Presentation is loading. Please wait.

Presentation is loading. Please wait.

Global Relay Best Practices for Mutual Fun Dealers: Archiving, Data Protection & Compliance in a social world 7 May 2013.

Published byGeoffrey Manning Modified over 7 years ago

Similar presentations

Presentation on theme: "Global Relay Best Practices for Mutual Fun Dealers: Archiving, Data Protection & Compliance in a social world 7 May 2013."— Presentation transcript:

1 Global Relay Best Practices for Mutual Fun Dealers: Archiving, Data Protection & Compliance in a social world 7 May 2013

2 Agenda Message Archiving & Regulatory Compliance
The Marriage Between Technology & Compliance Message Archiving – It’s not just about … Understanding your Requirements Privacy Laws & Data Protection Social Media Due Diligence on Engaging a Vendor Understanding Message Processing – You are Accountable Know Your Vendor; SAS 70 & internal controls Leveraging Your Archive Audit & Litigation Readiness Business Continuity & Disaster Recovery Employee Access from Web, Outlook, BlackBerry & iPhone Q & A Global Relay Communications Inc - Proprietary & Confidential

3 About Global Relay canadian owned and operated
14th year of delivering Software-as-a-Service in a secure private cloud Core competency: Message Archiving, Compliance, & eDiscovery Team of employees; more than 100+ developers; strong Legal/Audit team 16,000 customers, 95% in the financial services sector Serving Broker-Dealers, Investment Advisors, Hedge Funds, Private Equity & Banks, Mutual Funds Offices in major financial centers worldwide, providing 24x7x365 support: Global Relay is the Message Archiving Vendor in FINRA’s Compliance Resource Provider Program Vancouver New York London Singapore Hong Kong Chicago 100% Canadian Owned & Operated Copyright © Global Relay Communications Inc. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.

4 Global Relay Awards recognition and accolades
2011, 2012 Top 200 ranking for 2012 & 2011 on Deloitte Fast 500 – the fastest-growing technology companies in North America Warren Roy named BC CEO of the Year for 2012 by Business In Vancouver magazine – recognizing outstanding Business Strategy, Financial performance, People Development, Innovation &Social Responsibility/Sustainability Shannon Rogers, President & General Counsel ranked #1 for 2011 on PROFIT magazine’s list of Top 100 Female Entrepreneurs in Canada Recognized as one of the Top 10 Best Companies to Work For in British Columbia by BC Business Magazine for 2012 and 2011 Ranked among Largest Software Companies and Fastest Growing Companies in BC by Business in Vancouver magazine for 2012 and 2011 Copyright © Global Relay Communications Inc. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.

5 Analyst Recognition industry analysts’ evaluation of global relay
Positioned as a “Challenger” in 2012 Gartner Magic Quadrant for Enterprise Information Archiving: Rated extremely high on “ability to execute” Quote: “Customers indicate extremely high satisfaction with Global Relay's service, in part due to the company's focus on technology: 50% of Global Relay's employees are developers and all code is written internally.” Rated “Excellent” or “Very Good” on 8 of 10 criteria in Q Market Overview: SaaS Message Archiving (Forrester Wave for for SaaS archiving was discontinued) Most recent Forrester Wave for Software-as-a-Service Message Archiving (2008): Global Relay positioned as a “Strong Performer” Quote: “Global Relay’s offering features broad message capture options, very good support for Bloomberg messaging environments, and strong supervision functionality.” Gartner Magic Quadrant for Enterprise Information Archiving – published December, 2012 Copyright © Global Relay Communications Inc. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.

6 1) The Marriage Between Technology & Compliance Message Archiving – It’s not just about … Understanding your Requirements Privacy Laws & Data Protection Social Media Global Relay Communications Inc - Proprietary & Confidential

7 Global Relay Archive Message archiving solutions require:
it’s not just about Message archiving solutions require: Archiving of all message types (Recordkeeping) Supervisory controls: typically random sampling & keyword flagging Note! Ensure employees understand not to use personal messaging (e.g. Gmail) for business correspondence Copyright © Global Relay Communications Inc. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.

8 The Big Picture Message Archiving & Regulatory Compliance
Preserving “who said what, when” to address: MFDA, IIROC, litigation, internal & investor issues Understand your requirements Determine what message types are allowed & prohibited in your business Determine what to do on day 1 of your registration Archive on a going-forward basis? Legacy messaging is subject to court subpoena & discovery Import all legacy messaging including PSTs? Ensure a single location for eDiscovery Note! Migrating PST & legacy messages from archiving servers requires reconciliation, metadata & chain of custody documentation Supervision & Recordkeeping Rules, retention terms, legal holds and business requirements are complex and may conflict Global Relay Communications Inc - Proprietary & Confidential

9 SMTP (TLS) External Delivery
Unified Archive for any Message Type Importer Buffer (30 days) On-Premise Archive SMTP (TLS) External Delivery File Downloader XML > XCF XCF > EML API Downloader Database JSON > EML App JSON Global Relay Customer Users Journal SSL/TLS IMAP / SMTP SMTP Group Delivery XMPP / HTTPS XML REST/HTTPS OAuth JSON / SSL SMTP XMPP > EML HTTPS Message Routing Global Relay Archive Message Converter Social Converter Mobile Converter AD GR OCS App Normalized Messages (EML) Public IM OCS/Lync XMPP IM Trading / Market Data Social Media Mobile Global Relay Communications Inc - Proprietary & Confidential

10 Regulatory Requirements Rules for Electronic Message Recordkeeping
The Fundamentals: Recordkeeping Supervision Audit IIROC Rule 29.7, MFDA Rule 5.1, National Instrument (11.5) Requires capture, archive & preservation of electronic business records Indexing of messaging & attachments Dedicated, tamperproof storage Storage for easy search, retrieval & access Defined retention term (7 years or 5 years) Serialize & date-stamp each message Message export capability Global Relay Communications Inc - Proprietary & Confidential

11 Regulatory Requirements Rules for Electronic Message supervision
The Fundamentals: Recordkeeping Supervision Audit 2. Supervisory Compliance IIROC Rule 29.7, MFDA Rules 2.5, 2.7, National Instrument (11.1) Supervisory controls to detect & prevent regulatory violations Message review flags defined by keywords, phrases & exclusions Search & Review across all message types Preserve message context & threads Ensure full audit trails to log User, Review & Auditor actions Enforcement of supervisory policies Global Relay Communications Inc - Proprietary & Confidential

12 Regulatory Requirements Rules for Electronic Message audit & ediscovery
The Fundamentals: Recordkeeping Supervision Audit 3. Audit Considerations when producing data for regulators Turnaround speed: need to furnish “promptly” – determine time required to export reviewer-defined data Online access (Auditor login) vs. data extraction (FTP, PST, hard drive) Objective: to produce relevant data promptly Attorney-client privilege flagging (pre-tag vs. manual) Metadata & BCCs; Distribution Lists Vendor can provide support during Audits, Exams, litigation, eDiscovery Global Relay Communications Inc - Proprietary & Confidential

13 Privacy & Data Protection Safeguarding Intellectual Property
End-to-end security: Data leak prevention Lock down USB drive access Endpoint security Message encryption Data In Transit: Use SSL/TLS Protocols for login and authentication Ensure your firm & counterparties use mail servers with opportunistic TLS transport Optionally deploy policy-based encryption for message transport (vendors include Echoworx, ZixCorp, AppRiver, DataMotion) Note! Encryption technologies must support indexing and archiving of messages Data At Rest in Archive: Encrypt all messages with strong ciphers For firms doing business in the US and internationally Global Relay houses all customer data in Canada (outside the reach of the USA Patriot Act) Canada’s privacy laws make it an internationally recognized “data safe zone” Global Relay Communications Inc - Proprietary & Confidential

14 International Data Security & Privacy canada: a data safe zone
The “Cloud” still has to be hosted somewhere…. Canada is an internationally recognized “safe zone” for preserving data Data is hosted in mirrored SSAE 16 Type II Data Centers in East/West coast of Canada With customers in 90+ countries, Global Relay has deep experience in cross-border issues, including international legal, compliance, audit & eDiscovery matters Data Privacy in Canada Stringent data privacy and protection laws in Canada Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) governs personal information collected, used and disclosed by private sector companies in the course of commercial business The European Commission has twice audited Canada’s privacy laws and determined that those laws provide protection equivalent or better than the European Privacy Directive USA PATRIOT Act – Not a Concern for Global Relay Customers Global Relay hosts data in Canada, outside reach of the USA PATRIOT Act Customer data held by Global Relay is not subject to direct data access demands by the U.S. government Many large US and international financial firms select Global Relay on this basis Copyright © Global Relay Communications Inc. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.

15 Social Media Current Statistics Regulatory Views Best Practices
Global Relay – Proprietary & Confidential

16 About LinkedIn Profile
#1 networking tool used in business Profile The only widely-recognized professional social networking tool $19B market cap; revenue from premium subscriptions, HR services & advertising Operating since 2003 Stats 2.9 million companies have LinkedIn company pages 64% of users outside USA Growth Current growth rate: 2 new members per second, now at 225 million members Uses for Securities Dealers Finding with new clients & keeping in touch with existing ones Sharing news & insight with clients Global Relay - Proprietary & Confidential

17 About Twitter Micro-blogging platform Profile “Micro-blogging” tool where each communication is limited to 140 characters Content is largely public in nature Private company, $140M revenue from advertising Operating since 2006 Stats 57% of Twitter users use mobile devices 350 million tweets per day being sent Growth Fastest growing social media platform, now at 200+ million active users Uses for Securities Dealers Reps can quickly share with people who choose to follow them Gather public insight about a particular product, sector or event Global Relay - Proprietary & Confidential

18 About Facebook Profile The world’s #1 social network
#1 social network worldwide Profile The world’s #1 social network $5B revenue (2012) from advertising Operating since 2004 Stats 1.06 billion users; 618 million are active daily 81% of US social network users say Facebook is how they prefer to interact with companies Growth 51% of Americans aged 12 and up use Facebook, a 538% increase since 2008 Uses for Securities Dealers A forum for two-way dialogue with clients A platform for publishing news, events and articles Sources: CloudTactix, SubmitEdge.com Global Relay - Proprietary & Confidential

19 How do regulators view Social Media
How do regulators view Social Media? JUST ANOTHER FORM OF ELECTRONIC COMMUNICATION… FINRA’s mission: To protect investors by maintaining fairness in markets Same rules apply: Social Media falls under existing “media-neutral” requirements, including: Recordkeeping: capture & preservation of electronic business records SEC Rule (RIAs & Hedge Funds) SEC Rule 17a-3 & 17a-4; FINRA Rule 3110 (Broker-Dealers) Supervision and enforcement of supervisory policies SEC Rule 206(4)-7 (RIAs & Hedge Funds) FINRA Rule 3010 & Regulatory Notice (Broker-Dealers) Audit Readiness: Considerations when producing data for regulators Online access (Auditor login) vs. data extraction (FTP, PST, hard drive) Turnaround speed: need to furnish “promptly” – determine time required to export reviewer-defined data Communications With the Public: Regulatory Notice & FINRA Rule 2210 (Effective Feb. 4, 2013) Specific to Social Media: FINRA Regulatory Notices & 11-39 Before engaging in social media use, firms must be sure that they have technology to record and retain these communications Global Relay – Proprietary & Confidential

20 Social Media Compliance regulatory considerations
Social Media is subject to the same regulatory requirements for electronic communications For example, IIROC Dealer Member Rule 29.7, plus SEC/FINRA Social Media requires compliant solutions. A few examples: Type Deemed by IIROC Examples Compliance Considerations Public Profile Original Advertisement Facebook Profile LinkedIn Profile Pre-Review Access Controls Archiving Status Updates Interactive Electronic Forum Twitter Tweets Facebook Status Updates Access Controls Pre or Post-Review depending on your firm’s specific policies Electronic Correspondence LinkedIn Messages Access Controls Supervision & Monitoring

21 …However, Note Key Differences with Social Media NEW APPROACHES FOR NEW COMMUNICATION METHODS
Categorizations of Social Media Communications Static Content Static: content that remains posted until changed by the firm or individual; accessible to all site visitors. Requires principal pre-approval. Examples: Initial Tweets, Facebook Wall Posts, LinkedIn Network Updates Interactive Content Interactive: real-time communication; requires supervision after the fact (on a risk basis) Examples: , IM, Facebook Wall Comments, LinkedIn Network Comments, Retweets Linking to Third-Party Content Firms are responsible for content of linked sites & what reps endorse “Linking” or endorsing can trigger entanglement principles SEC concept of “prominence and proximity” Examples: Facebook “Likes”, Twitter “Retweets”, LinkedIn “Recommendations” Global Relay – Proprietary & Confidential

22 What About Mobile Devices
What About Mobile Devices? SOCIAL MEDIA TOOLS ARE THE MOST POPULAR SMARTPHONE APPS A ubiquitous pairing: Social Media & smartphones More than one third of Facebook members access via smartphone Mobile users are twice as active on Social Media FINRA: The communication, not the device, is determinative Same rules apply for social media content on smartphones Mobile makes Recordkeeping more difficult Make sure your social media compliance solution can capture social media content generated on: Mobile devices: smartphones, tablets (BlackBerry, iPhone, iPad, Android etc.) Home computers Public computers (hotels, airport kiosks, etc.) Global Relay – Proprietary & Confidential

23 Social Media Compliance via Policy
Best practices for achieving compliant social media via policy Approval workflow: implement for social media For example, employees must seek CCO/Legal approval before posting certain social media elements, such as a profile, credentials, referrals, advisor websites, preapproved content, etc. Training: provide social media compliance education for employees Make ongoing education mandatory for employees who use and review social media Limit use of your firm’s name and/or product names Decrease risks to your firm (such as data leaks) Prohibit social media communications that recommend investments or products Unless a registered principal has approved the content Revisit existing supervision frequencies & plans Ensure they are appropriate for social media Access: Select which social media sites employees can visit Restrict what is non-essential: home use, mobile devices Global Relay Communications Inc - Proprietary & Confidential

24 Social Media Compliance via Technology
Best practices for achieving compliant social media via technology Select a message archiving vendor that offers social media compliance capability Capture: Ensure the vendor has the capability to capture & retain all social media data for each user Unify: Integrate social media data to your existing message archive alongside other message types such as , Bloomberg, BlackBerry, Thomson Reuters, Instant Messaging, etc. Supervise: Leverage the supervisory capabilities within your archive – add social media messages to your firm’s message monitoring & review process Consider a third-party social media compliance tool to enforce policies Block/allow specific actions – for example, block Facebook Games or LinkedIn Recommendations Specify activity permission per employee – for example, staff other than registered reps have read-only access to social media sites Conclusion: Social media is here to stay and if managed wisely, it can be a useful tool for your business. Global Relay Communications Inc - Proprietary & Confidential

25 Case Study: The Importance of Social Media Archiving netflix ceo reed hastings’ & facebook disclosure Situation: Netflix CEO Reed Hastings posted material information about the company on Facebook (a statistic about viewership) Did not file the same information in a press release or Form 8-K SEC investigated… SEC deems Social Media to be an appropriate channel for public information… so long as the public is told where to look Lessons Learned: Social media is evolving from a marketing tool to a serious source of public information As with other communications with investors and the public, social media posts need to be captured and retained Global Relay Communications Inc - Proprietary & Confidential

26 Case Study: AP Twitter Account Hacked
Situation: AP’s Twitter account hacked by hostile group who claimed explosion at the White House 136 Billion in market value quickly erased, before market rebounds Lessons Learned: Twitter, and other social media, being used as a market data tool Password security on social media needs to be questioned and improved Global Relay Communications Inc - Proprietary & Confidential

27 Social Media Capture Requires Opt-In from User
Opt-In & User Rights A blurred line between personal & professional realms – e.g. LinkedIn profiles Unlike , employees own & control most social media accounts Employees must opt in for social media archiving Privacy rights a concern: firms should not store employees’ passwords Opt-In Flow – Global Relay Archive for Social Media Global Relay Communications Inc - Proprietary & Confidential

28 Viewing LinkedIn content in Global Relay Archive WITH HIGHLIGHTED CHANGES AND KEYWORD FLAGGING

29 What’s Next? New Social Media Sites & “Dual Uses”
Global Relay – Proprietary & Confidential

30 Web Archiving Powered by pagefreezer
Create an archive for websites, blogs & social media pages in the cloud Continually creates digital snapshots of your web content, at the frequency you specify Supports dynamic content: audio, video, Flash, and more Very straightforward setup; archive any number of different websites Use the PageFreezer dashboard to scroll through an interactive timeline of your archived websites Choose one of the digital snapshots of your website to brows & replay Search capability lets you pinpoint a specific keyword or date Global Relay - Proprietary & Confidential

31 Web Archiving (continued)
Powered by pagefreezer View your website within PageFreezer’s interface An exact copy of your website as it appeared at a specific moment in the past Dynamic content like video, audio, Flash, etc. is re-playable in its original format Global Relay - Proprietary & Confidential

32 2) Due Diligence on Engaging a Vendor Understanding Message Processing – You are Accountable Know Your Vendor; SSAE 16/SAS 70 & Internal Controls Global Relay Communications Inc - Proprietary & Confidential

33 Message Archiving & Authenticity It’s about Quality, Accuracy & Completeness
Fundamental message processing requirements Message log reconciliation Compare messages sent with messages received by archive Daily log reconciliation is a best practice Ensure all messages are received by archive Schema validation Ensure message content is accurate – for example, XML tags, headers & bodies Write verification Ensure accurate message processing in the event of hardware/software failures Malformed messages which fail to be accurately indexed & archived Sent to failure bin for analysis & remediation Forensic auditors check into this process Global Relay Communications Inc - Proprietary & Confidential

34 Due Diligence Know Your Vendor
Select vendors with experience in the financial sector Look for independent third-party validation SSAE 16 Type II / SOC I (Environmental Controls) Audited Internal Controls Evaluate vendors’ security, business & operational controls Physical Security Change Management (Patches, Releases, Upgrades) Network Security & Availability Message Flow & Processing Data Import, Extraction & Destruction Security Policies & Standards Personnel Policies & Procedures (e.g. background checks, references) Global Relay Communications Inc - Proprietary & Confidential

35 3) Leveraging Your Archive Audit & Litigation Readiness Business Continuity & Disaster Recovery Employee Access from Web, Outlook, & Mobile Global Relay Communications Inc - Proprietary & Confidential

36 Microsoft Outlook Plug-in
Additional Reasons to Archive Messages Leveraging Your Archive: Beyond Compliance Audit & Litigation Readiness Evidentiary-quality records Liability & HR considerations Long-term Storage & Message Management Employee convenience & productivity Retrieving historical & deleted messages Business Continuity & Disaster Recovery End-user access to messaging in the event mail servers are down Employee Access to All Archived Message Types Outlook plug-in with archive access Smartphone apps to Search, View, Recover, Reply, Reply All & Forward BlackBerry, iPhone, iPad, Android Microsoft Outlook Plug-in Global Relay Communications Inc - Proprietary & Confidential

37 Thank You Warren Roy CEO warren.roy@globalrelay.net Shannon Rogers
Additional Resources Compliance Solutions Guidebook Series KPMG Report on Global Relay Security, Business & Operational Controls Contact Global Relay Information Sheet on Data Discovery & Extractions Thank You Warren Roy CEO Shannon Rogers President & General Counsel Bryan Young Vice President, Sales Global Relay Offices Worldwide Vancouver New York Chicago London Singapore

Download ppt "Global Relay Best Practices for Mutual Fun Dealers: Archiving, Data Protection & Compliance in a social world 7 May 2013."

Similar presentations

BalaBit Shell Control Box

BalaBit Shell Control Box
Compliance, eDiscovery, Continuity and Migration made easy with SaaS Email Archiving Warren Roy, President & CEO, Global Relay.

Compliance, eDiscovery, Continuity and Migration made easy with SaaS Archiving Warren Roy, President & CEO, Global Relay.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
1 Solving the email records management problem A cloud-computing approach to email archiving Amanda Kleha Product Marketing, Google May 20, 2008.

1 Solving the records management problem A cloud-computing approach to archiving Amanda Kleha Product Marketing, Google May 20, 2008.
Adra Match BALANCER: Balance Sheet Reconciliation Software Powered by the Microsoft Azure Cloud MICROSOFT AZURE ISV PROFILE: ADRA MATCH Adra Match develops.

Adra Match BALANCER: Balance Sheet Reconciliation Software Powered by the Microsoft Azure Cloud MICROSOFT AZURE ISV PROFILE: ADRA MATCH Adra Match develops.
The Elements Compliance Platform Electronic Communications Archiving & Compliance for Email - Social - IM – SMS – Audio/Voice - Web Undisputed leader in.

The Elements Compliance Platform Electronic Communications Archiving & Compliance for - Social - IM – SMS – Audio/Voice - Web Undisputed leader in.
Module 9 Configuring Messaging Policy and Compliance.

Module 9 Configuring Messaging Policy and Compliance.
Presentation Path  Introduction to Ved Consultancy and OpenText  Current Challenges  The Valued Customers and Sectors  Our Solutions  Demo. Together,

Presentation Path  Introduction to Ved Consultancy and OpenText  Current Challenges  The Valued Customers and Sectors  Our Solutions  Demo. Together,
Archiving emails. How to Manage Auto-Archive in Outlook 2014-15 Your Microsoft Outlook mailbox grows as you create and receive items. To manage the space.

Archiving s. How to Manage Auto-Archive in Outlook Your Microsoft Outlook mailbox grows as you create and receive items. To manage the space.
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.
FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Module 7 Planning and Deploying Messaging Compliance.

Module 7 Planning and Deploying Messaging Compliance.
Powered by the Microsoft Azure Platform, Truck Tin Helps Your Sales Consultants Improve Efficiency, Information Sharing, Client Relations MICROSOFT AZURE.

Powered by the Microsoft Azure Platform, Truck Tin Helps Your Sales Consultants Improve Efficiency, Information Sharing, Client Relations MICROSOFT AZURE.
INTRODUCTION  netCORE offers 360 degree digital communication solutions Messaging and Mobility  Pioneers in Linux based mailing solution and catering.

INTRODUCTION  netCORE offers 360 degree digital communication solutions Messaging and Mobility  Pioneers in Linux based mailing solution and catering.
222 About RPost Leader in security since 2000 Endorsed by more than 20 major bar/law associations Used by U.S. Government Used by insurance carriers.

222 About RPost Leader in security since 2000 Endorsed by more than 20 major bar/law associations Used by U.S. Government Used by insurance carriers.
OFFICE 365 APP BUILDER PROFILE: Druva

OFFICE 365 APP BUILDER PROFILE: Druva
Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda
Cloud Faxing for Law Firms

Cloud Faxing for Law Firms
AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.

AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.

Similar presentations

Ads by Google