FINRA fined 12 firms $14.4 million for failing to store their firm’s records in “write-one read-many” format.
Storing in WORM format assures that your electronic records such as your firm’s Websites have not been changed or altered.
Simply “back up” or storing your Website in “the cloud” means that you are not storing your Website to an immutable format. Firms failing to use non-erasable WORM format could be opening themselves up to unnecessary risks and fines.
Make sure your Website is being stored to an immutable WORM file format.
Firms are also required to archive their Websites to geographically diverse, separate and secure multiple data centers.
If you’re unsure if you’re following stringent FINRA regulations, ask! You could save your firm from being fined from not storing your Website properly.
For a full checklist on FINRA Website archiving requirements, visit http://compliancevault.com/compliance-checklist.html
FINRA news release on fines
Contrary to what you may have heard archiving firms differ greatly in their archiving methods and approaches.
For example if your Website is being archived using cloud storage, your firm may be opening itself up to unnecessary risks like outages, and the ability to prove that your archives are immutable.
What if the cloud storage your vendor uses goes down like Amazon cloud storage has. This makes your archives unaccessible and opens your firm to undue risks. When cloud storage goes down, this means you won’t have access to important firm information.
FINRA/SEC requires broker/dealers to storage their firm Website archives to WORM or immutable file format storage. Using WORM storage assures without a doubt that your information cannot be changed, altered or deleted.
To assure you’re following regulatory guidelines, verify that your vendor uses WORM storage (not the cloud) and that your Website is being archived to separate and secure data centers (physical locations). Archives are needed every time your Website posts an update or revision.
FINRA, the enforcement and arbitration agency that regulates broker/dealer firms and exchange markets, reported this year will be a record year for fines. It reported over $79 million in fines had been levied for the first half of 2016. Projections for the entire year could total $160 million in fines – representing a nearly 20% increase from record-setting year 2014.
As part of the books and records requirements, broker/dealers are required to store their firm Websites and firm information to WORM or non-erasable storage to multiple, secure, and geographically diverse data centers.
Is your Website being stored to WORM?
Press release from Sutherland: http://www.sutherland.com/NewsCommentary/Press-Releases/193640/FINRAs-Projected-2016-Fines-Ginormous-Fines-May-Propel-2016-toRecord-Setting-Year
Financial firms using cloud storage to archive firm Websites, emails and social media may be opening up their company to unnecessary risks and should absolutely be concerned.
Last Friday 7amEST, hackers released a DDoS (distributed denial-of-service), taking offline popular Websites such as Amazon, Twitter, Tumblr, Soundcloud.
While cloud storage has been rising in popularity over the years, firms that use Amazon and other cloud providers for archiving their Websites and other important information subject to government regulations may just find their archives unaccessible and open to further attacks and outages.
Do you know if your Websites and other information subject to books and records requirements are being stored in the cloud?
If so, you may want to rethink your archiving storage strategy and use a provider that uses actual secure data centers for archiving storage.
Last summer the Securities and Exchange Commission (SEC) proposed a new rule under 206(4)4, that would require RIAs to adopt and implement written business continuity and transition plans.
While many firms may already have BCP plans in place, these plans may not include some of the new provisions such as the firm’s transition plans and other risks related to potential significant disruptions in the firm’s business and operations.
Financial firms would be prudent to revise their BCP to include these provisions and place it on their firm Websites. Since firms are already required to archive their Websites to an immutable WORM (write-once-read-many), non-erasable format, this would ensure that all the information on their Websites (including BCP and transition plans) meet all regulatory requirements.
The SEC is making amendments to the Advisors Act book and recordkeeping rule in an effort to improve the agencies monitoring and regulation of the financial industry.
The amendments will require financial advisors to keep additional records of communications for all performance related information, regardless of the number of intended targets it plans to reach.
It would be prudent for firms to keep a secure record of all communications to a WORM, non-erasable file format that is readily available.
In a recent survey, protecting their firm’s information rated highest, with 88% of respondents citing cybersecurity and information security as their highest concern.
Other areas included Advertising/Marketing, Anti-MoneyLaudering.
Interestingly, nearly 40% of respondents stated that their firm prohibits reps from using social media to promote their business.
Using your Website and social media are great ways to promote your uniqueness – how you’re different and why investors should trust you. It allows you to show how you’ve helped other investors manage through the financial maze and craziness that we’ve seen in the markets.
Over 700 compliance officers participated in the 2016 Investment Management Compliance Testing Survey.
Source: 2016 Investment Management Compliance Testing Survey
The 2016 Thomson Reuters survey details its findings on the compliance costs and upcoming challenges financial firms face dealing with an ever increasing compliance focused environment. The results come from more than 300 global financial firms. The survey builds on results over the last seven years.
Findings indicate a trend toward outsourcing of compliance functions, with a quarter of firms now outsourcing parts of compliance functions.
The survey cites a lack of in-house skills and resources available as reasons.
We foresee this trend continuing as compliance costs rise and compliance officers continue to be asked to do more without adequate increases in staffing.
Have you checked your firm’s cybersecurity policies and procedures lately? If not it could cost your firm big time.
The SEC brought actions against a St. Louis based investment firm for cybersecurity breaches. The SEC alleges that the firm failed to develop adequate cybersecurity policies and procedures. The investment firm also improperly stored customer data, potentially compromising customer sensitive information and data. The firm agreed to be censured and pay a $75,000 penalty.
The SEC has outlined 3 broad categories of cybersecurity protections that financial firms must implement:
- Conduct frequent cybersecurity risk assessments regarding firm practices related to proper security practices
- Create cybersecurity strategies that prevent and detect cybersecurity and policies to respond to potential security threats
- Conduct on-going cybersecurity training and reinforce procedures with staff