Skip navigation

Leveraging Microsoft’s Office 365 for compliance documents

September 21, 2016

17a-4 llc is a leading compliance firm managing SEC, FINRA and CFTC regulations for hundreds of financial institutions. As such, it provides guidance for rule interpretation and regulatory compliance, in this case, regarding compliance documents.

Millbrook, NY – 17a-4 offers industry insights and best practices for handling data retention policy and procedures in accordance with regulations. Regarding compliance documents, an easy solution for some has now emerged with OneDrive for Business. Microsoft’s recent changes to the Security & Compliance features and reporting capabilities in Office 365 now provide the necessary controls.

An often overlooked location for compliance records is the Compliance department’s file-share which can retain documents such as FINRA 3270 (employee outside business activities or OBAs), FINRA 4530 (customer complaints), FOCUS report documentation and many other types of compliance related files. These electronic records fall under SEC Rule 17a-4 which requires them to be retained in a non-erasable format. In the course of 17a-4’s Designated Third Party reviews, clients will often find they have neglected to provide a non-erasable storage facility for these Compliance department fileshares.

Just as with Skype for Business, Microsoft offers as part of Office 365 plans OneDrive for Business. OneDrive for Business provides business users the ability to access, store, and share workfiles across multiple devices.  Essentially, it allows for a folder on a Compliance officer’s workstation or a fileshare to be synced to OneDrive for Business and retained in Office 365. Office 365 Admins can now create deletion and preservation policies, deploy the OneDrive sync client, permission e-discovery and enable audit and DLP policies and controls. For many clients, this may be a simpler and more cost-effective option than coordinating a back-up procedure to on premise non-erasable storage.

17a-4 can assist with these types of compliance configurations to ensure documents are being retained in accordance with regulatory requirements. Clients make use of Microsoft’s instructions for setting up OneDrive for Business and rely on 17a-4 to review and confirm that the settings and policies conform to applicable regulations. 17a-4 performs the clients Designated Third Party annual review and provides the Letter of Notification (17a-4(f)(2)(i)) that informs the regulator that Office 365 is being used as an electronic archive.