Archiving Microsoft Exchange Server for 17a-4 - A Guide for FINRA Firms
Microsoft Exchange server is a popular in-house email system used by financial firms to manage their communications. It allows full control over email accounts, sharing of contacts, calendars and public folders. In addition, it is relatively inexpensive operate, so many companies choose Exchange as opposed to outsourcing their email to a third-party provider. However, FINRA members must be aware that, by default, it is not compliant. So an extra step must be taken to ensure specific compliance rules such as 17a-4 are achieved.
It is important that financial firms understand employees can easily delete current or historical messages off their Exchange server at any time, even if a firm performs regular backups messages can be removed between backup cycles. Also attempting to restore emails from previous backups is difficult, even for an experience technician. So, financial firms who use Microsoft Exchange as their in-house email solution need a method to ensure they are compliant with today's long-term email archiving and supervisory rules such as 17a-4.
The Forward and Store Method
The most effective method for FINRA firms to ensure full compliance of their in-house Microsoft Exchange server is with the forward and store method. This is a fool-proof method to achieve the demands of 17a-4 and makes sure emails are fully protected. It forwards a copy of all messages before they reach the Exchange server and stores them offsite in a compliant manner.
This means, emails are stored for seven years, on non-writable disk and made readily available to compliance officers for regular supervision or in the event of an audit. But best of all users are completely unaware of the process and prevented from delete message so firms are assured complete compliance with important data compliance regulation. This is critical for on-going supervision or in the event of an audit where regulator demand an electronic records request of historical messages.
Supervision and Retrieval of Email
Once all emails are being forward to the provider for archiving, it is important for compliance offices to be able to supervise the email archive for on-going auditing. This is usually done through a web based interface. However, several key features are needed:
Flagging of emails: Compliance officers need to able to prove to auditors that they are viewing emails and can add a "supervised" flag to emails.
Lexicon searches: The ability to perform full lexicon based searches of emails. This means any emails with specific words or partial words can be quickly found. It should also include the searching of attachments
On-the-fly Key word flagging: it is important that messages can be flagged based on a list of keys word on-the-fly, this means as emails flow through the archive are immediately flagged for non-compliant key words and the compliance officers is alerted
Download historical messages in a format required by FINRA: Historical emails message need to be search and downloadable in.eml format for regulators. This is an important aspect of rule 17a-4 and FINRA will ask for this during an electronic records request
Spam and Virus Filtering: To reduce the amount of emails and make supervision easier, spam and virus filtering should be included in the archiving service to reduce amount of emails to view and supervise
Email encryption: This should be part of the service to allow secure encrypted message
Failover: If the internal Exchange server goes down users should be able to access emails and continue to send and receive messages from a different location
Summary:
Financial firms who are using an internal Microsoft Exchange server for their email need to be aware that it is not compliant. And an extra step must be taken to ensure they meet the requirements of rule 17a-4. The forward and store method is the best way to ensure they properly archive and supervise emails. In addition, they need to be certain they can properly access their email archive for on-going auditing.
The Forward and Store Method
The most effective method for FINRA firms to ensure full compliance of their in-house Microsoft Exchange server is with the forward and store method. This is a fool-proof method to achieve the demands of 17a-4 and makes sure emails are fully protected. It forwards a copy of all messages before they reach the Exchange server and stores them offsite in a compliant manner.
This means, emails are stored for seven years, on non-writable disk and made readily available to compliance officers for regular supervision or in the event of an audit. But best of all users are completely unaware of the process and prevented from delete message so firms are assured complete compliance with important data compliance regulation. This is critical for on-going supervision or in the event of an audit where regulator demand an electronic records request of historical messages.
Supervision and Retrieval of Email
Once all emails are being forward to the provider for archiving, it is important for compliance offices to be able to supervise the email archive for on-going auditing. This is usually done through a web based interface. However, several key features are needed:
Flagging of emails: Compliance officers need to able to prove to auditors that they are viewing emails and can add a "supervised" flag to emails.
Lexicon searches: The ability to perform full lexicon based searches of emails. This means any emails with specific words or partial words can be quickly found. It should also include the searching of attachments
On-the-fly Key word flagging: it is important that messages can be flagged based on a list of keys word on-the-fly, this means as emails flow through the archive are immediately flagged for non-compliant key words and the compliance officers is alerted
Download historical messages in a format required by FINRA: Historical emails message need to be search and downloadable in.eml format for regulators. This is an important aspect of rule 17a-4 and FINRA will ask for this during an electronic records request
Spam and Virus Filtering: To reduce the amount of emails and make supervision easier, spam and virus filtering should be included in the archiving service to reduce amount of emails to view and supervise
Email encryption: This should be part of the service to allow secure encrypted message
Failover: If the internal Exchange server goes down users should be able to access emails and continue to send and receive messages from a different location
Summary:
Financial firms who are using an internal Microsoft Exchange server for their email need to be aware that it is not compliant. And an extra step must be taken to ensure they meet the requirements of rule 17a-4. The forward and store method is the best way to ensure they properly archive and supervise emails. In addition, they need to be certain they can properly access their email archive for on-going auditing.
About AdvisorVault:
AdvisorVault's email archiving solution is designed for FINRA firms and gives them a complete solution to achieve rule 17a-4. Our method archives emails in accordance with today's compliance rules and supplies compliance officers with a full featured web interface to access and supervise emails for compliance.
AdvisorVault Contact:
Allan Lonz, President
AdvisorVault Inc.
alonz@advisorvault.org
http://www.advisorvault.org
Direct: 416-985-0310
Toll free 1-866-925-1941 ex 1
Article Source: http://EzineArticles.com/?expert=Allan_Lonz AdvisorVault's email archiving solution is designed for FINRA firms and gives them a complete solution to achieve rule 17a-4. Our method archives emails in accordance with today's compliance rules and supplies compliance officers with a full featured web interface to access and supervise emails for compliance.
AdvisorVault Contact:
Allan Lonz, President
AdvisorVault Inc.
alonz@advisorvault.org
http://www.advisorvault.org
Direct: 416-985-0310
Toll free 1-866-925-1941 ex 1
About the Author
0 comments: