The Financial Industry Regulatory Authority (FINRA) is the largest independent regulator for securities firms doing business in the United States. FINRA’s purpose is to protect American investors by making sure the securities industry operates fairly and honestly. FINRA has regulatory oversight over all securities firms that do business with the public.

We’ve compiled a short-list of the various requirements mandated by FINRA concerning record requirements. For a full description of each requirement, please visit FINRA’s web site or click on this link to see the entire record-keeping checklist:

Memoranda of Brokerage Orders and Dealer Transactions

Record Retention: Three (3) years, the first two years in an easily accessible place.

Associated Person Location and Identification Number Records

Record Retention: Three (3) years after the associated person has terminated employment and all other connections with the firm.

Associated Person Compensation Records

Record Retention: Three (3) years, the first two years in an easily accessible place.

Associated Person Complaint Records

Record Retention: Three (3) years, the first two years in an easily accessible place.

Customer Account Records

Record Retention: Six (6) years after the closing of the account or the date on which the information was replaced or updated, whichever is earlier.

Filetwin Commentary: It’s important to note here that it states “after the closing of the account”. If a customer remains a customer for five years, then the Broker would be required to hold that record for the five years that the customer was a customer and then six (6) years thereafter. In effect, that record would have a retention lifespan of eleven years.

Communications Supervision Records

Record Retention: Three (3) years, the first two years in an easily accessible place.

Contact Person Records

Record Retention: Six (6) years, the first two years in an easily accessible place.

Responsible Principal Records

Record Retention: Six (6) years, the first two years in an easily accessible place.

Office Records

Record Retention: For the most recent two (2) year period.

Communications with the Public

Record Retention: Three (3) years, the first two years in an easily accessible place.

Organizational Documents

Record Retention: Life of the enterprise and of any successor enterprise.

Filetwin Commentary: If certain documents need to be retained for an indefinite period of time, it only seems prudent to maintain a retention that stores all digital records indefinitely. In the digital world, the cost of storage is dropping so holding larger amounts of records is becoming more cost efficient.

Special Reports

Record Retention: Three (3) years after the date of the report.

Compliance, Supervisory & Procedures Manuals

Record Retention: Three (3) years after the termination of use of manual.

Exception Reports

Record Retention: Eighteen (18) months after the date the report was generated.

As you can see, certain documents require different retention policies. The longest period being six years – with the exception of the Organization documents. It’s our belief that Brokers should set their overall retention period for six (6) years. With Filetwin software, specific files can have specific retention periods set so you could create rules to match the above requirements, however, the SEC even recommends that files should be retained indefinitely. If you’d like to continue this conversation with one of our U.S. based Backup Specialists, please feel free to contact us 1 877 310-2884.

Copyright secured by Digiprove © 2011

Often, we find people are familiar with “technology terms” they’ve heard in discussion or perhaps they’ve read about it or maybe they even have exposure to some complex technology at work. Yet, when it comes down to fully understanding the nitty gritty about that technology, they often admit that theirs is but a working knowledge of that technology. We think that’s fair enough because everyone has been in that situation before – nothing to be ashamed of.

FINRA is requiring that all members use 256-bit AES encryption on their data if they use portable storage devices such as CD, DVD or flash drives. Now, you probably don’t want the scientific description of the 256-bit AES algorithm but if you did, there are plenty of articles all over the Internet that can explain the nuts and bolts.

What we think people want to know is… “Just gimme the high-level overview”, so we will:

In today’s complex world and even more complex communicating environments, the need for protecting information takes on added importance and significance.

The NSA, which is our government’s National Security Agency, conducted a review and analysis of AES encryption to satisfy Information Assurance (IA) requirements associated with the protection of national security information. Their findings were…

The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths.

So basically FINRA is mandating that their members use encryption that at one time was the same encryption applied to TOP SECRET documents. No doubt NSA has upgraded their encryption standards as available facts about security over the Internet have been well established and data protection has only improved over the years. Still, it’s good to know that FINRA is setting a standard for protecting customer records and suggesting a responsible level of encryption.

Imagine this, line up 256 numbers in a row…

123456781234567812345678123456781234567812345678

123456781234567812345678123456781234567812345678

123456781234567812345678123456781234567812345678

123456781234567812345678123456781234567812345678

123456781234567812345678123456781234567812345678

1234567812345678

Now that you see 256 numbers in a row, imagine all the different variations it would take to “unlock the combination”.

To put it simply, decrypting 256-bit encryption becomes a formidable task and therefore less probable.

At Filetwin, we’ve been using 256-bit encryption levels which are computationally unfeasible to crack. Our security architecture was specifically designed to provide corporate customers with the ability to trasmit mission-critical data over the Internet while also providing them with the necessary assurance that no one could decrypt their data.

  Copyright secured by Digiprove © 2010

If you found this blog, it’s probably because you’re in New York looking for backup services. It doesn’t matter if you’re a securities broker-dealer or a real estate broker, the laws state that you must retain your data for extended periods of time – anywhere from 5-7 years. But you already know that, so let’s talk about what you need to look for when evaluating a vendor:

1. You should look for a vendor who is out-of-state. With the need arising for pandemic business continuity planning, out-of-state storage is a good idea.

2. You should be able to access your data online and from anywhere in the world.

3. You should be able to call and speak directly with someone in the United States for technical support.

4. The vendor’s software should have version control so if you save a file you made changes to under the same file name, the backup software should be retaining the different versions.

5.The vendor should be willing to file the 3rd Party Notification Letter to the SEC.

6.The vendor should have a REALLY LONG RETENTION period should a file be deleted unknowingly. Some vendors remove deleted files off of their servers after 30 days. This means that if you mistakenly delete a file and needed it 60 days later, some vendors can’t help you satisfy the intent of the laws and regulations if they are erasing deleted files after 30 days.

CAUTION: Many vendors DO NOT talk upfront about this issue and when you need that deleted file – well that’s when you learn about this ridiculous policy. At Filetwin, we think you’d have to wonder about companies that aren’t upfront about these retention policies or put them in the fine print.

7. The software should satisfy the WRITE ONCE; READ MANY (W.O.R.M.) requirement.

8. Files should be available immediately when you need them. (The S.E.C. often uses the word “promptly” to describe the manner and time line that records should be produced during an audit)

9. Remember, if a service seems really inexpensive, there’s probably a catch somewhere – either the customer service stinks, the retention policy is minimal, or to speak with someone for “live support”, you’ll have to “online chat” with a representative. Lastly, the really cheap vendor’s pricing can come with so many added charges to achieve the solution you really NEED the product for.

10. Lastly, if you call a company to ask questions about their product or service, did they answer the telephone, was their web site professional, do they have a Facebook following and are they willing to spend the time to understand your business and cater their product and service to meet your business needs.

We believe our company can fulfill all of these criteria for your business, brokerage or practice. Contact us at 1-877-310-8224 if you’d like to speak with one of our knowledgeable Backup Advisors.