17a-4 provides industry insights for corporate messaging compliance. The following offers highlights from 17a-4’s white paper on Supervision and Information Barriers.
Millbrook, NY – 17a-4 llc has released a review of FINRA’s guidance concerning Supervision and Information Barriers with regards to corporate messaging compliance. The following is a summary of 17a-4’s white paper. 17a-4 has an extensive history handling corporate messaging policy and procedures for regulated clients.
Supervision and Information Barriers – Revisiting FINRA 07-59
There are two major approaches to messaging supervision: Real-time monitoring and comprehensive post-review. Real-time monitoring, also referred to as data loss prevention (DLP) is used when an individual communicates confidential or proprietary information to individuals outside of the organization. A real-time monitoring system actively monitors the content of all outgoing messaging and stops the message if the content violates institutional policies. Such content might be information on a pending M&A transaction, intellectual property such as software source code or algorithmic trading formulas or even just inappropriate language. There is often a high cost to monitoring such messaging as it puts another component into the messaging data flow and may delay the delivery of messaging.
When FINRA (then NYSE and NASD) first provided email supervision guidance, it was assumed by the industry that email content was required to be reviewed before the email could be delivered. This was based on a legacy understanding of the procedure for written correspondence that letters to customers had to be reviewed by the branch manager before being mailed. The Assentor system was widely used in financial institutions between 2002 and 2007 and was positioned between the email server and the customer to monitor the email output of brokers.
However, this process became very unpopular as it was not uncommon for investment bankers working on time-critical transactions to find that a term sheet had not reached the customer and was sitting in the Assentor review queue while a compliance officer was out to lunch. Many winning bids were lost due to compliance review delays.
Besieged by user complaints, compliance officers reviewed policies internally and with regulators and transitioned to a post-review supervision model in which case, emails were sent to customers and to the supervision system at the same time. The post-review model also proved far more effective as reviewers could create more appropriate lexicons and policies and review without the time pressure of real-time monitoring.
Today, virtually all of the major email supervision systems, Veritas Enterprise Vault, Smarsh, Global Relay, HP Autonomy and EMC’s SourceOne, support supervisory systems on a post-review basis. As is the case with secondary messaging platforms used by institutions including Bloomberg, Reuters and Symphony. In each case, the primary mechanism for supervision is to download daily messaging files and ingest these messages into the email supervision system. This allows compliance officers to monitor email and Bloomberg messages on a single system.
FINRA’s Guidance on Information Barriers
FINRA has issued a number of Regulatory Notices to provide industry guidance on supervision of messaging (see Supervision of Electronic Communications (Regulatory Notice 07-59), Social Media Web Sites (Regulatory Notice 10-06) and Consolidated Supervision Rules (Regulatory Notice 14-10)). FINRA has also extensively reviewed information barriers and conflicts of interest within member firms and provided guidance as to how to manage such conflicts (FINRA 2241, Debt Research (Regulatory Notice 15-31).
As there are many ways to communicate between departments (email, instant messaging, Bloomberg etc.), the concern for a compliance officer becomes: Can I consolidate the various communication systems into one supervisory system so that I can have insight into all communications in/ around the information barriers?
Leveraging the current tools available with the supervision systems, the compliance reviewer can see whether emails on any platform between research / trading, research / investment banking or other departments communicate content that is Material Non-public Information (“MNPI”). For instance, Veritas’ Enterprise Vault supports the monitoring of communications, regardless of platform used, between departments which have information policies barriers.
Supervising using Natural Language Processing
Though beyond the scope of this comment, Natural Language Processing (“NLP”) is becoming a technology which may now be deployed to analyze text, inflection and patterns within messaging threads and structures. Both Microsoft’s Equivio (Zoom) and IBM’s Watson are both able to analyze the context of messages and provide a higher level of compliance and governance beyond keyword filtering. However, such analysis takes time and is not available for real-time monitoring of e-messaging nor MNPI. A comprehensive NLP supervisory system will add greatly to the tools available to the efforts to manage information barriers and violations of institutional e-messaging policies.
Review MNPI and IP and Consolidate Supervisory Review
Just as email has moved from real-time to post-review, so has Bloomberg and Reuters messaging and so should instant messaging. This allows compliance to have single tool for the supervision of communication of MNPI, research, trading or M&A activities. Financial institutions should assess sources of IP and MNPI within the organization and whether real-time (pre-) or post-review is appropriate.
For the complete white paper including 17a-4’s list of the types of content within a broker/dealer that should be pre- or post-reviewed visit www.17a-4.com/supervision-information-barriers/ .