Rules that require firms to retain their e-mails and store them in an easily accessible place are still ambiguous, experts say.
Concerns over compliance with e-mail-retention rules dominated a panel discussion this week moderated by Wall Street & Technology at Information Week's annual technology conference in Tuscon, Arizona.
One of the major challenges facing the securities industry is not only storage of all electronic records - including e-mails and instant messages - but it's being able to access the material in the event of a regulatory investigation or litigation. "Retention without accessibility is not retention," warns Jay Cohen, vice president and chief corporate compliance officer of The MONY Group, a diversified financial service firm that owns Advest, the retail brokerage firm.
Cohen - who is a former prosecutor - cited the recent case involving the research investigation of five major securities firms fined by the NASD $1.65 million a piece. Although the firms had stored e-mails on back-up tapes for several years, they were fined because they were unable to retrieve the e-mails according to the rule's requirements, Cohen told the audience who came to hear the session titled: "Stay Out of Jail: Compliance in Financial Services."
The second challenge financial-services firms face is that "retention without accessibility is not retention," says Cohen. This means that firms must be able to "access what the regulators are looking for," and companies that don't have that ability, will be in a difficult situation with regulators, he says. At that point, they will be forced to resort to "enormous expenditure of time and resources," says Cohen to retrieve the information.
Even though the number of e-mails flowing through the financial industry is skyrocketing, Richard Rzasa, vice chairman and chief information officer of technology solutions for TD Waterhouse, told the audience his firm is saving all of them. "I think the storage vendors are going to make out best in this exercise," jokes Rzasa. But Rzasa was perfectly serious in saying, "We are retaining all of the e-mails that our associates send to customers and colleagues, and archiving them in a third-party system.
To be more proactive in interrogating e-mails, Rzasa's currently implementing an artificial intelligence, fuzzy logic technology and applying that with a lexicon of unacceptable terms to the e-mails, "to figure out if the firm has a rogue broker or someone who is misleading the customer," he says. TD is also making sure that every instant message, which is deployed in only a few areas, is being captured and under surveillance as well.
Meanwhile, financial-services firms are still grappling with how to interpret the rules with regard to time period and storage in a "readily accessible place."
Cohen says the rules require retention periods ranging from two years to six or seven years for e-mail and other electronic records.
Rzasa says, "We're being very, very conservative under the rules which say to retain electronic records for three years, and two years in readily accessible place." But how much time a firm has to retrieve and turnover records to a regulator, is still open to interpretation. "Is it 48 hours, is it 24 hours? Is it 2 hours," asks TD Waterhouse's CIO. "As you have to get more real time with being able to provide more access, obviously the cost of it goes up more.
Martin Colburn, executive vice president and chief technology officer of the NASD, says accessibility means firms need to "spend the resources to not only back-up the data, but to be able to restore it and restore it readily. "What we've (the NASD) done is actually put (our own e-mails) online and have compliance people check it on a regular basis," says Colburn. "We recommend that because we believe that self-compliance is as much a tool as the enforcement of the rules," says Colburn.
Though e-mail retention dominated the agenda, the session also covered the policies and procedures firms are putting into effect to comply with Sarbanes Oxley and The USA Patriot Act as well as the evolving partnership between the chief information officer and the chief compliance officer. Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio