17a-4 provides industry insights for corporate messaging and regulatory compliance. The following offers highlights from 17a-4’s white paper on the next generation of financial supervision and FINRA Rule 3120 compliance.
Millbrook, NY – 17a-4, llc has released a review of how financial institutions can begin to take the appropriate steps to prepare for the next generation of financial supervision systems and to take advantage of emerging platforms such as Microsoft’s Office 365. The following is a summary of 17a-4’s white paper. 17a-4 has an extensive history handling corporate messaging compliance policies and procedures for regulated clients.
Emerging 3rd generation of Supervisory Systems
FINRA’s Rule 3120 requires ‘supervisory procedures that are reasonably designed … to achieve compliance with applicable securities laws and regulations and FINRA rules’. In a large financial institution, the many different types of content may be divided into categories, each requiring a separate supervisory system. For instance, non-public information such as a corporate acquisition or release of a customer’s credit card information should be stopped by a Data Loss Prevention (“DLP”) system before they are sent. Other information may be reviewed afterwards on a system like Veritas’ EnterpriseVault or HP’s Autonomy. A third category requires a sophisticated ‘big data’ analytical engine to find patterns of messaging (such as information barriers) which would not be able to be found with basic key word and phrase review systems.
Understanding these different categories, finding supervisory systems which are able to support all three and developing an implementation plan requires the coordination of the compliance, legal and IT departments. Compounding the challenge is the proliferation of platforms being used to communicate and collaborate including; Cisco Jabber, Bloomberg, SharePoint, HipChat, Symphony, Intralinks, Skype for Business and many others.
Microsoft’s Office 365 is now emerging as a comprehensive platform and includes a Security & Compliance Center where compliance officers can create policies that ensure that no email contains a SSN # pattern or a stock symbol on the firm’s restricted list.
Key words and phrases have long been the main component of supervisory systems but as virtually every financial firm understands, a tremendous amount of time and human resources are wasted reviewing messages which have been flagged for words that may be in an email disclaimer or otherwise flagged as a false positive.
Analytical or natural language processing (“NLP”) engines that ‘understand’ are now emerging in consumer products and will be able to be incorporated into compliance applications. Able to perform an analysis on data by applying text analytics (inflection and patterns within messaging threads and structures), machine learning and relevance/predictive coding capabilities. These processes will help an organization quickly process thousands of email messages, documents, and other kinds of data to find those items that are most likely relevant to a specific case. Both Microsoft’s Equivio (part of Office 365) and IBM’s Watson are able to provide this type of higher level governance that goes beyond keyword filtering.