Financial Industry Regulatory Authority (FINRA)
At the heart of the financial industry is a mass of highly sensitive data: Account numbers, cardholder data, bank statements, and secrets that could be used to commit insider trading.
The industry has built a wall around this data in the form of regulation, maintained by regulatory authorities such as the Securities and Exchanges Committee (SEC) and the Financial Industry Regulatory Authority (FINRA)
The backbone of the regulations imposed by FINRA and the SEC have to do with communication – the archiving of electronically stored information (ESI), specifically.
Here are just a few of those regulations, established by FINRA:
- FINRA 10-06 — Requires financial firms to retain records of all social media communications.
- FINRA 11-32 — States that tweets and text messages are written material which need to be preserved
- FINRA 11-39 — Establishes the requirement to retain, retrieve, and supervise business communication, even when that communication is conducted from a personal device
Therefore, at the heart of any truly compliant organization is an archiving system capable of archiving all necessary ESI. Simply archiving the data, however, is not enough. It must be archived in the right format to meet compliance standards.
Write Once Read Many Archiving (WORM)
WORM compliance refers to an archiving system’s ability to store files in a format that cannot be altered. The SEC outlined this requirement in Rule 17a-4(f) of the Securities and Exchanges Act (SEA):
If electronic storage media is used by a member, broker, or dealer, it shall comply with the following requirements: The electronic storage media must preserve the records exclusively in a non-rewriteable, non-erasable format.
WORM means that only an act of willful (physical) destruction will remove information from disks before the set retention date. Many systems archive information, and this is a very important first step; however, in the highly regulated financial industry, ESI needs to be stored in this secure format.
Penalties for Non-Compliance
It’s concerning how many organizations fall into non-compliance with this regulation. Although they are many, FINRA is merciless in imposing fines and penalties. Just a few months ago, FINRA fined 12 firms for a total of 14.4 million for “significant deficiencies relating to the preservation of broker-dealer and customer records in a format that prevents alteration”. A few notable affected parties are:
- Wells Fargo Securities, LLC and Wells Fargo Prime Services, LLC, jointly fined $4 million.
- RBC Capital Markets LLC and RBC Capital Markets Arbitrage S.A. were jointly fined $3.5 million.
- RBS Securities, Inc. was fined $2 million.
- SunTrust Robinson Humphrey, Inc. was fined $1.5 million.
In a statement about the sanctions, the SEC pointed to the importance of record keeping in protecting investors, saying that records are the “primary means of monitoring compliance with applicable securities laws, including anti fraud provisions and financial responsibility standards.” FINRA further explains how WORM storage is critical to the cause:
“Over the past decade, the volume of sensitive financial data stored electronically has risen exponentially and there have been increasingly aggressive attempts to hack into electronic data repositories, posing a threat to inadequately protected records, further emphasizing the need to maintain records in WORM format.” – FINRA
WORM Compliance with Retain
Retain by Micro Focus helps organizations achieve WORM compliance with NetApp SnapLock. Traditional tape, optical disk, and content-addressable WORM storage made data storage and access difficult. Retain, on the other hand, “delivers high-performance disk-based data permanence for HDD and SSD deployments” while providing data integrity and retention. The solution supports encryption and compression, as well as monitoring features such as fingerprinting that allow administrators to see when data was accessed and by whom. All of these features are offered for email, mobile, social, and other types of archiving.
Once stored, Retain makes the most out of this information. A powerful suite of eDiscovery tools ensures that when litigation arises, information will be easy to access (for the right people), redact, and export in a desired format. In doing so, Retain allows end users the security of WORM storage with the ease of other storage formats.
The lesson to be learned from the 12 organizations fined by FINRA is that compliance is always more cost effective and easier on business than fines and sanctions. Organizations that research, understand, and apply imposed regulations avoid negative publicity and profit-loss while doing the public a service by operating a transparent, trustworthy business – a characteristic which, in turn, brings its own benefits.
Download a complimentary 30 day evaluation of Micro Focus Retain