Extract from Jim Gill’s article “Financial Data Compliance and Enterprise Information Archiving”
When it comes to making sure financial data is safe and meets compliance regulations, understanding the different regulatory bodies and how they affect your organization is a vital first step.
Two of the most common financial regulatory bodies are FINRA and SOX (both of which fall under the purview of the SEC). Let’s take a look at some of the compliance guidelines for each of them.
FINRA
The Financial Industry Regulatory Authority (FINRA) is a non-profit self-regulatory organization covering the securities industry and the New York Stock Exchange, and is overseen by the Securities Exchange Commission (SEC), and its objective is to monitor and regulate stockbrokers and brokerage firms, deter misconduct, and ensure fair financial markets.
One of the many aspects of FINRA compliance is regarding Electronic Storage Media (ESM). Under FINRA rules, the selected ESM must:
- Preserve records exclusively in a non-rewriteable, non-erasable format
- Automatically verify the quality and accuracy of the storage media recording process
- Serialize the original and, if applicable, duplicate units of the storage media and also time-dates for the required retention period the information stored on it
- Have the capacity to readily download stored records and indexes
- Include an audit system identifying when original and duplicate records are input, when any changes to existing records are made, and must retain the audit results for examination by SEC staff.