Which Electronic Tools Are a Must for Banks to Maintain Regulatory Compliance with the SEC and FINRA in a Paperless World?
by Annemaria Duran
With the increased use of technology, many financial institutions are turning to paperless software as a solution for maintaining regulatory compliance standards with internal documents. However, if a bank chooses the wrong solution, the cost can be catastrophic. Regulatory fines related to non-compliance with FINRA totaled over $60 million in 2013 alone. Additional millions were levied for other compliance requirements such as SEC requirements.
What Are the Tools Needed to Effectively Maintain Compliance?
- A Secure Database: Encryption is a must for both SEC and FINRA compliance. Some document management software (DMS) requires external encryption protocols to maintain security. Good DMS will have built-in encryption, preferably no lower than 128-bit, with some as high as 256-bit encryption. These DMS systems will not allow for ‘back door’ review of documents and will require that each individual user sign into the software with individual logins and passwords.
- Automated Retention: It is a requirement to follow FINRA compliance, and it is preferable that you maintain your sanity (especially during tax season). Depending on the specific verticals of the documents, various policies must be observed. All investment applications, marketing materials, and related documents must be locked down from deletion and editing permanently. The SEC requires that all account, investment purchase, and insurance applications, be maintained at least through the duration of the purchase period or account life. Yet, other materials have specific shredding or purging deadlines. A good DMS will allow the financial institution to automate the requirements based on the department and verticals of the documents.
- Role Based Security: Tellers should not have access to mortgage documents or investment account information. Likewise, according to both FINRA and SEC regulations, non-licensed employees should not have free reign of investment or insurance solutions provided to customers. The ability to lock down the documents to users based on job function and individual need-to-know basis is critical to ensuring that private information remains private, even from a rogue employee.
- Audit Trails: Audit trails allow for tracking every action taken in the filing cabinet and should only be available to top-level administrators. This allows for overview and control of the documents and random verification that employees are utilizing the cabinet according to internal policy. Audit trails should be undeletable and unalterable.
- Backup: Backing up the database protects documents from loss in the case of system and server failure. This requirement refers to the permanent retention of certain documents and required by SEC guidelines. If your institution experiences a system failure, inadequate backup can put you in violation of FINRA and SEC rules. Although systematic backup of all bank systems is recommended, additional backup of documents is also recommended. Strong DMS providers will provide a backup solution as part of an overall document management package.
- Client Portal: Much safer than email, a client portal allows for secure sharing of documents with clients and vendors through a Cloud solution. The clients log into the portal with an individual username and password.
Fortunately, one solution continues to offer these needed tools in a complete package. eFileCabinet Professional Package includes all of the above tools to maintain compliance at an affordable price. The Enterprise Package includes additional tools for large organizations that allow for seamless transitions including active directory, open API, and single login.
- A Secure Database: eFileCabinet encrypts data both at rest and in transit at 256-bit encryption. This ensures that only your authorized users have access to your database. If you choose our Cloud-based services, you will have the added comfort of knowing that your data is as safe as is commercially available and you have the full convenience of anywhere access.
- Automated Retention: is a must for compliance, but it doesn’t have to be difficult. Through eFileCabinet, adding retention is as easy as two clicks. Managing retention is automated and you have the capability to protect your documents from deleting and editing. Retention can be placed on individual documents or pushed down for entire sections of your cabinet and it still takes only seconds to implement. You have enough to do and don’t need to spend hours managing your document’s retention timelines.
- Role Based Security: Through eFileCabinet, you have the power to limit viewing access for specific items to specific individuals. Additionally, by creating groups, eFileCabinet makes adding new users and the relative permissions as simple as choosing the group of the user: HR, Teller, Investment Rep., Manager, Auditor, Etc. Keeping your documents safe from curious employees has never been easier or faster.
- Audit Trails: In eFileCabinet, audit trails can be viewed only by administrators and top-level users and are accessed through an “audit trail” button at the top of the Admin tab. Your high-level managers won’t need extra training or assistance to view what their employees are doing inside of the filing cabinet. But if they do, full training and live technical support are available as part of your package.
- Backup: eFileCabinet backups are done in triplicate. All of eFileCabinet’s backups and data centers are maintained in the United States of America and are located in different physical locations. This ensures that a natural disaster in one part of the country will not affect your data. Plus, any catastrophe that occurs in your office or city will not put your business out of operation while you attempt to recover data. We can immediately reinstate your data to your server if you have a desktop-based solution, or you can immediately access your data with any internet connection through our Cloud-based solution. There will be no temporary shut-downs for your institution.
- Client Portal: eFileCabinet’s client portal, SecureDrawer, continues to encrypt data at 256-bit encryption, allowing you to manage which individuals have access to the documents you are sharing, and allowing you to limit their permissions. Further, you can attach notes, set auto expirations of the documents, and receive documents from your customers and other outside vendors.
Do you want to see how easy and simple this complex system is to use? Fill out your information to schedule a 15-minute demo and get any additional questions answered.