Skip navigation

Compliance Requirements for Retaining Website and Social collaborations

September 30, 2014

SEC and FINRA regulations require that financial institutions retain communications with their customers.  Often overlooked are communications through chat windows on websites and social collaboration sites which allow customers, partners, vendors and support desks to communicate and collaborate.

Millbrook, NY- Though email and instant messaging are well understood as necessary to retain by financial institutions, many compliance officers are unclear as to whether the messaging regulations apply to websites or to social collaboration extranets.  Though 17a-4, llc cannot speak for a regulator, it does participate in many regulatory examinations with our over 500 financial clients and, thus, has a good perspective in types of electronic communications that are a concern of regulators and what we refer to as the current ‘best practices’ that financial institutions should follow.

“Consistently we find,” offers Charles Weeden, Managing Partner of 17a-4, “regulators are looking to include all forms and types of platforms which constitute ‘communications.’  The chat pop-up window when a customer is opening an account through a financial website or a customer or partner who logs into a financial extranet are examples that compliance officers should make sure are collected and retained in institutional e-messaging archives.”

Two companies that provide website chat windows or customer interactions are LivePerson ( and Oracle’s ATG Web Commerce.  As customers log into these systems and ask questions or receive help desk suggestions, the resulting communications should be collected along with associated metadata information and normalized into an email or other archive.

The social collaboration sites may include vendor collaborations, partner extranets, customer support interfaces or general collaboration portals that may be integrated with help desks, customer service and financial consultants to assist with support for the financial institutional customer base.  These communications all fall under the applicable regulations and should be normalized and retained.  Leading companies in this space include Sitrion (formerly, Newsgator, Inc.), Microsoft’s Yammer, Intralinks’ Dealspace™, Merrill Corporation’s DataSite™ and others.

“As part of our annual compliance review,” adds Charles Weeden, “we work with the in-house compliance and IT teams to determine which systems are being used and the features that are available to customers.  We then document those systems and provide the information in a format which may be incorporated into FINRA’s 3130 Annual Certification of Compliance and other applicable compliance documentation.”

A key determinant in rolling out these very helpful and productive tools is whether there are compliance requirements which need to be reviewed and, if so, how will the information be captured and retained.