RIA Compliance Archiving & Monitoring
Regulators no longer tolerate inadequate recordkeeping and supervision of electronic communications. To address the explosive growth of email and instant messaging as critical business communication tools, SEC Rules 204-2 and 206(4)-7 of the Investment Advisors Act require Investment Advisors to implement a compliance archiving & monitoring solution to archive and supervise all electronic communications such as email, attachments, Instant Messaging (AOL, MSN, Yahoo, GoogleTalk, etc.), Bloomberg®, Thomson Reuters, BlackBerry, Social Media and more.
Global Relay Archive and Compliance Reviewer are specifically engineered to provide a total compliance solution for Investment Advisors subject to the stringent compliance requirements of the SEC in connection with electronic business communications.
Global Relay Archive, Global Relay's message archiving and compliance system, captures and archives an authentic and complete record of all electronic business communications in a secure but easily accessible offsite storage system. Compliance features include:
- Message Capture of email, attachments, Instant Messaging (AOL, MSN, Yahoo, Google Talk etc.), Bloomberg®, Thomson Reuters, BlackBerry, Social Media and more
- Archives messages for 5 year SEC term (or as defined by deletion policies)
- Access includes web-based instant access for all employees to their messages
- Tamperproof protection of data on dedicated WORM (Write Once, Read Many) drives
- Offsite, mirrored, single instance storage in East/West Coast Data Centers
- Indexes & serializes messages, Bcc & Distribution Lists, metadata & audit trails
- Search & retrieval of any message in seconds using Google-like search engine
- Security & encryption of systems, networks & messages
- Migration of legacy data (.pst files, backup tapes) to archive
- Retention Term flexibility for Litigation Holds & SEC investigations
How does Global Relay Archive work? All email, attachments, Instant Messaging (AOL, MSN, Yahoo, Google Talk etc.), Bloomberg®, Thomson Reuters, BlackBerry, Social Media, etc. are securely captured and centrally unified together with imported legacy email and .pst files, in Global Relay Archive for rapid online search, retrieval & monitoring. With secure web-based access and real-time indexing powered by search engine technology, every employee and Compliance Officer has the ability to find any current or historical message in seconds. Read More »
The Compliance Reviewer, Global Relay's monitoring system, provides Investment Advisors with a turn-key, flexible, online supervisory system with advanced monitoring, filtering and eDiscovery features enabling enforcement of your firm's email & IM policies for compliance, proper usage and corporate governance. Compliance features include:
- Scan & Monitor email, attachments, Instant Messaging (AOL, MSN, Yahoo, Google Talk etc.), Bloomberg®, Thomson Reuters, BlackBerry, Social Media and more from Global Relay Archive
- Content Filtering with company-defined rules to identify prohibited content
- Advanced Analysis with Boolean logic, criteria lists, proximities & action alerts
- Random Sampling of each rep's messages customized by percentage & user
- Keyword Search results are highlighted within the message for quick discovery
- Full Review of messages & attachments, or bulk review of headers only
- Reviewer approval, rejection, escalation based on action icons & defined notes
- Multi-tiered Review structure for review escalation to Super Reviewers
- Wizard Commands for pre-defined, single-click compliance using folders, flags, priorities & labels
- Exclude Words, phrases or email accounts (e.g. disclaimers, attorney-client privileged mail, newsletters) from Flagging Rules
- Access Rights of authorized Reviewers governed by customized security rules
- Notifications of compliance violations by email
- Audit Trail with detailed time history of reviews and related actions taken
- Web-based Control Center to modify surveillance & monitoring procedures
- Compliance Dashboard and reporting tools
How does the Compliance Reviewer work? Using powerful search engines, the Compliance Reviewer is able to retrieve your firm's messages from Global Relay Archive and apply easy-to-use, company-defined filters and Wizard Commands for efficient review and monitoring of all archived email, IM, and Bloomberg messages. Messages of any user are analyzed on import and flagged for review if violations are detected as follows:
- Real time filtering for keyword or phrase violations (start-up list provided)
- Specific query using flexible search criteria
- Advanced rule-based keyword & phrase proximity analysis
- Random sampling (by User, User Group, or firm-wide, using percentages).
Audits & Investigations
Global Relay Archive & Compliance Reviewer Audit Tools are designed to facilitate efficient responses to regulatory Audits and evidentiary requests. Global Relay has successfully assisted hundreds of SEC-regulated firms during their Audits and regulatory investigations. Currently, Global Relay participates in approximately 4 to 6 customer Audits, examinations or subpoenas per day.
- Search and retrieve any message in seconds using Google-like search engine
- Audit Request response within minutes using online search and eDiscovery tools
- Statistics & reporting on Compliance Officer reviews & related actions taken
- Retention Term flexibility for Litigation Holds & SEC investigations
- Legal Compliance in-house specialists to assist during Audits
- Case Management via folder system with shared folders (e.g. external attorney review)
How do Global Relay's Audit Tools assist with an Audit? Global Relay provides flexible and efficient methods to produce records according to the specific criteria of the Audit request. Messages are made readily available for examination either by:
Online review of messages via an "Auditor account" in Global Relay Archive
- Create online access based on Audit request, restricted access to the exact scope of the Audit (by date, user, subject etc.)
- Assign Auditors temporary online review privileges
- Block Attorney-Client privileged, personal or restricted messages
Compilation of data for delivery to SEC
- Professional Team can be engaged to assist with complex discoveries
- Fast discovery, consolidation and organization of data for export & delivery
- PST file export capability
- Compile requested information on regulator-qualified media such as disc, FTPS or portable hard drive
Frequently Asked Questions
- What are the email & IM Compliance Requirements for RIAs?
In connection with "maintaining electronic records" under Rule 204(2), firms must:
- Preserve all SEC-mandated records (incoming, outgoing) regarding the Advisor's business
- Store records on tamperproof electronic storage media
- Retain records in an easily accessible place for a 5-year period
- Retain records in an office of the advisor for the first two years of the retention period
- Arrange & index records for easy search, retrieval and access
- 'Promptly' produce records defined as immediately, up to a few hours of request time
- Produce authentic copies of records in original format, and printouts of such records
- Provide access for regulators to view and print electronic records
- Store original and duplicate copies of records in separate locations
- Establish and maintain procedures to ensure document integrity is maintained
- Verify that reproduced records are true, complete and legible when retrieved
- Undertake annual reviews & store review results (Rule 206(4)-7)
- What is the significance of these SEC rules?
Regulators no longer tolerate inadequate recordkeeping and supervision of a firm's electronic communications. In response to the explosive growth of email and IM as the principal communication tool, requirements designed to protect investors from misrepresentation and fraud via electronic communications, and to prevent record tampering are now mandated. The SEC has adopted amendments to Part 275-Rule 204-2 of the Investment Advisers Act, which identifies records that must be stored electronically relating to the business and imposes requirements regarding the preservation, accessibility and retention of all such records.
- Who must comply?
Investment Advisors registered or required to be registered under Section 203 of the Investment Advisors Act (1940). The majority of State-registered Investment Advisors have similar regulations. Note that Rule 204-2(a) requires the preservation of records relating to "its investment advisory business" which should include preserving email of a firm's registered Advisors, as well as associated persons to the business.
- What are the repercussions of non-compliance?
Increasingly, regulatory investigations focus on business records and on stricter enforcement of electronic records in particular. Firms cannot afford to have a casual attitude toward electronic management.
Civil penalties may range from $5,000 to $100,000 for individual Advisors and $50,000 to $500,000 for organizations. Criminal penalties may involve up to five years imprisonment or up to a $10,000 fine. Further consequences of non-compliance include internal and/or regulatory disciplinary actions, civil liability, damaged corporate reputation, loss of goodwill and customers.
- Where can this Legislation be found?
Performing comprehensive due diligence on Software-as-a-Service vendors is a responsibility and a best practice for Registered Investment Advisors.
Global Relay can assist with the due diligence process. Global Relay's internal controls are verified by KPMG in a document entitled, "KPMG Report on Global Relay's Business, Operational & Security Controls". The report provides assurances and transparency into the high standards of Global Relay's internal controls, and how these truly differentiate Global Relay.
Specifically, the KPMG Report provides unique and extensive validation of Global Relay's security, business and operational controls related to:
- Physical Security - and safeguards governing data protection and data center controls.
- Change Management - Frameworks for guiding software development releases, operations and change control.
- Network Security & Availability - System architecture, redundancy, access and security.
- Global Relay Archive & Compliance Reviewer - Inbound message processing, secure storage, data center replication and end-user access.
- Data Import, Extraction & Destruction - Policies, procedures and methodologies for securely handling customer data.
- Security Policies & Standards – Policies & standards governing privacy and confidentiality.
- Personnel Policies & Procedures - Employee life-cycle management.
To learn more about this report and how Global Relay can assist your firm with due diligence, contact us today.