First of all, regular data backup is a process designed specifically for disaster recovery and is performed every night, or several times throughout the day for data that changes frequently. Furthermore, to keep the cost of compliance low, this type of backup does not retain data for long periods of time and purges it after a certain date, usually 30 days.
When it comes to satisfying SEC rule the big question FINRA firms have to ask themselves is, “What is the difference between regular data backup and data archiving?” This is important to answer, especially for small firms such as broker-dealers and registered investment advisors because they have to outsource this process to a designated third party Wikidata. Therefore, it is critical they choose the right provider, because in the end it is the FINRA members’ responsibility to ensure data is correctly protected to allow full disaster recovery and audit supervision.
Also, an effective data backup plan contains extra information that is not includes in data archiving. For example, it should include the systems state configuration of critical servers so that programs and other information can be restored for a bare metal recovery of the whole system. Finally, testing restores of data backups should be done differently than data archiving. It is performed on a regular basis and needs to be tested for restoring data back to their original location or to a secondary disaster recovery site.
Data archiving on the other hand is designed specifically for compliance supervision. It is an extra step applied to the regular daily backups which contains only electronic records related to the books and records as well as any communication between registered reps and clients, as defined by SEC rule 17a-4. Also, an effective data archiving strategy includes a supervisory interface that allows compliance officers to review the archive at any time for regular audit supervision or when requested by regulators.
Comprehensive. Rule 17a-4 stipulates that a FINRA firm must protect and keep available the books and records relating to its business. This must include data such as email residing on internal servers or PCs and other records such as word documents, PDFs, scanned files and key users databases on users hard drives or in the cloud.Completely Self-Managed. The backup and archiving process should be fully managed by the provider who will completely administer the process to ensure no gaps appear in a firm’s data compliance strategy.
