"You take something like archiving for granted, but from time to time we really need it."
Relevant section/topic | Compliance Requirements | How We Can Help |
---|---|---|
Books and records (Rule 3110) | Correspondence must be maintained in compliance with applicable FINRA rules and Securities Exchange Act of 1934 Rules 17a-3 & 17a-4. Also specifies supervisory procedures for the review of correspondence between individual representatives and the public. |
|
Relevant section/topic | Compliance Requirements | How We Can Help |
---|---|---|
Rule 17a-3 | Most members of a national securities exchange, as well as brokers and dealers, must keep current a variety of books and records that relate to their business. |
|
Rule 17a-4 & NASD 3010 | Securities dealers must implement specific, enforceable retention procedures, which include the following:
|
|
Investment Advisers Act of 1940 | Hedge fund managers with assets in excess of $100M have to register with the SEC under the Investment Advisers Act of 1940, which includes provisions for securing electronic communication, including email and instant messages (same requirements as SEC 17a-4). |
|
Rule 31a-2 of the Investment Company Act of 1940 and Rule 204-2 of the Investment Advisers Act of 1940 | Funds and advisers can maintain all of their records in an electronic format as long as procedures are put in place to protect records from “loss, alteration, or destruction”; that access to these records is limited to certain parties; and that “any reproduction of a nonelectronic original record on electronic storage media is complete, true, and legible.” |
|
Rule 17a-4 | Records, including email messages, must be preserved at least 6 years, the first 2 in “an easily accessible place”. |
|
Relevant section/topic | Compliance Requirements | How We Can Help |
---|---|---|
Rule 2860 (b)(17) | Members shall maintain and keep current a separate central log, index or other file for all options-related complaints, through which these complaints can easily be identified and retrieved. Background and financial information of customers shall be maintained at specific locations, including the principal supervisory office (or elsewhere, as long as the documents are “readily accessible and promptly retrievable”) |
|
Relevant section/topic | Compliance Requirements | How We Can Help |
---|---|---|
The Financial Privacy Rule | Financial institutions must provide each consumer with a privacy notice, explaining where the info is shared, how it is used and how it is protected, at the time the consumer relationship is established and annually thereafter. |
|
The Safeguards Rule | Financial institutions must design, implement, and maintain an information security plan to protect customer information; it also applies to credit reporting agencies, appraisers and mortgage brokers receiving info from financial institutions. |
|
Relevant section/topic | Compliance Requirements | How We Can Help |
---|---|---|
Consumer Finance Protection Bureau | Compliance with GLBA required for RESPA-TILA forms to protect NPI (Non-public Personal Information) by Real Estate Settlement Services- ALTA Best Practices Pillar #3.. |
|
Federal Deposit Insurance Corporation | Provides guidance on security and management of Instant Messaging. Social Media communications need to be supervised, reviewed, and retained. |
|
USA Patriot Act | Requires records retention for suspicious communications associated with money transfer and laundering. |
|
SB 1386 (only in California) | Requires any agency, person, or business conducting business in California to disclose unauthorized access to unencrypted personal information. |
|
Relevant section/topic | Compliance Requirements | How We Can Help |
---|---|---|
Protection of Security Technology | Make security-related technology resistant to tampering, and do not disclose security documentation unnecessarily. |
|
Cryptographic Key Management | Determine that policies and procedures are in place to ensure the protection of cryptographic keys against modification and unauthorized disclosure. |
|
Exchange of Sensitive Data | Exchange sensitive transaction data only over a trusted path or medium with controls to provide authenticity of content, proof of submission, proof of receipt, and non-repudiation of origin. |
|
Security Requirements for Data Management | Define and implement policies and procedures to identify and apply security requirements applicable to the receipt, processing, storage and output of data to meet business objectives, organizational security policy, and regulatory requirements. |
|
Relevant section/topic | Compliance Requirements | How We Can Help |
---|---|---|
HIPAA Security Rule (45 CFR Part 160, 164) | Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. |
|
This summary does not purport to list, nor should it be interpreted as stating that Deliver Exchange addresses, all legal requirements related to data storage and retention. Compliance with FINRA, SEC, HIPAA and other applicable laws is complex and multi-faceted and is ultimately the responsibility of each entity that is subject to those laws.