August 13, 2013
Microsoft Dynamics CRM + Microsoft Exchange Online Archiving Helps Compliance with SEC and FINRA Archiving
According to a recent analyst report, today’s enterprise employees send and receive approximately 110 emails a day. This constant flow of email creates a lot of noise for employees, but can also create challenges for storage, archiving and auditing. If not managed properly, siloed, unmanaged email stores can increase the risk of non-compliance.
Financial Industry Regulatory Authority (FINRA) and the Security and Exchange Commission (SEC) regulate communications for many organizations financial services industries.In connection with electronic communication under the recordkeeping rules, firms must:
- (i) SEC Rule 17a-3 and 17a-4
- preserve electronic records of transactions and general securities business (incoming, internal, outgoing);
- store on Write Once, Read Many (WORM) media, the quality of which must be verifiable;
- store original and duplicate copies in separate locations;
- create and store indexes of the electronic records;
- have an auditing system in place and store audit results for all electronic records;
- retain for retention periods (3 to 6 years), the first two years in an easily accessible place; and
- appoint an independent third party to access and download a firm’s electronic records, upon request.
- (ii) FINRA Rule 4511
- make and preserve books and records as required under the FINRA rules, the Exchange Act and applicable Exchange Act rules;
- preserve for a period of six years those FINRA books and records for which there is no specified period under FINRA rules or applicable Exchange Act rules;
- books and records shall be preserved in a format and media that complies with SEC Rule 17a-4
Microsoft’s Exchange Online Archive (EOA) is a proven method to aid in compliance with SEC and FINRA reporting regulations. Since the majority of Microsoft CRM customers use Microsoft Exchange as their email server, this is a logical supplemental compliance solution.
The Exchange Online Archive is fairly easy to deploy and requires no additional software purchase (above what you already pay for Exchange). It is available for customers using Microsoft Exchange 2010/2013/Online. For customers who used Exchange Hosted Archive in the past, there is a transition guide available here and a FAQs here.
Much of the requirements above can be viewed in a way which can be described as Organizational Governance; this model consists of four themes: protect, preserve, discover and prove. (from Microsoft)
- Protect encompasses policy, administrative and security requirements to help prevent businesses from falling out of compliance.
- The Preserve pillar describes typical security requirements for keeping information that organizations need to keep for business or legal reasons for specified time periods.
- Discover illustrates finding information that has been kept to take action upon it at some point such as for litigation, regulatory audits or internal investigations.
- Prove spans across all three other pillars and depicts being able to track and monitor actions to prove organizations did what they are supposed to do for auditing purposes.
Organizations that already manage their email communications with Microsoft CRM + Microsoft Exchange can easliy leverage Microsoft EOA by using multiple methods to help organizations protect and control data. Additionally, skilled administrative and operations teams can leverage some of the latest security tools, processes and technologies to help protect the reliability and security of your data.
Correction: This post originally and incorrectly identified Exchange Hosted Archive (EHA) as the current solution for compliance. The correct solution is EOA and this post has been changed to reflect that.