Financial institutions have a complex web of regulations and technologies to manage in order to stay in compliance. To successfully address all relevant aspects requires knowledge of compliance, legal and IT issues that impact regulated financial institutions. 17a-4 has worked with financial firms since 2001 to implement archival and messaging technologies and to develop compliance policy and procedures.
To address our client’s compliance requirements, 17a-4 has developed a suite of services and productions including:
- SEC Letter of Undertaking. A Letter of Undertaking is required by the ’34 Act designating a 3rd party as able to assist the SEC or other regulator should internal resources not be available. (Rule 17a-4(f)(3)(vii)).
- Dodd-Frank Act. CFTC letter under 17 CFR 1.31
- Annual Compliance Review. A review of any new or changed regulation, e-messaging technologies or appropriate policies. This will provide a document that may be incorporated into a broader institutional compliance document such as an Annual Review (Rule 206(4)-7), Rule 38a-1, SOX or other compliance policy document.
- Annual Technical Review. An audit to insure that institutional policies are effectively implemented in the archive infrastructure. For instance, if EU email are not archived based upon policy, then we confirm that in fact that exclusion rule has been incorporated into the archive software.
- Electronic Repository Review. A standard compliance review of all of the electronic repositories used by a financial institution to retain regulatory records and a comprehensive report of compliance with applicable regulatory requirements and financial industry ‘best practices’.
- Email Disposition Checklist. The essential steps to develop and implement an email retention and disposition program so that, at minimal cost and institutional risk, a client can commence the process of disposing of legacy email records. This formalized process includes procedures for IT, Legal and Compliance to leverage the technology on hand to engage in an efficient disposition policy.
- 17a-4 Monitor. This software monitors insures that all e-messaging activity that should be archived is in fact going into the archive. For instance, if a change in one of the email servers deletes the collection mechanism, then Monitor will alert operation personnel of the problem.
- 17a-4 DataParser. Software to capture Bloomberg, Microsoft Lync, Reuters, Cisco Jabber, Blackberry, Microsoft SharePoint wikis/ blogs/ lists, Microsoft LiveMeeting, UBS Chat and other e-messaging platforms. E-messaging and collaboration content is reformatted into an .EML or .MSG record and forwarded to the institution’s email archive.
- SEC Rule 15a-6 Compliance DeskTop. Workflow solution for the distribution of foreign-broker-dealer research reports that manages the flow of incoming reports, supports the review and approval process and fulfills retention requirements with the associated SEC Rule 17a-4.
- SEC Rule 2210 Compliance DeskTop. Workflow solution for managing the distribution of institutional sales material and correspondence necessary to provide evidence of proper procedures and to fulfill requirements of Rule 2210 and previous Rule 2211.
- Supervisory Lexicons. As we work closely with clients on regulatory audits and developing policy, we are aware of the words/ lexicons which should be monitored. We will make updates available to supervisors to determine whether the word/ phrase should be incorporated into their lexicon.
- Regulatory Examination Support. Clients often ask 17a-4 to participate in their regulatory examination to provide assistance with of e-messaging capture technologies and record formats. As we often recommend that certain types of e-messaging not be captured in an archive (i.e. spam, voice mails sent as emails, incoming EU email, system-generated messages), we can provide documentation as to how these messages are effectively filtered from the archive.
- e-Discovery Productions. Our support for e-Discovery productions include:Constructing search using wildcards, proximity, and Boolean operands;Determining canonical name and other name variations;Verifying legal / regulatory holds;Assisting with privilege logs and review;Formatting messages in accordance with production requirements.