Microsoft Exchange server is a popular in-house email system used means of financial firms to manage their communications. It allows replete control over email accounts, sharing of contacts, calendars and men folders. In addition, it is comparatively inexpensive operate, so many companies pick Exchange as opposed to outsourcing their email to a third part-party provider. However, FINRA members grape-juice be aware that, by default, it is not accommodating. So an extra step must have existence taken to ensure specific compliance rules similar as 17a-4 are achieved.
It is material that financial firms understand employees be possible to easily delete current or historical messages away their Exchange server at any time, but also if a firm performs regular backups messages have power to be removed between backup cycles. Also attempting to renew emails from previous backups is hard, even for an experience technician. So, financial firms who use Microsoft Exchange for the reon that their in-house email solution need a method to ensure they are accommodating with today's long-term email archiving and supervisory rules in the same state as 17a-4.
The Forward and Store Method
The most effective method for FINRA firms to ensure full compliance of their in-protect Microsoft Exchange server is with the fore and store method. This is a idiot-proof method to achieve the demands of 17a-4 and makes firm emails are fully protected. It forwards a follow as a pattern of all messages before they space the Exchange server and stores them offsite in a yielding manner.
This means, emails are stored beneficial to seven years, on non-writable face and made readily available to obedience officers for regular supervision or in the occurrence of an audit. But best of quite users are completely unaware of the continuous experiment and prevented from delete message thus firms are assured complete compliance through important data compliance regulation. This is hazardous for on-going supervision or in the event of an audit where regulator question an electronic records request of historical messages.
Supervision and Retrieval of Email
Once entirely emails are being forward to the provider for archiving, it is important for yielding disposition offices to be able to supervise the email archive beneficial to on-going auditing. This is usually carried on through a web based interface. However, various key features are needed:
Flagging of emails: Compliance officers privation to able to prove to auditors that they are viewing emails and have power to add a "supervised" flag to emails.
Lexicon searches: The quickness to perform full lexicon based searches of emails. This instrument any emails with specific words or partial words can be quickly found. It should also include the searching of attachments
On-the-cause to Key word flagging: it is material that messages can be flagged based adhering a list of keys word in ctinuance-the-fly, this means as emails liquefy through the archive are immediately flagged despite non-compliant key words and the compliancy officers is alerted
Download historical messages in a format required through FINRA: Historical emails message need to be search and downloadable in.eml format toward regulators. This is an important bearing of rule 17a-4 and FINRA be pleased ask for this during an electronic records beseech
Spam and Virus Filtering: To subdue the amount of emails and answer for supervision easier, spam and virus filtering should have existence included in the archiving service to bring to poverty amount of emails to view and supervise
Email encryption: This should have existence part of the service to give permission to secure encrypted message
Failover: If the interior Exchange server goes down users should be able to access emails and remain to send and receive messages from a dissimilar location
Summary:
Financial firms who are using an internal Microsoft Exchange server for their email distress to be aware that it is not accommodating. And an extra step must have ing taken to ensure they meet the requirements of law 17a-4. The forward and lay in method is the best way to make secure they properly archive and supervise emails. In etc, they need to be certain they be able to properly access their email archive on this account that on-going auditing.
