree with senior management on a set of consistent policies. Once these policies have been clearly defined, a team can begin searching for a digital archiving system that is able to meet the firm’s compliance and regulatory requirements.
In evaluating archiving systems, it is important to consider the following:

Archiving & e-Discovery
Some systems will simply store your messages, while others will automatically index your messages in a tamper-proof, digital archive so that they are easily searchable and downloadable at any time. In order to meet regulatory requirements, you will need quick access to messages so make sure the system archives, indexes, searches and retrieves emails and IMs. In addition, many of the regulatory guidelines specify that messages must be stored online for a certain period of time while remaining easily accessible, which means a robust digital archiving system can play a crucial role in helping your organization meet compliance requirements.

Surveillance & Compliance Policy Management
The regulations prescribe that organizations must monitor emails and IMs for the use of non-compliant language. This is a monumental task for any organization, especially in the absence of an automated monitoring system. Make sure that the archiving system you are evaluating is able to conduct both a pre- and post-review of message content. At any given time, an organization will find it necessary to apply different review capabilities to individual users. For example, if you are a broker-dealer and have a problem representative that has already received a few warnings from compliance for message content, you may wish to put them in pre-review mode so that emails with questionable content are reviewed by compliance prior to being sent externally. On the other hand, you may not want to interfere with the flow of communication and may opt to have other representatives in post-review mode wherein non-compliant language is flagged for further review by compliance, but does not prevent the message from being sent.

Make sure the system enables compliance to manage and enforce policies as they change. One important component is offering a customizable lexicon in conjunction with the digital archive that will enable your compliance personnel to add or delete words and phrases as necessary. It is also critical that compliance personnel have the ability to digitally attach audit notes and tamper-proof time stamps to any email that is non-compliant so that an audit trail is clearly established and evident to outside regulators during an audit.

Larger organizations also want to make sure that the digital archiving system has random sampling capabilities that enable compliance personnel to review email messages according to whatever review percentage is prescribed in the company’s policies.

Management Reporting Capabilities
NASD-regulated organizations have the added pressure of proving supervisory oversight during audits. When reviewing digital archiving systems, make sure that you have the ability to produce comprehensive management reports on message activity at the regional level and at the individual internal auditor level. These reporting capabilities are essential to maximizing productivity levels and workflow in the internal compliance department. As an example, a broker-dealer using the management reporting capabilities in LiveOffice’s AdvisorMail solution recently reported a reduction in their compliance oversight time for emails of more than 95%.

Technical Considerations
In addition to analyzing compliance requirements, firms must also consider the capabilities of their existing technical infrastructure, while ensuring a seamless and non-disruptive implementation process. With the volumes of message data circulating in and out of financial services organizations, many companies have opted to turn over their email archiving to a trusted, third party vendor. By outsourcing the archiving function, financial services organizations do not have to worry about purchasing special hardware or software to run the system. In addition, they do not have to devote dedicated IT personnel resources to operating and managing the technology on a continual basis. In addition, many financial services organizations find they prefer a web-based system because it allows compliance personnel to securely login to the system from any internet-connected PC, which means they can still review emails and compile reports when they are traveling or visiting other offices.

Tackling email and IM compliance is a complex task for financial services organizations. Not meeting the regulatory requirements carries expensive and image-tarnishing consequences. The good news is that experienced technology vendors (those with 8+ years working with financial services) such as LiveOffice have specialized training in meeting the archiving needs of financial services organizations and often make the ideal partner for navigating the compliance maze.

By Matt Smith, President
LiveOffice (www.liveoffice.com), Tel: 800.251.3863

LiveOffice’s AdvisorMail provides industry-leading email archiving, instant message archiving, anti-spam, antivirus, compliance and eDiscovery solutions to financial services firms of all sizes. These services ensure the integrity of emails and IMs, simplify the discovery process, and help companies protect themselves against the risk and expense of lost or misplaced electronic messages. LiveOffice also helps organizations comply with statutory, regulatory (SEC, NASD), legal and industry-specific mandates. Founded in 1998, the company serves a premier roster of clients including Fortune 500 companies, processes and protects millions of messages each day, and has a customer retention rate of over 98%. For more information, contact 1.800.251.3863 or visit www.advisormail.net.