Canadian Compliance Archiving & Supervision
Global Relay provides compliance archiving to the majority of IIROC member firms with a solution 'made in Canada'.
As the leading hosted archiving provider for firms regulated by IIROC (Investment Industry Regulatory Organization of Canada), Global Relay specifically engineered its Global Relay Archive, Compliance Reviewer, Message Converter and IM Interpreter to provide a total compliance archiving & monitoring solution for firms subject to National Instrument 31-103, IDA By-law 29.7 and UMIR Policy 7.1 in connection with electronic communications with the public such as email, attachments, Instant Messaging (AOL, MSN, Yahoo, GoogleTalk, etc.), Bloomberg®, Thomson Reuters, BlackBerry, Social Media and more.
Global Relay Archive, Global Relay's message archiving and compliance system, captures and archives an authentic and complete record of all electronic business communications in a secure but easily accessible offsite storage system. Compliance features include:
- Message Capture of email, attachments, IM & Bloomberg
- Archives messages for 5 year IDA term (or as defined by deletion policies)
- Access includes web-based instant access for all employees to their messages
- Tamperproof protection of data on dedicated WORM (Write Once, Read Many) drives
- Offsite, mirrored, single instance storage in East/West Coast Data Centres
- Indexes & serializes messages, Bcc & Distribution Lists, metadata & audit trails
- Search & retrieval of any message in seconds using Google-like search engine
- Security & encryption of systems, networks & messages
- Migration of legacy data (.pst files, backup tapes) to archive
- Retention Term flexibility for Litigation Holds & IDA investigations
How does Global Relay Archive work? All email, attachments, Bloomberg and IM and are securely captured and centrally unified together with imported legacy email and .pst files, in Global Relay Archive for rapid online search, retrieval & monitoring. With secure web-based access and real-time indexing powered by search engine technology, every employee and Compliance Officer has the ability to find any current or historical message in seconds. Read More »
The Compliance Reviewer, Global Relay's monitoring system, provides Investment Dealers with a turn-key, flexible, online supervisory system with advanced monitoring, filtering and eDiscovery features enabling enforcement of your firm's email & IM policies for compliance, proper usage and corporate governance. Compliance features include:
- Scan & Monitor email, attachments, IM & Bloomberg from Global Relay Archive
- Content Filtering with company-defined rules to identify prohibited content
- Advanced Analysis with Boolean logic, criteria lists, proximities & action alerts
- Random Sampling of each rep's messages customized by percentage & user
- Keyword Search results are highlighted within the message for quick discovery
- Full Review of messages & attachments, or bulk review of headers only
- Reviewer approval, rejection, escalation based on action icons & defined notes
- Multi-tiered Review structure for review escalation to Super Reviewers
- Wizard Commands for pre-defined, single-click compliance using folders, flags, priorities & labels
- Exclude Words, phrases or email accounts (e.g. disclaimers, attorney-client privileged mail, newsletters) from Flagging Rules
- Access Rights of authorized Reviewers governed by customized security rules
- Notifications of compliance violations by email or IM
- Audit Trail with detailed time history of reviews and related actions taken
- Web-based Control Center to modify surveillance & monitoring procedures
How does the Compliance Reviewer work? Using powerful search engines, the Compliance Reviewer is able to retrieve your firm's messages from Global Relay Archive and apply easy-to-use, company-defined filters and Wizard Commands for efficient review and monitoring of all archived email, IM, and Bloomberg messages. Messages of any user are analyzed on import and flagged for review if violations are detected as follows:
- real time filtering for keyword or phrase violations (start-up list provided)
- specific query using flexible search criteria
- advanced rule-based keyword & phrase proximity analysis
- random sampling (by User, User Group, or firm-wide, using percentages).
Global Relay Archive & Compliance Reviewer Audit Tools are designed to facilitate efficient responses to regulatory audits and evidentiary requests. Global Relay has successfully assisted hundreds of IIROC, SEC, and FINRA regulated firms during their audits and regulatory investigations. Currently, Global Relay participates in approximately 4 to 6 customer audits per day.
- Search & retrieval of any message in seconds
- Audit Request response within minutes using online search and eDiscovery tools
- Statistics & reporting on Compliance Officer reviews & related actions taken
- Retention Term flexibility for Litigation Holds & anticipated investigations
- Legal Compliance in-house specialists to assist during audits
- Case Management via folder system with shared folders (e.g. external attorney review)
How do Global Relay's Audit Tools assist with an Audit? Global Relay provides flexible and efficient methods to produce records according to the specific criteria of the Audit request. Messages are made readily available for examination either by:
Online review of messages via an "Auditor account" in Global Relay Archive
- Create online access based on Audit request, restricted to the exact scope of the Audit(by date, user, subject etc.)
- Assign Auditors temporary online review privileges
- Block attorney-client privileged, personal or restricted messages
Compilation of data for delivery to IDA
- Professional Team can be engaged to assist with complex discoveries
- Fast discovery, consolidation and organization of data for export & delivery
- PST file export capability
- Compile requested information on regulator-qualified media such as disc, FTPS or portable hard drive
Frequently Asked Questions
- What are the email & IM Compliance Requirements for IIROC?
In connection with electronic communications under IDA By-law 29.7 and UMIR Policy 7.1,Rule 10.11, firms must:
- monitor electronic communications using a system designed to detect compliance violations (UMIR Policy 7.1 );
- educate and train employees on procedures governing public electronic correspondence;
- maintain an audit trail and record of supervisory reviews (to be retained for 5 years under UMIR Policy 7.1);
- evaluate and monitor supervisory procedures to ensure compliance;
- retain all electronic advertisements, sales literature for 3 years, and correspondence with the public for 5 years;
- store & verify accuracy of all electronic order information (UMIR Policy 7.1, Rule 10.11);
- index & store all electronic records;
- make readily accessible all stored business-related electronic communications prepared for clients, and all records of supervisory reviews for inspection by the IDA.
- What is the significance of these rules?
Regulators are no longer tolerating inadequate recordkeeping and supervision of a firm's electronic communications. The IDA has adopted mandatory requirements designed to protect investors from misrepresentation and fraud via electronic communications and to prevent record tampering. Amendments to IDA By-law 29.7 impose requirements on firms regarding both archiving, and monitoring and post-review of electronic advertisements, sales literature and correspondence for clients. The Internet and email are incorporated in the By-law's definition of "electronic correspondence." The Universal Market Integrity Rules for Canadian Marketplaces UMIR Policy 7.1 also requires a compliance supervision and preservation system to be put in place.
- Who must comply?
Generally, this legislation is applicable to all persons engaged in trading or acting as a dealer, including investment dealer firms and registered representatives that fall under the jurisdiction of the IDA.
- What are the repercussions of non-compliance?
Increasingly, regulatory investigations focus on business records and supervision of the same. Firms cannot afford to have a casual attitude toward email supervision and record management, as the repercussions of non-compliance include internal and/or regulatory disciplinary actions, costly penalties, civil liability, damaged corporate reputation, loss of goodwill and clients.
- Where can this Legislation be found?
Performing comprehensive due diligence on Software-as-a-Service vendors is a responsibility and a best practice for Registered Investment Advisors.
Global Relay can assist with the due diligence process. Global Relay's internal controls are verified by KPMG in a document entitled, "KPMG Report on Global Relay's Business, Operational & Security Controls". The report provides assurances and transparency into the high standards of Global Relay's internal controls, and how these truly differentiate Global Relay.
Specifically, the KPMG Report provides unique and extensive validation of Global Relay's security, business and operational controls related to:
- Physical Security - and safeguards governing data protection and data center controls.
- Change Management - Frameworks for guiding software development releases, operations and change control.
- Network Security & Availability - System architecture, redundancy, access and security.
- Global Relay Archive & Compliance Reviewer - Inbound message processing, secure storage, data center replication and end-user access.
- Data Import, Extraction & Destruction - Policies, procedures and methodologies for securely handling customer data.
- Security Policies & Standards – Policies & standards governing privacy and confidentiality.
- Personnel Policies & Procedures - Employee life-cycle management.
To learn more about this report and how Global Relay can assist your firm with due diligence, contact us today.